ISO 9001:2015 Clause 4 context of the organization

ISO 9001:2015 Clause 4 Context of the Organization

Definition

As per ISO 9000, the definition of Context of the Organization is “business environment “,
“combination of internal and external factors and conditions that can have an effect on
an organization’s approach to its products, services and investments and interested Parties “.
The note states that this concept of Context of Organization is equally applicable to Not for
profit organization, public service organization and governmental organization. Also, in normal
language, this concept is also known as the business environment, organizational environment
or ecosystem of an organization.

Introduction:

The implementation of QMS should be the strategic decision of the organization and
is influenced by the context of the organization and the changes in that context. The changes
in the context can be with respect to its specific objectives, the risks associated with its
context and objectives, the needs and expectations of its customers and other relevant
interested parties, the products and services it provides, the complexity of processes it employs
and their interactions, the competence of persons within or working on behalf of the
organization and its size and organizational structure. The context of an organization will
include internal factors such as organizational culture and external factors such as the socio-
economic conditions under which it operates. The scope of ISO DIS 9001:2015 states that an
organization needs to demonstrate its ability to consistently provide products and services that
meet customer and applicable statutory and regulatory requirements and aims to enhance
customer satisfaction.

Any interested party which is not relevant to the quality management system need not be
considered and similarly, any requirement of the interested party not relevant to the quality
management system need not be considered. Determining what is relevant or not relevant
is dependent on whether it has an impact on the organization’s ability to consistently provide
products and services that meet customer and applicable statutory and regulatory requirements
or the organization’s aim to enhance customer satisfaction. The organization can decide to
determine additional needs and expectations that will meet its quality objectives. However, it
is at the organization’s discretion whether to accept additional requirements to satisfy
interested parties beyond what is required by this Standard.

There is a new clause relating to the context of the organization,

Clause 4 Context of the organization

These clauses require the organization to determine the issues and requirements that can
impact on the planning of the quality management system. Interested parties cannot go beyond
the scope of ISO 9001. There is no requirement to go beyond interested parties that are relevant
to the quality management system. Consider the impact on the organization’s ability to
consistently provide products and services that meet customer and applicable statutory and
regulatory requirements or the organization’s aim to enhance customer satisfaction.
Organizations can go beyond the minimum requirements to determine additional needs and
expectations for interested parties that would not be “relevant” at the discretion of the
organization and should be clear in the quality management system. The “Context of
Organization” clause has four sub-clauses ie

 Clause 4.1 Understanding the Organization and its context

 Clause 4.2 Understanding the needs and expectations of interested parties
 Clause 4.3 Determining the scope of the quality management system
 Clause 4.4 Quality management system and its processes
Clause 4.1 Understanding the Organization and its context

The organization should determine external and internal issues for the organization
relevant to its purpose, strategic planning and which affect the organization’s ability to
achieve its objectives. The Organization should monitor and review the information about
external and internal issues. The organization must consider issues related to
values, culture knowledge and performance of the organization for the understanding of
internal issues. The organization must consider issues related to arising from
legal, technological, competitive, market, cultural, social, and economic environments,
whether international, national, regional or local for the understanding of external
context. For considering internal context as well as external factors both positive as well
as negative factors must be considered.

An organization’s context involves its “operating environment.” The context must be

determined both within the organization and external to the organization. It is important to
understand the unique context of an organization before starting the strategic planning. To
establish the context means to define the external and internal factors that the organizations
must consider when they manage risks. An organization’s external context includes its outside
stakeholders, its local operating environment, as well as any external factors that influence the
selection of its objectives (goals and targets) or its ability to meet its goals. An organization’s
internal context includes its interested parties, its approach to governance, its contractual
relationships with its customers, and its capabilities and culture. An organization’s internal
context is the internal environment within which the organization seeks to achieve its
sustainability goals. The internal context may include,

 Product and service offerings

 Governance, organizational structure, roles, and accountability
 Regulatory requirements
 Policies and goals, and the strategies that are in place to achieve them,
 Assets (e.g., facilities, property, equipment and technology)
 Capabilities understood in terms of resources and knowledge (e.g., capital, time, people,
processes, systems, and technologies)
 Information systems, information flows, and decision-making processes (both formal and
informal)
 Relationships of the staff/volunteers/members and the perceptions and values of their
internal stakeholders including suppliers and partners
  Organization’s culture
 Standards, guidelines, and models adopted by the organization and
 Form and extent of the organization’s contractual relationships.

