ISO 9001:2015 Clause 4 context

of the organization
by Pretesh Biswas, APB Consultant

ISO 9001:2015 Clause 4 Context of the Organization

Definition
As per ISO 9000, the definition of Context of the Organization is “business
environment“, “combination of internal and external factors and conditions that
can have an effect on an organization’s approach to its products, services and
investments and interested Parties“. The note states that this concept of Context
of Organization is equally applicable to Not for profit organization, public service
organization and governmental organization. Also in normal language this
concept is also known as business environment, organizational environment or
ecosystem of an organization.

Introduction:
The implementation of QMS should be the strategic decision of the organization
and is influenced by the context of the organisation and the changes in that
context. The changes in the context can be with respect to its specific
objectives, the risks associated with its context and objectives, the needs and
expectations of its customers and other relevant interested parties, the products
and services it provides, the complexity of processes it employs and their
interactions, the competence of persons within or working on behalf of the
organization and its size and organizational structure.The context of an
organization will include internal factors such as organizational culture, and
external factors such as the socio-economic conditions under which it
operates.The scope of ISO DIS 9001:2015 states that organization needs
to demonstrate its ability to consistently provide products and services that meet
customer and applicable statutory and regulatory requirements and aims to
enhance customer satisfaction.

Any interested party which is not relevant to the quality management system need
not be considered and similarly any requirement of the interested party not
relevant to the quality management system need not be considered. Determining
what is relevant or not relevant is dependent on whether or not it has an impact
on the organization’s ability to consistently provide products and services that
meet customer and applicable statutory and regulatory requirements or
the organization’s aim to enhance customer satisfaction. The organization can
decide to determine additional needs and expectations that will meet its quality
objectives. However, it is at the organization’s discretion whether or not to accept
additional requirements to satisfy interested parties beyond what is required by
this Standard.
There are a new clause relating to the context of the
organization,

Clause 4 Context of the organization

This clauses require the organization to determine the issues and requirements
that can impact on the planning of the quality management system.Interested
parties cannot go beyond the scope of ISO 9001.There is no requirement to go
beyond interested parties that are relevant to the quality management
system.Consider impact on the organization’s ability to consistently provide
products and services that meet customer and applicable statutory and regulatory
requirements or the organization’s aim to enhance customer
satisfaction.Organizations can go beyond the minimum requirements to
determine additional needs and expectations for interested parties that would not
be “relevant” at the discretion of organization and should be clear in quality
management system. The “Context of Organization” clause has four sub clauses
ie

 Clause 4.1 Understanding the Organization and its context

 Clause 4.2 Understanding the needs and expectations of interested
parties
 Clause 4.3 Determining the scope of the quality management system
 Clause 4.4 Quality management system and its processes

Clause 4.1 Understanding the Organization and its context

The organization should determine external and internal issues for the
organization relevant to its purpose, strategic planning and which affect the
organization’s ability to achieve its objectives . The Organization should
monitor and review the information about external and internal issues. The
organization must consider issues related to values, culture knowledge
and performance of the organization for understanding of internal
issues. The organization must consider issues related to arising from
legal, technological, competitive, market, cultural, social, and economic
environments, whether international, national, regional or local for
understanding of external context. For considering internal context as well
as external factors both positive as well as negative factors must be
considered.

An organization’s context involves its “operating environment.” The context must

be determined both within the organization and external to the organization. It is
important to understand the unique context of an organization before starting the
strategic planning.To establish the context means to define the external and
internal factors that the organizations must consider when they manage risks. An
organization’s external context includes its outside stakeholders, its local
operating environment, as well as any external factors that influence the selection
of its objectives (goals and targets) or its ability to meet its goals. An
organization’s internal context includes its interested parties, its approach to
governance, its contractual relationships with its customers, and its capabilities
and culture.An organization’s internal context is the internal environment within
which the organization seeks to achieve its sustainability goals. The internal
context may include,

 Product and service offerings

 Governance, organizational structure, roles, and accountability
 Regulatory requirements
 Policies and goals, and the strategies that are in place to achieve them,
 Assets (e.g., facilities, property, equipment and technology)
 Capabilities, understood in terms of resources and knowledge (e.g., capital,
time, people, processes, systems, and technologies)
 Information systems, information flows, and decision-making processes
(both formal and informal)
 Relationships of the staff/volunteers/members and the perceptions and
values of their internal stakeholders including suppliers and partners
 Organization’s culture
 Standards, guidelines, and models adopted by the organization and
 Form and extent of the organization’s contractual relationships.

