Management system guidance

4.0 Context of the Organization

ISO Navigator Pro™ is a free tool that provides practical, expert guidance for businesses wishing to interpret and better implement the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018.

Our range of templates cover the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018, and offer an easy way to implement your next management system.

4.1 Understanding your organization and its context

Start |

Required inputs Activities Expected outputs ISO 9000:2015 QMP
       
       
       

Determining the context of your organization

Organizational context

Determining organizational context is a requirement new to ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018 that helps to underpin your organization’s policies and to provide a road map to achieve future goals.

Also known as contextual intelligence, this approach is not new to those familiar with business planning and strategic development, but it is new in terms of its specific inclusion into ISO management system standards.

Your organization is now required to identify and assess all internal issues and external issues that could impact upon your management system’s ability to deliver its intended results. You can read more about the different types of internal and external issues below.

We suggest that you use the context analysis template to help determine internal and external issues, relevant to your organization's strategic direction, that may affect its ability to achieve the intended result(s) of its management system.

If you need a procedure and forms to help determine and document your organization's context, click here.

You should develop an understanding of the key internal and external issues that influence your business, and to set up processes to capture, monitor and review these issues. The following types of documents and tools often help to provide a source of contextual information:

  1. Policy statement(s) regarding your organization's purpose and strategic direction;
  2. Individual strategy documents underpinning your organization's policies that provide a road map to achieve its goals;
  3. Records of meetings where context is routinely discussed and monitored;
  4. Structured risk assessments of external and internal issues;
  5. Use of PESTLE template (Political, Economic, Social, Technological, Legal, Environmental) analysis tools for external issues;
  6. Use of SWOT template (Strengths, Weaknesses, Opportunities, Threats) analysis tools for internal issues;
  7. Documented information describing organizational context, included as part of a quality manual.

A review of organizational context could include interviews with senior management, questionnaires, surveys and research. Cross-functional input is essential for the specific expertise required to identify the full breadth of issues, such as finance, training, human resources, commercial, engineering and design, etc.

Not only will this ensure a broader appreciation of organizational context but also wider engagement, particularly with those functions not previously involved with the management system.

You will need to determine and understand the various quality, safety and environmental conditions that could become inputs to internal and external issues, which are typically experienced in your type of organization that can have positive or negative impacts. It is important to remember that Clause 4.1 'Understanding the Organization and its Context' interacts with the following clauses:

  1. Clause 4.3 - 'When determining the scope, the organization shall consider the external and internal issues referred to in 4.1';
  2. Clause 5.1.1 - 'Top management shall ensure that the quality, environmental or health & safety policies and objectives are established for the management system and are compatible with the organization’s strategic direction and its context';
  3. Clause 5.2.1a - 'Top management shall establish, review and maintain its quality, environmental or health and safety policies appropriate to the purpose and context of the organization';
  4. Clause 6.1.1 - 'When planning the management system, the organization shall consider issues referred to in 4.1 and determine risks and opportunities that need to be addressed';
  5. Clause 9.3.1 - 'The management review shall be planned and carried out taking into consideration changes in external and internal issues relevant to its management system that includes its strategic direction'.

There should be no need to have separate a contextual description for each environmental, health and safety or quality management system. In theory; a single, integrated, contextual statement that suits the requirements of each management system since there would be a degree of overlap between the context of a OHSMS, a QMS or an EMS.

In practice however, the needs and expectations; and the types of interested party will likely have some degree of overlap too, as well as, subtle but important differences which would require clear definition. You should consider the focus of your QMS as being different to the focus of your EMS, or your OHS management system; your organizational context must reflect that.

Identifying and analysing internal issues

To help understand your business's internal issues, at the micro-level, you need to understand its strengths and weaknesses and be able to identify relevant opportunities and threats. Undertake a SWOT analysis to review and evaluate current business strategies, the position and direction of your organization, business propositions and other commercial leads.

The SWOT analysis should be developed in such a way that the weaknesses and threats become inputs to determining risk and opportunity. Internal issues might typically be influenced the following:

  1. Organizational activities;
  2. Types of product and service;
  3. Strategic direction;
  4. Capabilities (people, knowledge, processes, systems);
  5. Working practices;
  6. Employment practices;
  7. Location and conditions;
  8. Worker knowledge;
  9. Organizational structure;
  10. Policy and objectives;
  11. Values;
  12. Strategy;
  13. Competence;
  14. Culture;
  15. Knowledge;
  16. Performance;
  17. Quality, safety and environmental conditions capable of affecting or being affected by your organization.

Sources of information relating to internal issues might include:

  1. Organizational structure, including the identification of roles and responsibilities and governance arrangements;
  2. External reports showing how well your business is performing;
  3. Statements relating to your organization's mission, vision and core values;
  4. Emphasis placed upon business ethics and organizational codes of conduct;
  5. Feedback obtained from employees through opinion surveys;
  6. Information management systems and processes for capturing and deploying knowledge and lessons learned;
  7. Organizational capability studies, identification of load/capacity and resource requirements to achieve demand;
  8. Register of identified internal risks and their treatment.

The ISO standards do not specify that internal issues, or their monitoring and review be documented, so there might not be ‘lists of internal issues’ or records of reviews. However, information can be obtained via interviews with relevant Top management in relation to your organization’s context and its strategic direction, the identified issues and conditions, and how these may affect the intended outcomes of your management system.

Identifying and analysing external issues

External issues might include political, financial or economic trends, customer demographics or emerging product developments. You should undertake a PESTLE analysis in order to establish a suitable understanding of these circumstances, and the market in which your business operates at the macro level.