Internal context can also be defined as anything within the organization that may influence
the way in which the organization manages its internal risks. Once the internal context is
understood, one can conduct the macro-environmental external analysis using “PEST”
(political, economic, social and technological) analysis. This analysis determines which factors
are can influence how the organization operates. The organization cannot control these factors,
but they must seek to adapt to them. The PEST factors can be classified as opportunities and
threats in a SWOT (strengths, weaknesses, opportunities and threats) analysis. Alternatively,
some organizations might use Porter’s “Five Forces Model.” These methods are used to review
a strategy or position or direction of an organization. Completing a pest analysis is simple and
helps the individuals involved in the organization to understand and find ways to deal with the
context.

Political Factors Economic Factors

Ecological/Environmental Issues
Current legislation
Anticipated future legislation
International legislation (global influences) Seasonality or other weather issues
Regulatory bodies and processes
Government policies, terms and change
Funding, grants, and initiatives
Market lobbying groups
Wars and conflicts
Social Factors
Lifestyle trends
Demographics
Consumer attitudes and opinions
Media views
Law changes affecting social behaviors
Image of the organization
Consumer buying patterns
National economies and trends
General taxation issues
Taxation to activities, products, services
Market and trade cycles
Specific sector factors
Customer/end-user drivers
Interest and exchange rates
International trade and monetary issues
Technology Factors
Competing technology development
Associated/Dependent technologies
Replacement technology/Solutions
Maturity of Technology
Information and communications
Consumer buying mechanisms
Technology legislation
Fashion and role models
Major events and influences
Buying access and trends
Ethnic/Religious factors
Advertising and publicity
Ethical issues
Innovation potential
Technology access, licensing, patents
Intellectual property issues
Global communication
Social media use
Maturity of organization’s products/ services

Example of PEST Analysis

Example Porter’s “Five Forces Model.”

Although organizations cannot control the macro-environment factors they need to manage
them to their advantage. They also need to protect themselves from PEST factors which may
increase operational costs or affect their reputation. The external context’s micro-environment
consists of the organization’s immediate operations and how they affect its performance and
decision-making. These factors have a direct impact on the success of the organization. It is
important to have a full analysis of the micro-environment before moving to strategy
development. Here are some of the micro-environmental context factors.

 Customers:
Organizations must attract and retain customers by offering products services that meet
their needs along with providing excellent customer service
 Employees:
There must be the availability of people with the motivation to remain as contributing
members of the organization and develop the skills necessary to provide a competitive
edge
 Suppliers:
Suppliers provide organizations with the resources they need to carry out their activities.
If a supplier provides bad service, this affects the way the organization operates. Close
supplier relationships are an effective way to remain competitive and secure the resources
needed
 Investors:
All organizations require investment to grow. They may borrow the money from a bank or
have people invest in their work. Relationships with investors need to be managed
carefully as problems can detrimentally affect the long-term success of the organization
 Media:
Positive media attention can bring success to the organization by maintaining its
reputational strength. Managing the media (including the presence in social media) is a
challenge.
 Competitors:

Members of the organization need to have a sense of belonging. Can the organization offer
benefits that are better than those offered by the competitors? Is there a strong value
proposition? Competitor analysis and monitoring is crucial if an organization is to maintain
or improve its position in the competitive landscape of the community. The organization
must always be aware of its competitor’s activities. The landscape can change quickly.

