In my previous blogs I covered:
STEP 4: Context of the Organization
A quick reminder of the 10 Clauses of the HLS – this blog covers Clause 4:
2 Normative References
3 Terms and references
4 Context of the organization
9 Performance evaluation
This Clause introduces some significant changes in both ISO 9001 and ISO 14001, and is split into four sub-clauses defined under the Higher Level Structure (HLS):
4.1: Understanding the organization and its context
4.2: Understanding the needs and expectations of interested parties
4.3: Determining the scope of the management system
4.4: Management System
The main thrust of 4.1 and 4.2 is for the organization to take a higher level overview of the business and consider the key internal and external factors which impact on the quality and/or environmental management system. The Annex A guidance in ISO 14001:2015 puts it very well:
“A.4.1 The intent of 4.1 is to provide a high-level, conceptual understanding of the important issues that can affect, either positively or negatively, the way the organization manages its environmental responsibilities.”
“A.4.2: An organization is expected to gain a general (i.e. high-level, not detailed) understanding of the expressed needs and expectations of those internal and external interested parties that have been determined by the organization to be relevant.”
So the principle here is high-level, conceptual and general.
Clause 4.1 requires the organization to consider a wide range of potential factors which can impact on the management system, in terms of its structure, scope, implementation and operation. The areas for consideration quoted in the Annex A guidance are wide-ranging, including:
Clause 4.2 requires the organization to consider and understand the needs of ‘interested parties’, both internal and external. Previous versions of the draft standards also contained the term ‘stakeholder’, which many organizations will be more familiar with- I believe the terms are synonymous and interchangeable, and there is no need to consider them to be any different. In terms of whom these interested parties are, these could include:
- Non-Governmental Organizations (NGOs)
- Parent organizations
What is clear from both standards is that the consideration of context and interested parties needs to be relevant to the scope and the standard, BUT the assessment needs to be appropriate and proportionate.
What is also clear is that the output from Clause 4.1 and 4.2 is one of the key inputs to the assessment and determination of risks and opportunities required in Clause 6.
The previous versions of the standards indicated that the organization needed to monitor and review the information about issues and interested parties, but this text has now been dropped. ISO 14001:2015 covers the need to have both processes and maintained information around risk management, which also encompasses inputs from 4.1 and 4.2, but ISO 9001:2015 appears to be less clear on this area.
Irrelevant of what the standards state, an organization would benefit significantly from having some form of documented output or record of these exercises to show evidence of how internal and external factors and the views of interested parties have been considered. The next question might be “how do I show that I have considered these issues and interested parties?”
There are various methods and approaches which can be used to capture these inputs. As with any significant revision to standards, hopefully there will be the development of a range of methods and examples for this. Some current examples include:
Internal and External Issues:
- Key economic development which can impact on the organization: your organization is probably acutely aware of what is happening in its markets but it may be undertaken in a very ad-hoc way.
- Technological innovations and developments: this is also an area critical to your business success and is also probably being monitored and discussed at numerous levels.
- Regulatory developments: a whole range of external regulations are being monitored by your organization, if you miss them then it could seriously damage your business, OR if you capture early intelligence on them you could realize better opportunities.
- Political and other instabilities: this one sounds a bit ‘off the page’, but if for example you rely on raw materials from one particular country which experiences major instability your whole business could be jeopardized; or if there are major ethical concerns regarding a source of materials or goods.
- Organizational culture and attitudes: again, there may be some ‘rolling of the eyeballs ‘at this one, but an effective, motivated and happy workforce will give you positive impacts, and many organizations canvas feedback from employees.
Internal and External Parties:
- Stakeholder engagement exercises: already widely used to consult with interested parties and map out concerns and issues. More often utilized by larger organizations engaging with Corporate Social Responsibility initiatives.
- Consultation meetings with neighborhoods and NGOs on environment, planning and development issues : these are often used by major industrial plants with significant HSE risks.
- Meetings and other interactions with regulators; this can encompass for example quality-critical issues on product specifications and conformity, environmental-critical issues with regulators on compliance and developing compliance requirements and standards.
- Employee meetings, consultations and feedback activities: that should be happening already, but maybe this will prompt more efforts to improve an area which has been at risk of ‘lip service’ to existing standards.
