Skip to main content

Context of the Organization - What do the Standards Really Require

A company decides to implement an ISO management system. The reason is not important. Maybe they have a customer who is insisting on it, or maybe they just want to improve management in the organization, etc. The first hurdle that will run into is clause 4, Context of the organization. Particularly 4.1, understanding the organization and its context, and 4.2 understanding the needs and expectations of interested parties. It does not matter which standard they are implementing, all the new generation management system standards published by ISO have this requirement.

To be able to give the right information in terms of the standard requirements, I have done a lot of research, and I will be using some of this information, especially information published by Christopher Paris of Oxebridge consulting company.

Some companies send people on training courses, some employ consultants and some do both. Whichever way, the company will be confronted with many different theories on what is required by the standards. Interestingly, many consultants and auditors add their own perceptions on what is “intended” by the standards. This is not acceptable. It depends on what the company wants out of the implemented management system that counts. If the system is implemented for certification purposes only, and not necessarily to gain maximum benefit in terms of strategic and tactical planning, vision, casting, etc, one only has to conform to the specific stated requirements of the applicable standard. When training auditors, I always say to them: “Read the words, don’t make up your own requirements, however noble your intentions may be”.

So, let us see what the three basic standards, ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018, really require.

The first point to take note of is the standards are not written very well in terms of these clauses. This is because there are references to “strategic direction” which is not explained anywhere, but is referred to in a number of clauses in each of the standards. More about that later.

Let us look at the specific wording in the requirements section in terms of what is required. I am not going to quote the entire clauses, or even the sub-clauses, you can read them for yourself. But I will quote what is important. If we read clause 4.1, Understanding the organization and its context, we find the following:

ISO 9001:2015

“The organization shall determine external an internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result(s) of its quality management system”.

In other words, it is focused on quality and the quality management system. Whatever examples they give of external and internal issues need only be evaluated from its potential effect on quality and the quality management system achieving its intended outcomes as determined by the company.

ISO14001:2015

“The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcomes of its environmental management system”.

In this case there is no reference to strategic direction in this clause. The explanation in Annex A does not say anything about it either. Again, there is a focus only on the purpose of the standard.

ISO 45001:2018

“The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcomes of its health and safety management system”.

As we can see, the same as for 14001, with no reference to strategic direction, and focused only on the main purpose of the standard.

To satisfy the immediate requirements of the standards, context refers only to the issues directly associated with the focus of the specific standard, not anything else, despite what consultants and auditors may say. In terms of clause 4.2, understanding the needs ad expectations of interested parties (ISO 45001 adds workers here as well), the same applies.

Also note that there is no requirement for documented information in clauses 4.1 and 4.2. The only obligation of the company is to demonstrate that is has considered the internal and external context, as well as the needs and expectations of interested parties, in terms of the focus of the applicable standard.

There is a word that is common in all 3 these basic standards - “purpose”. Purpose can be interpreted as: There must be reason for implementing the management system. It needs to accomplish something. If not, why would the company do it? It costs a lot of money to do it. Well, purpose can be as easy as:

 “We want to satisfy our customers by providing quality products and services”, or

 “We want minimize the detrimental impacts of our organization’s operations on the environment”, or

 “We want to ensure that our workers are safe and will remain healthy and without injuries”.

And that would be the basis for the management system in terms of the strict, to the letter, requirements of the standards. Do we need to document anything? It would help to demonstrate conformance to the requirements of the standards. It would also help in terms of the references to these 2 clauses (4.1 and 4.2) in clause 6.1, actions to address risks and opportunities. The analysis of the issues and the needs and expectations of interested parties will help to identify risks and opportunities.

Will it benefit the organization? Certainly. Identifying risks and opportunities and acting on it will always be beneficial to the company, regardless of which standard is applied.

BUT….

What about the reference in ISO 9001 to strategic direction? Is it addressed in any more detail, and what about the other two standards? Interestingly enough, it is addressed a few times in each one of the standards. It appears in 5 places in ISO 9001, and 3 places each in ISO 14001 and ISO 45001.