Internal context can also be defined as anything within the organization that may
influence the way in which the organization manages its internal risks. Once
the internal context is understood, one can conduct the macro-environmental
external analysis using “PEST” (political, economic, social and technological)
analysis.This analysis determines which factors are can influence how the
organization operates. The organization cannot control these factors, but they
must seek to adapt to them. The PEST factors can be classified as opportunities
and threats in a SWOT (strengths, weaknesses, opportunities and threats)
analysis. Alternatively, some organizations might use Porter’s “Five Forces
Model.” These methods are used to review a strategy or position or direction of
an organization. Completing a pest analysis is simple and helps the individuals
involved in the organization to understand and find ways to deal with the context.

Political Factors Economic Factors

Ecological/Environmental Issues National economies and trends

Current legislation General taxation issues

Anticipated future legislation Taxation to activities, products, services

International legislation (global influences) Seasonality or other weather issues

Regulatory bodies and processes Market and trade cycles

Government policies, terms and change Specific sector factors

Funding, grants, and initiatives Customer/end-user drivers

Market lobbying groups Interest and exchange rates

Wars and conflicts International trade and monetary issues

Social Factors Technology Factors

Lifestyle trends Competing technology development

Demographics Associated/Dependent technologies

Consumer attitudes and opinions Replacement technology/Solutions

Media views Maturity of Technology

Law changes affecting social behaviors Information and communications

Image of the organization Consumer buying mechanisms

Consumer buying patterns Technology legislation

Fashion and role models Innovation potential

Major events and influences Technology access, licensing, patents

Buying access and trends Intellectual property issues

Ethnic/Religious factors Global communication

Advertising and publicity Social media use

Ethical issues Maturity of organization’s products/ services

Example of PEST Analysis

 Example Porter’s “Five Forces Model.”

Although organizations cannot control macro-environment factors they need to

manage them to their advantage. They also need to protect themselves from
PEST factors which may increase operational costs or affect their reputation. The
external context’s micro-environment consists of the organization’s immediate
operations and how they affect its performance and decision-making. These
factors have a direct impact on the success of the organization. It is important to
have a full analysis of the micor-environment before moving to strategy
development. Here are some of the micro-environmental context factors.

 Customers:
Organizations must attract and retain customers by offering products
services that meet their needs along with providing excellent customer
service
 Employees:
There must be availability of people with the motivation to remain as
contributing members of the organization and develop the skills necessary
to provide a competitive edge
 Suppliers:
Suppliers provide organizations with the resources they need to carry out
their activities. If a supplier provides bad service, this affects the way the
organization operates. Close supplier relationships are an effective way to
remain competitive and secure the resources needed
 Investors:
All organizations require investment to grow. They may borrow the money
 from a bank or have people invest in their work. Relationships with investors
need to be managed carefully as problems can detrimentally affect the long-
term success of the organization
 Media:
Positive media attention can bring success to the organization by
maintaining its reputational strength. Managing the media (including the
presence in social media) is a challenge.
 Competitors:

Members of the organization need to have a sense of belonging. Can the

organization offer benefits that are better than those offered by the
competitors? Is there a strong value proposition? Competitor analysis and
monitoring is crucial if an organization is to maintain or improve its position
in the competitive landscape of the community. The organization must
always be aware of its competitor’s activities. The landscape can change
quickly.