- Supplier reviews and relationship management: many organizations are trying to get much more mutual benefit from the supplier-client relationships which are critical to mutual success.
- Client/customer reviews and relationship management: of course this is a fundamental pillar of all standards and a key to success.
It may be that when you reflect on how you capture key issues, and how many interested parties you engage with already you may be pleasantly surprised. It may be that you only engage with a limited number of internal and external parties- which may be OK- but now is the time to start thinking about whether that is enough, and whether you are missing some good opportunities here.
The next logical question might be “how do we record this information?” There will again be many ways in which that could be done- and hopefully some improved and new approaches might emerge as this part of the standards is considered.
Approaches could include:
- Summary information from the range of existing approaches used as listed above (e.g. a brief report).
- Information summarized as part of inputs to risk and opportunity registers (e.g. for ISO 14001 this could be an additional process in the identification of environmental aspects and impacts).
- Recorded in a simple spreadsheet.
- Logged and maintained in a database.
- Captured and recorded through key meetings.
The content in Clause 4 is focused on raising management systems to a higher level and be more central to the way an organization works- this is entirely correct and logical.
In writing this blog and actively thinking about what intended to be achieved with Clause 4.1 and 4.2, I am impressed with the approach taken by the ISO Committee which drafted the Higher Level Structure (HLS). These sub-clauses are asking organizations to think clearly and logically about what can internally and externally affect their management systems, and be in a position to show that this information is being monitored and reviewed. It also requires organizations to elevate the discussions to the highest levels, since capturing the above range of information is hard to achieve without a high level approach.
There are two other sub-clauses under Clause 4:
4.3: Determining the scope of the management system
4.4 Management System
The sub-clause 4.3 on scope of the management system should be familiar to most organizations, since ISO 14001:2004 Clause 4.1 and ISO 9001:2008 Clause 4.2.2 requires the definition of the scope of the management system (in this respect ISO 14001 has always been a bit clearer). With the revisions to 9001 and 14001 the scoping requirements have become clearer, stronger and require the organization to consider the inputs from 4.1 and 4.2, the activities, products and services and also levels of control and influence.
What does that mean? Hopefully it will encourage a clearer and more logical approach to scoping, driven by external and internal requirements and covering key products, services and activities. There are no longer any ‘exclusions’ from the scope of the management system (as in the classic exclusion of design). What the standards state is that the scope should be clearly documented, be publicly available, and also justify where specific requirements of the standards are not applicable.
These clearer requirements on scoping will also hopefully drive clarity in the thinking of organizations in scoping the management system, AND in certification bodies looking at how organization has defined its scope and ensure that this is both appropriate and is reflected accurately by the management system and also in the scope of any certificate issued.
Sub-clause 4.4 on Management System basically states that the organization needs to establish, implement, maintain and continually improve a management system in order to deliver the required products, services and performance required under the scope. This should also be familiar to serious organizations which implement management systems in order to deliver compliance and improvement. Where this sub-clause is more focused is in requiring organizations to understand more about the range of processes relevant to the scope of the management system. What do we mean by process? The term process is defined as: “Set of interrelated or interacting activities which transforms inputs into outputs”.
What does that mean? If you are committed to a management system which is at the core of your business then this will probably be an integral part of your system, although you might need to review how effectively you connect those processes and understand the influence and impact of those processes on each other and the business. As I said above, this should also elevate the system in terms of its importance to the business, and its value to the business, because it should drive more meaningful analysis of the key business processes and critical aspects of those processes. In practical terms it will require an organization to more fully analyse its processes and ensure that there is good understanding of how they interact with each other- and not operate as isolated procedures without overlap.
Clause 4 introduces some significant innovations to the management system world, and could represent a challenge to some organizations who have not viewed the management system as pivotal to the business. There is likely to be plenty of debate between now and the final publication of the new standards, particularly around the approaches to understanding the context of the organization in terms of internal and external issues and interested parties.
Contact us for support: Transition to the ISO 2015 revisions
Do you have questions related to the ISO 9001:2015 & ISO 14001:2015 revisions? Post them in our LinkedIn group , and our auditors Doug Milne and Niall Pembery will get back to you.