As in the case of the macro-environmental context, the organization cannot always control its
micro-environment factors. But they must be carefully managed together and with the internal
context understanding. Both internal and external context can have influence over the
organization. Customer pressures and complaints can force organizations to change various
policies such as product returns and customer and technical support. Technological changes
can provide new and more effective ways to handle communications, operations, shipping and
logistics. Cultural and religious differences may hinder product or service entry into certain
countries. Government’s regulatory and trade policies can play a significant role in determining
how businesses operate, especially regarding international trade, taxation, and regulations.
The media, including social media, can have a huge impact on a company’s image and public
relations. A bad news video or news report can go viral pretty fast, and if your organization
doesn’t provide an acceptable response, the negative publicity and effects can last a long time.
Sociological forces often drive what, where and how consumers buy product and services. There
is an increasing trend in the number of consumers purchasing products online and reading
reviews before making a purchase. The multinational and multicultural trend in workforce
composition can cause significant changes in the hiring and retention of competent human
resources. If the response to these situations is unplanned, weak or untimely, it might have a
dramatic impact on the future of the business – loss of customers, serious production
interruption or disruption, permanent loss of organizational knowledge, even loss or bankruptcy
of the business. Contextual issues can have a positive impact, as it may present opportunities
such as new, improved or increased availability of previously scarce resources, opening of or
access to new markets, availability of new technologies leading to reduced costs, improved
product quality, services and operational efficiency. Many of these contextual issues can be
viewed as variables some changing faster, others slower, depending on whether the
organization is fast paced and leading edge or in a stable or mature industry. Therefore,
variability in these issues depicts uncertainty about their future behavior. Such uncertainty can
be quite diverse, complex and at times highly unpredictable. This presents a dilemma to
organizations in terms of tracking and adapting to changes in these issues. This uncertainty
introduces the need for understanding and use of risk evaluation, mitigation and management.
Thus, each organizational contextual issue will have its own specific set of uncertainties with
different levels of complexity and risk and the need for specific controls to mitigate or eliminate
the risk.

Example internal issues could include, but are not limited to:

 Structure of the organization — limited flexibility when dealing with varying demands
 Roles within the organization — Rigid, personnel willing to adapt to demands?
 Availability of reliable qualified and competent workforce — very good (positive)
 Stability of workforce – Wage benchmarking is not consistent with competitors
 Staff retention — very high (positive)
 Impact of unionization – Uncordial
  Staff competency levels– high(positive)
 Contractual arrangements with customer-beneficial
 Payment terms from customers-high credit
 Solvency of customers -etc
 Expansion of customer base-etc
 The overall strength of the business to support funding needs -etc
 Relationship with investors. -etc
 Credit terms available. -etc
 Service level agreements with customers -etc
 The culture within the organization -etc

Example external issues could include, but are not limited to:

 Political, economic, social, technological, legal and regulatory — Laws changing,

affecting product conformity, minimum wage changing, evolutions in more
efficient machinery affecting the price
 Operating Permits becoming tighter on emission levels — technology demands
 Overall economic performance in the country — above EU norm (positive)
 Competitive environment — overall low-cost of entry into the market
 Economic plans for future -etc
 The nature and impact of the economy on market -etc
 Customer demographics -etc
 General levels of consumer confidence -etc
 Customer expectation -etc
 Standardization and certification within the industry -etc
 Regulation within the industry generally -etc
 Trade associations and lobbying powers -etc
 Impact on neighbours. -etc
Clause 4.2 Understanding the needs and expectations of interested parties

The organization shall determine relevant interested parties and relevant requirements
of relevant interested parties. Relevant interested parties to be considered are those that
could affect or potentially affect the organization’s ability to constantly provide products
and services that meet customer and applicable statutory and regulatory
requirements. Monitor and review information related to interested parties and relevant
requirements.

Firstly, the organization will need to determine external and internal issues that are
relevant to its purpose, i.e. what are the relevant issues, both inside and out, that have an
impact on what the organization does, that would affect its ability to achieve the intended
outcome(s) of its management system. It should be noted that the term ‘issue’ covers not
only problems, which would have been the subject of the preventive action in previous
standards, but also important topics for the management system to address, such as any
market assurance and governance goals that the organization might set for its management
system. Next, the organization has to determine relevant interested parties and relevant
requirements of relevant interested parties.