As in the case of the macro-environmental context, the organization cannot

always control its micro-environment factors. But they must be carefully managed
together and with the internal context understanding. Both internal and external
context can have influence over the organization. Customer pressures and
complaints can force organizations to change various policies such as product
returns and customer and technical support. Technological changes can provide
new and more effective ways to handle communications, operations, shipping
and logistics. Cultural and religious differences may hinder product or service
entry into certain countries. Government’s regulatory and trade policies can play
a significant role in determining how businesses operate, especially in regard to
international trade, taxation, and regulations. The media, including social media,
can have a huge impact on a company’s image and public relations. A bad news
video or news report can go viral pretty fast, and if your organization doesn’t
provide an acceptable response, the negative publicity and effects can last a long
time. Sociological forces often drive what, where and how consumers buy product
and services. There is an increasing trend in the number of consumers
purchasing products online and reading reviews before making a purchase. The
multinational and multicultural trend in workforce composition can cause
significant changes in hiring and retention of competent human resources. If the
response to these situations is unplanned, weak or untimely, it might have a
dramatic impact on the future of the business – loss of customers, serious
production interruption or disruption, permanent loss of organizational
knowledge, even loss or bankruptcy of the business. Contextual issues can have
a positive impact, as it may present opportunities such as new, improved or
increased availability of previously scarce resources, opening up of or access to
new markets, availability of new technologies leading to reduced costs, improved
product quality, services and operational efficiency. Many of these contextual
issues can be viewed as variables some changing faster, others slower,
depending on whether the organization is fast paced and leading edge or in a
stable or mature industry. Therefore variability in these issues depicts uncertainty
about their future behaviour. Such uncertainty can be quite diverse, complex and
at times highly unpredictable. This presents a dilemma to organizations in terms
of tracking and adapting to changes in these issues. This uncertainty introduces
the need for understanding and use of risk evaluation, mitigation and
management. Thus each organizational contextual issue will have its own
specific set of uncertainties with different levels of complexity and risk and the
need for specific controls to mitigate or eliminate the risk.
Example internal issues could include, but are not limited to:

 Structure of the organization — limited flexibility when dealing with

varying demands
 Roles within the organization — Rigid, personnel willing to adopt to
demands?
 Availability of reliable qualified and competent work force — very
good (positive)
 Stability of workforce – Wage benchmarking is not consistent with
competitors
 Staff retention — very high (positive)
 Impact of unionization – Uncordial
 Staff competency levels– high(positive)
 Contractual arrangements with customer-beneficial
 Payment terms from customers-high credit
 Solvency of customers -etc
 Expansion of customer base-etc
 Overall strength of business to support funding needs -etc
 Relationship with investors . -etc
 Credit terms available .-etc
 Service level agreements with customers -etc
 Culture within the organization -etc

Example external issues could include, but are not limited to:

 Political, economic, social, technological, legal and regulatory — Laws

changing ,affecting product conformity, minimum wage changing, evolutions
in more efficient machinery affecting price
 Operating Permits becoming tighter on emission levels — technology
demands
 Overall economic performance in the country — above EU norm
(positive)
 Competitive environment — overall low-cost of entry in to the market
 Economic plans for future -etc
 The nature and impact of economy on market -etc
 Customer demographic -etc
 General levels of consumer confidence -etc
 Customer expectation -etc
 Standardization and certification within the industry -etc
 Regulation within the industry generally -etc
 Trade associations and lobbying powers -etc
 Impact on neighbors. -etc

Clause 4.2 Understanding the needs and expectations of

interested parties
The organization shall determine relevant interested parties and relevant
requirements of relevant interested parties. Relevant interested parties to
be considered are those that could affect or potentially affect the
organization’s ability to constantly provide products and services that meet
customer and applicable statutory and regulatory requirements. Monitor
and review information related to interested parties and relevant
requirements.

Firstly, the organization will need to determine external and internal issues that
are relevant to its purpose, i.e. what are the relevant issues, both inside and out,
that have an impact on what the organization does, that would affect its ability to
achieve the intended outcome(s) of its management system. It should be noted
that the term ‘issue’ covers not only problems, which would have been the subject
of preventive action in previous standards, but also important topics for the
management system to address, such as any market assurance and governance
goals that the organization might set for its management system. Next the
organization has to determine relevant interested parties and relevant
requirements of relevant interested parties.