For ISO 9001 Christopher Paris summed it up as follows:

ISO 9001:2015 involves the idea of strategic direction by suggesting that it should be considered:

  • When identifying the processes
  • When identifying issues of concern (context)
  • When developing the quality policy and quality objectives
  • As a metric to measure the overall QMS against during management reviews

For ISO 14001:2015:

  • The system must prevent or mitigate adverse environmental impacts and must enhance beneficial impacts, particularly those with strategic and competitive implications 
  • The environmental policy and objectives must be drawn up considering that it must be compatible with the strategic direction and context of the organization 
  • As an output of the management review to consider any implications for the strategic direction of the organization

For ISO 45001:2018

  • Strategic direction is considered when the OH&S system is developed. It is a strategic and operational decision for the organization 
  • Policy and objectives must be compatible with the strategic direction of the organization 
  • Outputs from the management review needs to be considered in terms of its implications for the strategic direction of the organization

Note that there is no requirement for a documented “strategic direction” for the company. In summary:

For certification purposes, we only have to conform to the minimum requirements contained in the standards

The focus of the specific standard has to be applied when doing context and interested party analysis.

There is no requirement for specific documented information, but remember, this is at the discretion of the company, and you will have to demonstrate conformance to these requirements.

Strategic direction is mentioned as something to be considered, but not as a requirement in itself. As Christopher Paris said, this is the missing clause in ISO 9001:2015.

Do we need to do more than the minimum required by the standards? It would be greatly beneficial to the organization if we use the context of the organization as a proper business assessment to identify risks and opportunities on an organizational and operational level, using a proper business assessment to identify risks and opportunities on an organizational and operational level, using formal methods, doing a proper SWOT analysis, developing the vision and mission statement, doing proper strategic planning based on identified risks an opportunities, setting goals, objectives and targets that are relevant, and doing the associated tactical planning. But more about that in a future article!

Hope this helps to clarify things a bit from an audit point of view!

Feel free to leave a comment, or e-mail me your thoughts.

Koos

koosgouws10@gmail.com


Comments

Post a Comment

Popular posts from this blog

  The Role of the Health and Safety (and sometimes Environmental as well!) Officer  I have recently come across a post by a friend of mine, Edwin Lewis, who is a health and safety officer in a large construction company. I think his thoughts on how health and safety officer are often perceived by management is true in many cases. They appoint health and safety officers not knowing what their actual roles in the organization should be. They are looking for "policeman" who will make sure that employees use their PPE and that they follow procedures. I am posting the following with Edwin's permission: "The following post is after having another discussion with a director from a well known firm, and had a heated debate on the role of a Safety Officer, and of course which i won. What does "Health And Safety Officers" do ? The answers have always been the "Hardhat mentality ".   We only exist and are perceived as, "to make sure employees wear a hard...
2 comments
Read more

Sustainability in Business

Sustainability (in terms of business sustainability) The importance of sustainability has been enhanced in the King IV report on corporate governance. Although application of King IV is voluntary for most organizations, it is a requirement for companies listed on the Johannesburg Stock Exchange. The King IV report addresses sustainability as follows: “Sustainable development, understood as ‘development that meets the needs of the present without compromising the ability of future generations to meet their needs’, is a primary ethical and economic imperative. It is a fitting response to the organization being an integral part of society, its status as a corporate citizen and its stakeholders’ need, interests and expectations. The survival and success of organizations are intertwined with, and related to, three interdependent sub-systems: the triple context of economy, society and the natural environment. In the South African setting, addressing inequality in society ...
1 comment
Read more

European Legislation on Product Liability

In South Africa we have many organizations who manufacture and export products to countries who are members of the European Union. We know that many of these products must have the CE marking applied to them as proof that the product complies with all the essential health and safety requirements for that product. (In later blogs I will give more information on exactly how this works.) The essential health and safety requirements are contained in directives and regulations that have been issued by the European Parliament. In the case of the directives they are national requirements in the legal systems of each member state, while regulations apply in each member state without having to be published as national legislation. In this blog I would like to provide information on the European legislation on product liability. To ensure that the information comes across as intended, I have taken the liberty to copy the appropriate section form the Blue Guide on the Implementation of EU Pro...
Post a Comment
Read more