PESTLE analysis provides a framework for measuring market and growth potential according to external political, economic, social, technological, legal and environmental factors. External issues might typically be influenced the following:

  1. Cultural, social, political and regulatory;
  2. Innovation, technology, industry requirements, market requirements, suppliers and partners;
  3. Financial, economic, natural and competitive issues, whether international, national, regional or local;
  4. Quality, safety and environmental conditions capable of affecting or being affected by your organization.

Sources of information relating to external issues might include:

  1. Reports relating to market environment, economic conditions, new technology, new markets, customer expectations;
  2. Reports relating to supplier intelligence, political considerations, investment opportunities, social factors etc.;
  3. Identification of factors relating to changes in legislation and regulation, including environmental and H&S impact;
  4. Feedback relating to product/service performance and lessons learned;
  5. Register of identified external risks and their treatment.

A workshop approach often allows ideas to be shared and provides an effective and efficient way of achieving a valuable outcome. The workshop could simply be a discussion identifying the issues that can be mapped out using Political, Economic, Social, Technological, Legal and Environmental (PESTLE) analysis. This method helps to structure the conversation and will also help to achieve buy-in to what is often seen as a peripheral or niche area.

To be compliant, evidence should be reviewed that proves that your business has identified all pertinent internal and external issues at periodic intervals. Although there is no requirement for any documented information to defining organizational context, it is helpful to retain the following types of documented information to help justify compliance:

  1. Business plans and strategy reviews;
  2. Quality manual
  3. Competitor analysis;
  4. Economic reports from business sectors or consultant’s reports;
  5. SWOT template analysis output;
  6. PESTLE template analysis output;
  7. Risk and opportunity assessments;
  8. Statement contained within a Management System Manual;
  9. Minutes of management review meetings (that show decisions and actions relating organizational context);
  10. Process maps, tables, spreadsheets, mind mapping diagrams.

To assess whether your organization has a high-level, conceptual understanding of its internal and external issues that affect it, either positively or negatively, its ability to achieve the intended outcomes, you should describe the processes used by your organization to identify internal and external issues and make reference to all objective evidence, including examples of these issues.

Start |

More information on PDCA

Planning

Context

ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
4.1 Organizational Context 4.1 Organizational Context 4.1 Organizational Context
4.2 Relevant Interested Parties 4.2 Relevant Interested Parties 4.2 Relevant Interested Parties
4.3 Management System Scope 4.3 Management System Scope 4.3 Management System Scope
4.4 QMS Processes 4.4 EMS Processes 4.4 OH&S Management System

Planning

ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
5.1 Leadership & Commitment 5.1 Leadership & Commitment 5.1 Leadership & Commitment
5.2 Quality Policy 5.2 Environmental Policy 5.2 OH&S Policy
5.3 Roles, Responsibilities & Authorities 5.3 Roles, Responsibilities & Authorities 5.3 Roles, Responsibilities & Authorities
    5.4 Consultation & Participation

Support

ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
6.1 Address Risks & Opportunities 6.1.1 Address Risks & Opportunities 6.1.1 Address Risks & Opportunities
6.2.1 Quality Objectives 6.1.2 Environmental Aspects 6.1.2 Hazard Identifcation
6.2.2 Planning to Achieve Objectives 6.1.3 Compliance Obligations 6.1.3 Legal & Other Requirements
6.3 Planning for Change 6.1.4 Planning Action 6.1.4 Planning Action
  6.2.1 Environmental Objectives 6.2.1 OH&S Objectives
  6.2.2 Planning to Achieve Objectives 6.2.2 Planning to Achieve Objectives 
 

Doing

Support

ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
7.1 Resources 7.1 Resources 7.1 Resources
7.2 Competence 7.2 Competence 7.2 Competence
7.3 Awareness 7.3 Awareness 7.3 Awareness
7.4 Communcation 7.4.1 Communcation - General 7.4.1 Communcation - General
7.5 Documented Information 7.4.2 Internal Communcation 7.4.2 Internal Communcation
  7.4.3 External Communcation 7.4.3 External Communcation
  7.5 Documented Information 7.5 Documented Information

Operations

ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
8.1 Operational Planning & Control 8.1 Operational Planning & Control 8.1.1 General
8.2 Customer Requirements 8.2 Emergency Preparedness 8.1.2 Eliminating Hazards
8.3 Design & Development   8.1.3 Management of Change
8.4 Purchasing   8.1.4 Outsourcing
8.5 Product & Service Provision   8.2 Emergency Preparedness
8.6 Release of Products & Services    
8.7 Nonconforming Outputs     
 

Checking

Monitoring, measurement, analysis and evaluation

ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
9.1 Monitoring & Measurement 9.1.1 Performance Evaluation 9.1.1 Performance Evaluation
9.2 Internal Audit 9.1.2 Evaluation of Compliance 9.1.2 Evaluation of Compliance
9.3 Management Review 9.2 Internal Audit 9.2 Internal Audit
  9.3 Management Review 9.3 Management Review 
 

Acting

Improvement

ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
10.1 Improvement - General 10.1 Improvement - General 10.1 Improvement - General
10.2 Nonconformity & Corrective Action 10.2 Nonconformity & Corrective Action 10.2 Incident, Nonconformity & Corrective Action
10.3 Continual Improvement 10.3 Continual Improvement 10.3 Continual Improvement 
 

Want to know more?

SSL certification

A certificate guarantees the information your internet browser is receiving now originates from the expected domain - https://www.iso9001help.co.uk. It guarantees that when you make a purchase, sensitive data is encrypted and sent to the right place, and not to a malicious third-party.

Free PDCA guidance

ISO Navigator™ is our FREE online training tool that shows you how to apply the principles of PDCA to your operations. We also offer many helpful templates that get you on the road to documenting your management system, please visit the download page.