An interested party is a person or organization that can affect, be affected by, or

perceive themselves to be affected by a decision or activity that’s within the scope
of the management system. There will be those external interested parties that
impose specific legal, regulatory or contractual requirements in an organization.
There may also be requirements specified by internal interested parties, for
example management and staff (permanent and temporary). Typically these
would include:

 Shareholders
 Owners
 Management
 Employees
 Trade unions
 Suppliers
 Partners
 Client
 Government agencies
 Media
 Society
 any other person or organization interested in the organization

There is no requirement in this International Standard for the organization to

consider interested parties which have been determined by the organization not
to be relevant to its quality management system. Similarly, there is no
requirement to address a particular requirement of a relevant interested party if
the organization considers that the requirement is not relevant. Determining what
is relevant or not relevant is dependent on whether or not it has an impact on the
organization’s ability to consistently provide products and services that meet
customer and applicable statutory and regulatory requirements or
the organization’s aim to enhance customer satisfaction. The organization can
decide to determine additional needs and expectations that will assist it to meet
its quality objectives. However, it is at the organization’s discretion whether or
not to accept additional requirements to satisfy interested parties beyond what is
required by this International Standard.

INTERESTED PARTIES REQUIREMENTS

Good financial performance, legal

Executive Board
compliance/avoidance of fines

No complaints relating to : noise, parking, health and

Local residents
safety, pollution, waste, employment

Identification of applicable statutory and regulatory

requirements for the products and services provided,
Law enforcers/ Regulators
understanding of the requirements, application within
the QMS, and update/ maintenance of them

Value for money, high quality, expectations for

design innovation, on time, low-cost, quick response,
Customers
installation expertise, health and
safety/EMS

Bank/Finance Good financial performance

Professional development, prompt payment health

Employees
and safety, work/ life balance, employment security

Insurers No claims/prompt payment/risk management

External providers Prompt payment, health and safety, work relationship

Trade Unions Compliance (employment law)

One tool which can be used for determining the relevant requirement of relevant
interested parties is Stakeholder analysis

Example of Stakeholder analysis

Clause 4.3 Determining the scope of the quality

management system
The organization must establish scope of the quality management system
by determining the boundaries and applicability of the quality management
system. While determining the scope the organization must consider the
internal and external issues determined in 4.1.,the requirements of relevant
interested parties in 4.2. and the products and services of the
organization. Requirements from this International standards that can be
applied by the organization shall be applied within the scope of the
QMS. Requirements from this International standards that cannot be
applied by the organization and which does not affect the organization’s
ability or responsibility to provide product and services that meet the
conformity of its product and services and enhancement of the customer
satisfaction. The organization must make available the scope and must
maintain scope as documented information stating the Products and
services covered by the QMS and any Justification where a requirement of
this International standard cannot be applied.

Determining the scope of the Quality Management System (QMS) has been a
part of the ISO 9001 requirements for a long time. This scope is a vital part of the
QMS, as it defines how far the QMS extends within the company’s operations,
and details any exclusion from the ISO 9001 requirements and the justification
for these. It is through the scope that you define what your Quality Management
System covers within your organization. With the release of the new update to
the ISO 9001 requirements, ISO 9001:2015, there is some additional clarification
on defining the scope of the QMS. These clarifications will help to standardize
how companies define the scope of their QMS, even if they choose not to have a
quality manual, which is no longer a stated requirement in the standard. Section
4.3 of the standard details the requirements for determining the scope of the
Quality Management System. In a note about the QMS, it is stated that the QMS
can include the whole organization, specifically identified functions of the
organization, specifically identified sections of the organization, or one or more
functions across a group of organizations. To start, there are three considerations
to be included when determining the scope:

1. External and internal issues that are relevant to the purpose of the
organization, the strategic direction, and the ability to achieve intended
results
2. Requirements of relevant interested parties
3. The product and service of the organization

