Management system guidance

4.0 Context of the Organization

ISO Navigator Pro™ is a free tool that provides practical, expert guidance for businesses wishing to interpret and better implement the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018.

Our range of templates cover the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018, and offer an easy way to implement your next management system.

4.2 Understanding the needs and expectations of interested parties

|

Understanding your business's internal and external stakeholder interests

Interested parties

The guidance shown on this page is relevant to ISO 9001, ISO 14001 and ISO 45001. Identify the stakeholders of your organization's management system and capture their relevant requirements.

You should allow time to develop an understanding of your business's internal and external stakeholder interests that might impact upon your management system's ability to deliver its intended results, or those that influence your organization's operational purpose.

This information should be gathered, reviewed and regularly monitored through formal channels, such as management review meetings.

We suggest that you undertake analysis of your stakeholders to determine the relevance of the interested parties and their requirements as they relate to your business activities, and those which impact the management system.

If you need a procedure and forms to help determine and document your business's stakeholder requirements, please click here.

In order to determine the relevance of an interested party and their requirements, your organization needs to answer: ‘does this interested party, or their requirements, affect our organization’s ability to achieve the intended outcomes of its management system?’.

If the answer is 'yes', then the interested parties’ requirements should be captured and considered when planning your management system. There are many ways to capture this information, your approach could include:

  1. Information summarised as an input to the quality risk and opportunity registers;
  2. Information summarised as an input to the identification of environmental aspect and impact registers;
  3. Information summarised as an input to the identification of health & safety hazard and risk registers;
  4. Recorded in a simple spreadsheets with version control;
  5. Logged and maintained in a database to allow tracking and reporting;
  6. Captured, recorded, and disseminated through key meetings.

Try using brainstorming techniques to identify relevant external and internal interested parties, e.g. customers, partners, end users, external providers, owners, shareholders, employees, trade unions, government agencies, regulatory authorities, local community. We suggest that you capture this information using a free copy of our 'Interested Party Analysis' template.

Similar to the context review discussed previously in Clause 4.1, cross functional input is vital, as certain functions will identify with particular stakeholders, for example procurement with suppliers, and sales with customers. A workshop approach should be encouraged which can be undertaken independent to, or in conjunction with the context review workshop.

Once stakeholders and their requirements are identified, the next step is to consider which stakeholder requirements generate compliance obligations. Legal requirements should be identified before other requirements. (ISO 14001 and ISO 45001 only) This process of adopting requirements will allow you to focus and coordinate on what’s important.

interested-parties

Make reference to all objective evidence, including examples of interested parties and any resulting compliance obligations. Look for evidence that your organization has undergone a process to initially identify these groups, and then to identify any of their requirements that are relevant to your management system.

You should also determine whether these groups’ requirements are reviewed and updated as changes in their requirements occur, or when changes to your organization’s management system are planned. Ensure that your organization has properly identified its interested parties, and subsequently determined if any of their needs and expectations to be adopted as a compliance obligation. Ensure that this process is revisited periodically because the relevant requirements of relevant interested parties may change over time.

Although not specifically required, objective evidence could be a list or matrix of the interested parties, their corresponding needs and expectations, and indication of which of these accepted as compliance obligations. Compliance obligations might include:

  1. All relevant legal requirements;
  2. All requirements imposed by upper levels in the organization (for example corporate requirements);
  3. All relevant requirements of relevant interested parties that the organization decides to comply with, whether contractually (customers) or voluntarily (environmental or safety commitments).

Communicating with stakeholders, particularly in relation to compliance obligations or legal requirements is vital. Communication with stakeholders should be based on performance data generated by your organization’s management system, which will require robust monitoring and measurement to ensure that the data is reliable.

You should ensure that the monitoring and measurement processes are included in the internal audit programme so your organization can assure itself that the checking processes and validated and that the data it is communicating is accurate. It is important to remember that Clause 4.2 'Understanding the needs and Expectations of Interested Parties' interacts with the following clauses:

  1. Clause 4.3 - 'When determining the scope, the organization shall consider requirements of relevant interested parties referred to in 4.2';
  2. Clause 5.2.2 - 'The quality, environmental or health and safety policies are available to relevant interested parties, as appropriate';
  3. Clause 6.1.1 - 'When planning the management system, the organization shall consider the requirements referred to in 4.2, and determine risks and opportunities that need to be addressed';
  4. Clause 8.3.2 - 'In determining the stages and controls for design and development, the organization shall consider the level of control expected for the design and development process by customers and other relevant interested parties';
  5. Clause 9.3.2 - 'Management reviews are planned and carried out considering information on management system performance and effectiveness, including trends in customer satisfaction and feedback from relevant interested parties'.

Internal stakeholders could include:

Types of Internal interested parties: Possible needs and expectations: How to capture key issues:
Employees and contractors Shared culture, attitudes and job security Employee meetings, consultation and feedback
Clients and customers Competitive pricing, reliability and value Client/customer reviews and relationship management/customer feedback
Suppliers Beneficial supplier-client relationships Supplier reviews and relationship management
Unions and worker representatives Representation and cooperation Consultation and feedback on employment and safety issues
 

External stakeholders could include:

Types of External interested parties: Possible needs and expectations: How to capture key issues:
Regulators Compliance and reporting Critical product specification issues and conformity
Shareholders Profitability and strategies for growth Consultation and engagement exercises to identify concerns
Neighbours and communities Social responsibility and engagement Consultation and engagement exercises to identify environmental concerns
Local Authorities and Government Consultation and information Engagement with planning and development issues
 

The relevant requirements of interested parties must be available as inputs into the management system planning process, as potential risks and opportunities (Clause 6.1). There is no requirement to retain documented information, but the following types of documentation would help to evidence this:

  1. Minutes of meetings (from meetings from each group of interested party);
  2. Requirement spreadsheets and databases (CRM & ERM type applications);
  3. External communications and documentation;
  4. Quality manual;
  5. Flow down and capture of requirements relevant to the management system defined in contracts, orders, statements of work, terms of business etc;
  6. Records of meetings where interested parties and their requirements are routinely discussed and monitored.
  7. Stakeholder mapping to determine importance;
  8. Records of surveys, networking, face-to-face meetings, association membership, attending conferences, lobbying, participation in benchmarking.

