,Context, Quality Policy and Objectives
The ISO 9001:2015 Standard puts a strong focus on strategic management. What this means is a closer connection in the interrelationships between business policy, objectives and results.
Interpreting ISO 9001:2015, we can relate to 3 key areas of Business Strategy:
If we consider the literal definition of Context, we arrive at the term "circumstance". Therefore, we can consider our Context to be those circumstances that affect our ability to provide a product or service. In order to comprehend those circumstances, we must understand our business. What are our strengths and weaknesses (internal factors) and what opportunities and threats must we consider (external factors)? What requirements must we satisfy and how to we intend to achieve these results?
A common misconception is that ISO 9001:2015 requires quality objectives to be based on the company's quality policy; however, the actual requirement is that they are consistent with this policy. To be effective, quality objectives do not require line-by-line linkage to the quality policy, only align with it's intent. Quality objectives must take into account those strategic issues arising from an analysis of current business performance and opportunities.
Most quality policies cite improvement, customer satisfaction and quality. Many however, fall short on the commitment to satisfy applicable requirements. Meeting customer requirements is one piece of the whole; however, with a heightened focus on internal and external factors, interested parties and their requirements as part of determining the context of the organization, the quality policy needs to take these other requirements into consideration.
Per ISO 9001:2015, there are 4 key components that a Quality Policy must encompass:
The Quality Management System (QMS) must be aligned with the Business Strategy. If the organization has strategic initiatives in place, they must connect with the Quality Policy. There must be linkage between the QMS and the Business. The Quality Policy must reflect the strategic direction of the company.
Can you connect the dots between your organization's strategic direction, quality objectives and quality policy?
Scope statement examples for ISO 9001:2015
ISO 9001:2015 requires an organization to determine the boundaries and applicability of its quality management system (QMS). This determination lays the framework for establishing the organization’s scope, which is then required by ISO 9001 to be maintained as documented information.
When determine an organization’s scope, ISO 9001:2015 (4.3) requires that consideration must be given to:
1. the internal and external factors referred to in 4.1;
2. the requirements of relevant interested parties referred to in 4.2;
3. the Products and Services of the organization.
What does this mean? The following are a few examples of scope statements, in this case detailing a fictitious company (XYZ) that provides machine shop services. While the XYZ company is fictional, these are actual examples of scope statements we’ve encountered, just slightly edited for illustrative purposes and to make this example:
Machine Shop Example #1 (Worst Example): “We are a machine shop.”
Commentary: required items #1 and #2 in ISO 9001 (4.3) are not addressed, and item #3 could be much, much better described with regards to the products and services the organization provides.
Machine Shop Example #2 (Slightly Less-Worse Example): “We are an industry-leading provider of machine shop services.”
Commentary: required items #1, #2 in ISO 9001 (4.3) are still not addressed, and item #3 could still be much better defined. Stating the you are an “industry leading provider” is not scope-related, and these types of adjectives and adverbs should be saved for marketing materials. At this point, you’re trying to explain the boundaries and applicability of the management system, not position yourself to make a sale.
Machine Shop Example #3 (Slightly Better Example): “Company XYZ specializes in the precision machining of components for use in the automotive industry.”
Commentary: This statement is somewhat better than previous examples. This version of the scope statement covers the products and services of the organization and refers to, albeit in a very limited manner, the relevant interested parties and their requirements.
Machine Shop Example #4 (Even Better Example): “Located in Houston TX, Company XYZ is a high-volume machine shop that specializes in the precision machining of aftermarket aluminum brake, steering and suspension components, in accordance with OEM specifications and government regulations, for use in the automotive industry.”
Commentary: Now we’re starting to make some real progress. There is still more polishing to be done, but now this statement is coming closer to addressing all requirements. It likely won’t be possible to address every internal and external factor, every interested party and every product in your scope statement, but at least an attempt should be made to summarize these different considerations.
When creating your scope statement, bear in mind that this requirement of ISO 9001:2015 requires you to define the scope of your quality management system, not the scope of your ISO 9001 certification. ISO 9001 certificates also have their own scope statement, which is determined along with your certifying body, if one is used.
Note again, the scope of the quality management system is required by ISO 9001:2015 to be maintained as documented information. It is one of three requirements prescribed by the standard (scope, quality objectives, and quality policy), whereas most other requirements to maintain documented information are “as necessary”. Also, keep in mind that per ISO 9001, this information must also be made available to interested parties.
Two of the most frequent inquiries we receive relating to the ISO 9001:2015 Standard are seeking help in understanding and determining "Context" and "Risk Based Thinking".
As for context, the easiest explanation is to consider it as an opportunity to present “about our company”. Who we are, what we do, how do we do it, and who do we do it for. For example, many companies may make chairs, but all chairs are not created equal (e.g., a chair may be for an office, a kitchen table, a bar, a plane, a patio, a pool, etc.). If your business was a painting on canvas, your context would be the background.
The best approach we’ve had so far is to replace the “old” ISO 9001:2008 manual with a “new” ISO 9001:2015 manual that addresses all of the above. Rather than just restating and paraphrasing the ISO 9001 standard, the QMS becomes the company’s explanation of its interested parties, products and processes, and how it manages quality. Once documented, it should be communicated internally, so everyone can understand and speak the same language.
As for risk based thinking, the only requirement of ISO 9001:2015 is that the organization can demonstrate that it is applying this concept. TC-176, the ISO technical committee responsible for this standard, intentionally didn’t prescribe any requirements, for fear of alienating the various users of the standard. Along with several other new requirements, this hesitation created more problems than it solved. Now the certification auditors are taking it upon themselves to mandate their own personal opinions…
The best approach we’ve had with this area is the use of a risk registry (list), detailing by each QMS process, what risks we consider to be important. Once identified, this registry is scored highest-to-lowest (based on whatever company-defined method is used), with the highest values being those which are considered to require immediate control. The rest can just be monitored for change. If you’re familiar with the term, think FMEA (Failure Modes Effects Analysis).
Quality Management System and its Processes (4.4)
Excerpt below is from ISO 9001:215. Attached also is a planning worksheet we use for this purpose, with items (f), (g), and (h) maintained separately. Hope this helps.
The organization shall determine the processes needed for the quality management system and their application throughout the organization, and shall:
a) determine the inputs required and the outputs expected from these processes;
b) determine the sequence and interaction of these processes;
c) determine and apply the criteria and methods (including monitoring, measurements and related performance indicators) needed to ensure the effective operation and control of these processes;
d) determine the resources needed for these processes and ensure their availability;
e) assign the responsibilities and authorities for these processes;
f) address the risks and opportunities as determined in accordance with the requirements of 6.1;
g) evaluate these processes and implement any changes needed to ensure that these processes achieve their intended results;
h) improve the processes and the quality management system.
Understanding the needs and expectations of interested parties (4.2)
The organization will need to determine the interested parties that are relevant to the quality management system and the requirements of those interested parties.
A few examples are below:
This is just a sample list. Can you think of any others?
Understanding the Organization and its Context (4.1)
This is the combination of those internal and external factors that affect an organization's approach to the way in which it provides products and services that are delivered to its customer. In the simplest terms, these are the circumstances that affect the way we do business.
Below are a few examples:
Our ISO 9001 Blog
Information, thoughts and periodic updates from MAS Solutions' QMS Consulting Group.
Please Like or Share this page if you find the content useful, so we'll know to keep posting. Enjoy!