In addition, the scope is to include any requirements of the ISO 9001 standard
that can be applied, and if a requirement is determined to not apply, the
organization will not use this as a reason for not ensuring conformity of product
and service. The scope is to state the products and services covered by the QMS,
and justification for any instances where the ISO 9001 standard cannot be
applied. It is most common that the scope of the QMS covers the entire
organization. Some noted exceptions are when your QMS only covers one
physical location of a multi-location company, or when your manufacturing or
service is distinctly split between industries (e.g., in a plant with three assembly
lines where assembly lines 1 and 2 are for automotive and need to have a QMS
certified to the ISO/TS 16949 QMS standard for automotive, but you want line 3
to be certified to ISO 9001 since many of the automotive requirements do not
apply). So, your scope should identify the physical locations of the QMS, products
or services that are created within the QMS processes, and the industries that
are applicable if this is relevant. It should be clear enough to identify what your
business does, and if not all parts of the business are applicable, it should be
easily identified which parts are. Some examples could be:

1. XYZ Manufacturing located in London, England, producing machined

components in the aerospace and automotive industry within Europe.
2. XYZ Consultants located in offices in Europe, Asia, and North American
provide Information Technology Support to companies in any industry.
3. XYZ Computing provides software development services to companies in
the automotive and heavy machinery industries within North and South
America.
4. XYZ Industries is a division of XYZ International that operates in Indonesia
and provides paper products to the Asian market.

Your scope does not have a size limit, and should include enough information to
determine what is covered by the processes of the QMS. However, it is important
to make it clear what is included and what is not. If it is not clear to you what
processes in your company are covered by your QMS, then how will it be clear
to an outside auditor or other interested party? Making your scope statement
simple and easy to read can help to focus your QMS efforts and prevent
unnecessary questions about activities that you may perform that may not be
applicable to your QMS certification.

The scope of ISO 9001 is given in clause 1 Scope, and defines the scope of the
standard itself. This should not be confused with the scope of the QMS, which is
a term commonly used to describe the organization’s processes, products (and
/or services), and related sites, departments, divisions etc., to which the
organization applies a formal QMS. (Note, this does not necessarily include all
the processes, products, sites, departments, or divisions etc. of the organization).
The scope of the QMS should be based on the nature of the organization’s
products and their realization processes, the result of risk assessment,
commercial considerations, and contractual, statutory and regulatory
requirements. While ISO 9001 is generic and is applicable to all organizations
(regardless of their type, size or product category), under certain circumstances,
an organization may exclude complying with some specific ISO 9001
requirements , while being permitted to claim conformity to the standard. This is
because it has been recognized that not all the requirements in this clause of the
standard are relevant to all organizations. ISO 9001 itself makes allowance for
such situations. Consequently, the scope of registration/certification
encompasses the scope of the QMS, as well as describing any excluded ISO
9001 requirements. As the terms scope of the QMS and scope of
registration/certification are often used interchangeably, this can lead to
confusion when a customer or end user is trying to identify what parts of an
organization have been registered/certified to ISO 9001, what product lines or
processes are covered by the QMS, or what ISO 9001 requirements have been
excluded. In order to dissipate such confusion and to enable identification of what
has been registered/certified, the scope of registration/certification should clearly
define:
 1. the scope of the QMS (including details of the product lines and related sites,
departments, divisions etc. that are covered by it).
2. the organization’s main processes for its product realisation or service
delivery activities (such as design, manufacture and delivery), for the
product lines that are covered,
3. any ISO 9001 requirement that has been excluded
(It should be noted that the scope of registration/certification is not the same
as the certificate that is awarded to the organization after successful
demonstration of conformity to ISO 9001. The certificate will usually include
a synthesized description of the scope of registration/certification, but not
the details of the ISO 9001 requirements that have been excluded; however,
it may include a note to refer to the fact that the exclusions are detailed in
the organization’s Quality Manual.)

It is essential that a scope of registration/certification be drafted by the

organization prior to applying for registration/certification. This should then be
analysed by the CRB during the Stage 1 audit, for appropriate planning of the
Stage 2 audit. It is responsibility of the auditor:

1. to ensure that the final statement of the scope of registration/certification is

not misleading;
2. to verify that this scope only refers to the processes, products, sites,
departments, or divisions etc. of the organization that were assessed during
the registration/ certification audit; and
3. to verify that this scope defines any excluded requirements from ISO 9001,
and that justification for such exclusions is provided and is reasonable.