Look for evidence that your organization has undergone a process to initially identify these groups, and then to identify any of their requirements that are relevant to your organization’s management system. You should also determine whether these groups’ requirements are reviewed and updated as changes in their requirements occur, or when changes to your organization’s management system are planned.

|

More information on PDCA

Planning

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
4.1 Organizational Context 4.1 Organizational Context 4.1 Organizational Context
4.2 Relevant Interested Parties 4.2 Relevant Interested Parties 4.2 Relevant Interested Parties
4.3 Management System Scope 4.3 Management System Scope 4.3 Management System Scope
4.4 QMS Processes 4.4 EMS Processes 4.4 OH&S Management System
 
ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
5.1 Leadership & Commitment 5.1 Leadership & Commitment 5.1 Leadership & Commitment
5.2 Quality Policy 5.2 Environmental Policy 5.2 OH&S Policy
5.3 Roles, Responsibilities/Authorities 5.3 Roles, Responsibilities/Authorities 5.3 Roles, Responsibilities/Authorities
    5.4 Consultation & Participation
 
ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
6.1.1 Address Risks & Opportunities 6.1.1 Address Risks & Opportunities 6.1.1 Address Risks & Opportunities
6.2.1 Quality Objectives 6.1.2 Environmental Aspects 6.1.2 Hazard Identifcation
6.2.2 Planning to Achieve Objectives 6.1.3 Compliance Obligations 6.1.3 Legal & Other Requirements
6.3 Planning for Change 6.1.4 Planning Action 6.1.4 Planning Action
  6.2.1 Environmental Objectives 6.2.1 OH&S Objectives
  6.2.2 Planning to Achieve Objectives 6.2.2 Planning to Achieve Objectives
 

Doing

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
7.1.1 Resources - General
7.1 Resources 7.1 Resources
7.1.2 People 7.2 Competence 7.2 Competence
7.1.3 Infrastructure
7.3 Awareness 7.3 Awareness
7.1.4 Operational Environment 7.4.1 Communcation - General 7.4.1 Communcation - General
7.1.5 Monitoring & Measuring 7.4.2 Internal Communcation 7.4.2 Internal Communcation
7.1.6 Organizational Knowledge 7.4.3 External Communcation 7.4.3 External Communcation
7.2 Competence 7.5 Documented Information 7.5 Documented Information
7.3 Awareness    
7.4 Communcation    
7.5 Documented Information    

 

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
8.1 Operational Planning & Control
8.1 Operational Planning & Control 8.1.1 General
8.2.1 Customer Communication 8.2 Emergency Preparedness 8.1.2 Eliminating Hazards
8.2.2 Determining Requirements
  8.1.3 Management of Change
8.2.3 Reviewing Requirements   8.1.4 Outsourcing
8.2.4 Changes in Requirements
  8.2 Emergency Preparedness
8.3.1 Design Development - General    
8.3.2 Design Development - Planning
   
8.3.3 Design Development - Inputs    
8.3.4 Design Development - Controls    
8.3.5 Design Development - Outputs    
8.3.6 Design Development - Changes    
8.4.1 External Processes - General    
8.4.2 Purchasing Controls    
8.4.3 Purchasing Information    
8.5.1 Production & Service Provision    
8.5.2 Identification & Traceability    
8.5.3 3rd Party Property    
8.5.4 Preservation    
8.5.5 Post-delivery Activities    
8.5.6 Control of Changes    
8.6 Release of Products & Services    
8.7 Nonconforming Outputs    
 

Checking

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
9.1.1 Performance Evaluation 9.1.1 Performance Evaluation 9.1.1 Performance Evaluation
9.1.2 Customer Satisfaction 9.1.2 Evaluation of Compliance 9.1.2 Evaluation of Compliance
9.1.3 Analysis & Evaluation 9.2 Internal Audit 9.2 Internal Audit
9.2 Internal Audit 9.3 Management Review 9.3 Management Review
9.3 Management Review    
 

Acting

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
10.1 Improvement - General 10.1 Improvement - General 10.1 Improvement - General
10.2 Nonconformity & Corrective Action 10.2 Nonconformity & Corrective Action 10.2 Incident, Nonconformity & Corrective Action
10.3 Continual Improvement 10.3 Continual Improvement 10.3 Continual Improvement
 

Want to know more?

SSL certification

A certificate guarantees the information your internet browser is receiving now originates from the expected domain - https://www.iso9001help.co.uk. It guarantees that when you make a purchase, sensitive data is encrypted and sent to the right place, and not to a malicious third-party.

Free PDCA guidance

ISO Navigator™ is our FREE online training tool that shows you how to apply the principles of PDCA to your operations. We also offer many helpful templates that get you on the road to documenting your management system, please visit the download page.