As an additional measure to combat potential confusion among customers and

end users, the scope of registration/certification should be clearly defined in the
organisation’s Quality Manual and any publicly available documents (this
includes, for example promotional and marketing material). However,
promotional statements should never be included in the scope of registration/
certification itself.

An example of how a scope could be derived

Organization’s purpose and strategic direction
Purpose:

“As one of India’s leading Data Communications manufacturers, installers and

on-site managed service providers of fiber optic cabling (for Information
Technology connectivity): as well as installer and on-site managed service
provider of copper cabling and IT cabinets; our reason for ‘being’ is a combination
of our vision, mission, and values.“

What is our vision?

“To become the most trusted manufacturer, installer and service provider of fiber
optic/copper cabling (IT cabling) and IT cabinets within India and Europe.“
What is our mission?

“To expand our operations by Consistently meeting customers expectations, and

our legal requirements, which includes the enhancement of
customer satisfaction through the effective application of our processes for
continual improvement.“

What are our values?

“Sustainable business practices including: corporate social responsibility ( social,

economical and environmental), responsible governance, and equal
opportunity are all expected values within our organization. These are re—
enforced through sustainable ethics and workforce integrity throughout all
business operations. Co-operation and collaboration are expected norms within
the organization’s management, with recognition provided for all through regular
appraisals. We encourage and embrace any values which enforce the behaviors
that employees cherish.“

Strategic Direction:

“To open two new offices in India, and one new office in Germany, and Spain this
year. To implement and gain accredited certification to ISO 9001 and ISO 14001
in these new offices, within a year of the offices opening. To employ a motivated
workforce that will embrace the organization’s values, and complement the co-
operation and collaboration needed to achieve the effective application of our
processes for continual improvement.“

2. Organization’s intended result(s) of its QMS

 From the Scope of the Standard:

 To demonstrate its ability to consistently provide products and services
that meet customer and applicable regulatory requirements
 To enhance customer satisfaction through the:
 Effective application of the QMS
 Processes for continual improvement of the QMS
 Assurance of conformity to customer and applicable statutory and
regulatory requirements
 Specific to our organization:
 Reduction in waste, during manufacturing, through reduced rejects,
effective corrective action and improvements in process understanding
and compliance
 To assist in the creation of an effective knowledge database for the
consistent provision of product and service, and for business continuity
purposes

External issues

 Contractual arrangements – generally within the sector

 Competitive environment – overall low cost of entry into the market
 Legislation, e.g. employment of non-nationals
 Regulation within the industry generally
  Overall competition within the recruitment sector
 Overall economic climate in the country
 Countries environmental requirements affecting products and service
 Technology advances
 Standardization and certification within the industry
 Client consideration of bringing expertise in-house
 Client working environment other trades working alongside us,
 Client configuration changes during installation
 Relationships with external interested parties
 Perceptions/values of external interested parties
 Key drivers and trends
 Workforce culture within the sector and country
 Construction delays
 External inspections/audits
 Competitors ceases trading
 Availability of raw materials
 Power cuts in countries
 Availability of external providers – machinery maintenance etc.

Internal issues

 Structure of the organization

 Roles within the organization
 Availability of reliable, qualified and competent workforce
 Stability of workforce
 Staff retention
 Staff training levels
 External providers competence and availability
 Availability and quality of candidates to fulfill our vacancies
 Culture within the organization
 Working hours
 Staff morale
 Internal politics
 Governance, Policies, objectives
 Strategies
 Capabilities
 Resources
 Knowledge
 General competence
 Technologies
 Information systems
 Decision making processes
 Relationships with interested parties
 Perceptions/values of interested parties
 Standards, guidelines and models adopted
 Contractual relationships
 Potential conflicts
 Processes for resolving conflicts
 Social customs
 Management’s abilities
  Priorities
 Database skills
 Root cause analysis abilities
 Improvement tools and abilities to apply
 Ability to motivate workforce
 Project management expertise – new offices
 Understanding and experience in implementing ISO 9001
 Co-operation of workforce

Interested parties and relevant requirements

INTERESTED PARTIES REQUIREMENTS

Good financial performance, legal

compliance/avoidance of
Executive Board
fines, sustainable, corporate and social responsible
with a suitable governance framework

Local residents Local employment, good reputable employer

Identification of applicable statutory and regulatory

requirements for the products and services provided,
understanding of the requirements, application
Law enforcers/ Regulators
within the QMS, and update/ maintenance of
them,Legal compliance, prompt responses to
investigations and enquiries

Value for money, high quality, expectations for design

Customers innovation, on time, low-cost, quick response,
installation expertise, legal compliance

Bank/Finance Good financial performance and cash flow

Professional development, employment security and

Employees
good employee working relationships

Insurers No claims/prompt payment/risk management

Clear, unambiguous contracts and scope of works,

External providers
good working relationship

Compliance (applicable laws) and good working

Trade Unions
relationships with management
Products and services of the organization

 Fiber optic cable manufacture – multimode

 Configuring /layout/plans of cable routes within a client building
 Installation of IT cabling on client site (fiber optic and copper cabling)
 Installation of IT cabinets and connect cabling to active IT equipments
 Test connectivity and data performance
 On-site configuration management – moves and changes
 On-site network incident management
 Provision/management of on-site IT human resource
 IT client disaster recovery service and help desk

Determined scope
The production, installation and on-site managed service of fiber optic cabling
(for Information Technology connectivity), and the installation and on-site
managed service of copper cabling and IT cabinets, at client sites in India,
Germany and Spain.

Manufacturing sites/Offices:

 India (Manufacturing)
 Germany (Office)
 Spain (Office)

Applicability:

All clause requirements are applicable to the above scope, except: 8.3 (Design
and development of products and services). This is because the organization
does not design its products and services, but produces fiber cable (and installs
IT cabinets, and cabling along routes) according to established/defined standards
and industry guidance. Clause 8.3 is therefore not applicable to our Quality
Management System.

—————————End of example—————————————

Clause 4.4 Quality management system and its processes

Clause 4.4.1

The organization must establish, implement, maintain and continually

improve its quality management system as per the requirement of this
standards by determining the process needed and its application through
out the organization . While determining the processes, the organization
must determine the inputs required and the outputs expected from these
processes, the sequence and interaction of these processes,The
organization must control these processes to ensure its effective
operation. The organization must establish the criteria and methods which
include monitoring, measurements and other related performance
indicators to ensure the effective operation and control of these processes.
The organization must determine and ensure the availability of the
resources needed for effective operation of these processes.The personnel
having authorities and responsibilities for these processes must be
identified. As per clause 6.1, the organization must determine risk and
opportunities, analysis them and must take appropriate action to address
them.There must be methods for monitoring, measuring, as appropriate,
and evaluation of these processes. The organization must make changes
in its process if it fails to achieve intended result. The organization must
look opportunities for improve for these process and for Quality
management system as a whole.

Clause 4.4.2

The organization shall maintain documented information to the extent

necessary to support the operation of processes and retain documented
information to the extent necessary to have confidence that the processes
are being carried out as planned.

The primary focus of clause 4.4.1 requirements is to manage and control all your
QMS processes including processes for operations. QMS includes processes
for management(leadership) activities, Planning which includes risk assessment,
support processes (such provision of resources, communication etc), Operation,
performance evaluation and Improvement as part of QMS. Clause 4.4.1 requires
the ‘Process Approach’ to be used in defining your QMS. Documentation of QMS
processes and the need for and detail of specific process documentation is
determined by ISO 9001, customer, regulatory and your own organizational
requirements, complexity of products and processes, effect on quality,risk of
customer dissatisfaction, economic risk,effectiveness and efficiency, competence
of personnel.Clause 4.4.2 requires you to have documents needed to ensure the
effective planning, operation and control for QMS processes. Based on these
factors, you must determine what processes need to be documented and how
you will document it. Not all processes need to be documented; your
documents must also include a description of the interaction between your QMS
processes. A number of different methods can be used to document processes,
such as graphical representations, written instructions, checklists, flow charts,
visual media, or electronic methods, etc. Process flowcharts or block diagrams
can show how policies, objectives, influential factors, job functions, activities,
material, equipment, resources, information, people and decision making interact
and/or interrelate in a logical order. Procedures may be an acceptable way to
document processes provided they describe inputs and outputs, appropriate
responsibilities, controls and resources needed to satisfy customer
requirements. Regardless of whether or not you document all of your processes,
you must provide evidence of effective implementation of all your QMS
processes. Such evidence does not necessarily need to be documented.

Clause 4.4 c requires you to determine criteria for effective process operation and
control. You could determine criteria to control inputs, outputs and resources
used. For example

a.
 Raw materials as an input to production would have acceptance criteria
that it must meet before it can be used.
  Finished product as an output of the production process must meet
acceptance criteria before it can be shipped to the customer;
 The equipment used to transform raw materials into finished product
may have set-up and capability criteria or parameters that it must meet
in order to produce conforming product.

These criteria (controls) must be established for each QMS process. Note that
such controls may also come from the customer, regulatory or industry
bodies. Equally important are the specific methods required for effective
operation and control of each process. These may include job travelers; work
instructions; in process inspection sheet; specifications and drawings; SPC
charts; set up checklist; machine manuals; etc. Note these control methods may
apply to any or all of inputs, outputs or conversion activities.

This clause also requires you to monitor and measure your QMS processes.
Clause 9.1 provides requirements to plan and implement these controls for
monitoring and measuring conformity to process performance criteria determined
above. Ways to monitor and measure QMS processes may include – tracking
against process parameters, goals and objectives, using tools and records such
as process check-sheets; product acceptance criteria; SPC records; production
records; maintenance records; labor records, etc. More details on monitoring and
measuring controls are covered in clause 9.1.
Under 4.4.1d, resources for QMS processes may include facility, material,
equipment, labor, supplies, utilities etc. Every QMS process will require a different
combination of resources. Resource details may be identified in
specifications,production schedules, bill of materials, production travelers or
routers, work instructions, etc. Information for QMS processes will vary from
process to process and may include -production schedules, bill of materials,
product acceptance and process performance criteria, production traveler or
router, work instructions etc. Use clause 7.5 and other relevant clauses to control
process information.

Under 4.4.1 e the organization shall has to ensure that adequate responsibilities
and authorities are assigned as per as the requirements given in the clause 5.3.

This promotes the use of risk based thinking. Risk is defined as the “effect of
uncertainty.” Notes in the definition further describe risk as a “deviation from the
expected,” either positive or negative. The term “uncertainty” is defined as a lack
of information or knowledge about a potential event that can be expressed as a
result of the likelihood and consequence of such an event. A positive deviation
arising from a risk can provide an opportunity, but not all positive effects of risk
result in opportunities. Actions to address opportunities can also include
consideration of associated risks. Clause 4.4.1 f requires that when planning its
QMS, the top management must implement and promote a culture of risk-based
thinking throughout the organization to determine and address the risks and
opportunities associated with providing assurance that the QMS can achieve its
intended result(s); provide conforming products and services, enhance customer
satisfaction; promote desirable effects and improvement; and prevent, or
mitigate, undesired effects.
Clause 4.4.1 g requires evaluate of QMS processes as per the requirement given
in clause 9.1.3 and evaluation may be done through a review of measurement
and monitoring records and performance indicators for each process. These
reviews must identify opportunities to improve QMS processes, use of resources
and product quality. Clause 4.4.1 h calls for improvement in process as per as
the requirement given in clause 10. When process nonconformities occur, then
corrective action is required to bring the QMS process under control. Remember,
the corrective action process is not just for product related
nonconformities. Processes must be continually improved through setting of
incrementally realistic, measurable objectives. Planning for continual
improvement requires a review of process data, resources and controls to bring
about the desired change.
Clause 4.4.1a – 4.4.1h must be applied to all QMS processes. Note also that
many ISO 9001 clauses (e.g. clause 8.2; 8.4; 8.6; etc.), require specific processes
to be established within your QMS, These processes must also be identified and
controlled in your QMS.