An interested party is a person or organization that can affect, be affected by, or

perceive themselves to be affected by a decision or activity that’s within the scope of
the management system. There will be those external interested parties that impose specific
legal, regulatory or contractual requirements in an organization. There may also be
requirements specified by internal interested parties, for example, management and staff
(permanent and temporary). Typically, these would include:

 Shareholders
 Owners
 Management
 Employees
 Trade unions
 Suppliers
 Partners
 Client
 Government agencies
 Media
 Society
  any other person or organization interested in the organization

There is no requirement in this International Standard for the organization to

consider interested parties which have been determined by the organization not to be relevant
to its quality management system. Similarly, there is no requirement to address a requirement
of a relevant interested party if the organization considers that the requirement is not relevant.
Determining what is relevant or not relevant is dependent on whether it has an impact on the
organization’s ability to consistently provide products and services that meet customer and
applicable statutory and regulatory requirements or the organization’s aim to enhance
customer satisfaction. The organization can decide to determine additional needs and
expectations that will assist it to meet its quality objectives. However, it is at the
organization’s discretion whether to accept additional requirements to satisfy interested
parties beyond what is required by this International Standard.

INTERESTED PARTIES REQUIREMENTS

Good financial performance, legal
Executive Board
compliance/avoidance of fines
No complaints relating to noise, parking,
Local residents health and safety, pollution,
waste, employment
Identification of applicable statutory and
regulatory requirements for the products and
Law enforcers/ Regulators services provided, understanding of the
requirements, the application within the
QMS, and update/ maintenance of them
Value for money, high quality, expectations
for design innovation, on time, low-cost,
Customers quick response, installation expertise, health
and
safety/EMS
Bank/Finance Good financial performance
Professional development, prompt payment
Employees health and safety, work/ life balance,
employment security
Insurers No claims/prompt payment/risk management
Prompt payment, health and safety, work
External providers
relationship
Trade Unions Compliance (employment law)
One tool which can be used for determining the relevant requirement of relevant interested
parties is Stakeholder analysis
Clause 4.3 Determining the scope of the quality management system

The organization must establish the scope of the quality management system by
determining the boundaries and applicability of the quality management system. While
determining the scope the organization must consider the internal and external issues
determined in 4.1., the requirements of relevant interested parties in 4.2. and the
products and services of the organization. Requirements from this International standard
that can be applied by the organization shall be applied within the scope of the
QMS. Requirements from this International standard that cannot be applied by the
organization and which does not affect the organization’s ability or responsibility to
provide product and services that meet the conformity of its product and services and
enhancement of the customer satisfaction. The organization must make available the
scope and must maintain scope as documented information stating the Products and
services covered by the QMS and any Justification where a requirement of this
International standard cannot be applied.

Determining the scope of the Quality Management System (QMS) has been a part of the ISO
9001 requirements for a long time. This scope is a vital part of the QMS, as it defines how far
the QMS extends within the company’s operations and details any exclusion from the ISO 9001
requirements and the justification for these. It is through the scope that you define what your
Quality Management System covers within your organization. With the release of the new
update to the ISO 9001 requirements, ISO 9001:2015, there is some additional clarification on
defining the scope of the QMS. These clarifications will help to standardize how companies
define the scope of their QMS, even if they choose not to have a quality manual, which is no
longer a stated requirement in the standard. Section 4.3 of the standard details the
requirements for determining the scope of the Quality Management System. In a note about
the QMS, it is stated that the QMS can include the whole organization, specifically identified
functions of the organization, specifically identified sections of the organization, or one or
more functions across a group of organizations. To start, there are three considerations to be
included when determining the scope:

1. External and internal issues that are relevant to the purpose of the organization, the
strategic direction, and the ability to achieve intended results
2. Requirements of relevant interested parties
3. The product and service of the organization
In addition, the scope is to include any requirements of the ISO 9001 standard that can be
applied, and if a requirement is determined to not apply, the organization will not use this as
a reason for not ensuring conformity of product and service. The scope is to state the products
and services covered by the QMS, and justification for any instances where the ISO 9001
standard cannot be applied. It is most common that the scope of the QMS covers the entire
organization. Some noted exceptions are when your QMS only covers one physical location of a
multi-location company, or when your manufacturing or service is distinctly split between
industries (e.g., in a plant with three assembly lines where assembly lines 1 and 2 are for
automotive and need to have a QMS certified to the ISO/TS 16949 QMS standard for automotive,
but you want line 3 to be certified to ISO 9001 since many of the automotive requirements do
not apply). So, your scope should identify the physical locations of the QMS, products or services
that are created within the QMS processes, and the industries that are applicable if this is
relevant. It should be clear enough to identify what your business does, and if not all parts of
the business are applicable, it should be easily identified which parts are. Some examples could
be:

1. XYZ Manufacturing located in London, England, producing machined components in the

aerospace and automotive industry within Europe.
2. XYZ Consultants located in offices in Europe, Asia, and North American provide
Information Technology Support to companies in any industry.
3. XYZ Computing provides software development services to companies in the automotive
and heavy machinery industries within North and South America.
4. XYZ Industries is a division of XYZ International that operates in Indonesia and provides
paper products to the Asian market.

Your scope does not have a size limit and should include enough information to determine what
is covered by the processes of the QMS. However, it is important to make it clear what is
included and what is not. If it is not clear to you what processes in your company are covered
by your QMS, then how will it be clear to an outside auditor or other interested parties? Making
your scope statement simple and easy to read can help to focus your QMS efforts and prevent
unnecessary questions about activities that you may perform that may not be applicable to your
QMS certification.

The scope of ISO 9001 is given in clause 1 Scope and defines the scope of the standard itself.
This should not be confused with the scope of the QMS, which is a term commonly used to
describe the organization’s processes, products (and /or services), and related sites,
departments, divisions etc., to which the organization applies a formal QMS. (Note, this does
not necessarily include all the processes, products, sites, departments, or divisions etc. of the
organization). The scope of the QMS should be based on the nature of the organization’s
products and their realization processes, the result of risk assessment, commercial
considerations, and contractual, statutory and regulatory requirements. While ISO 9001 is
generic and is applicable to all organizations (regardless of their type, size or product category),
under certain circumstances, an organization may exclude complying with some specific ISO
9001 requirements, while being permitted to claim conformity to the standard. This is because
it has been recognized that not all the requirements in this clause of the standard are relevant
to all organizations. ISO 9001 itself makes allowance for such situations. Consequently, the
scope of registration/certification encompasses the scope of the QMS, as well as describing any
excluded ISO 9001 requirements. As the terms scope of the QMS and scope of
registration/certification are often used interchangeably, this can lead to confusion when a
customer or end user is trying to identify what parts of an organization have been
registered/certified to ISO 9001, what product lines or processes are covered by the QMS, or
what ISO 9001 requirements have been excluded. To dissipate such confusion and to enable
identification of what has been registered/certified, the scope of registration/certification
should clearly define:

1. the scope of the QMS (including details of the product lines and related sites,
departments, divisions etc. that are covered by it).
2. the organization’s main processes for its product realization or service delivery activities
(such as design, manufacture and delivery), for the product lines that are covered,
3. any ISO 9001 requirement that has been excluded
(It should be noted that the scope of registration/certification is not the same as the
certificate that is awarded to the organization after successful demonstration of
conformity to ISO 9001. The certificate will usually include a synthesized description of
the scope of registration/certification, but not the details of the ISO 9001 requirements
that have been excluded; however, it may include a note to refer to the fact that the
exclusions are detailed in the organization’s Quality Manual.)

It is essential that a scope of registration/certification be drafted by the organization prior to

applying for registration/certification. This should then be analyzed by the CRB during the Stage
1 audit, for appropriate planning of the Stage 2 audit. It is the responsibility of the auditor:
 1. to ensure that the final statement of the scope of registration/certification is not
misleading;
2. to verify that this scope only refers to the processes, products, sites, departments, or
divisions etc. of the organization that were assessed during the registration/ certification
audit; and
3. to verify that this scope defines any excluded requirements from ISO 9001, and that
justification for such exclusions is provided and is reasonable.

As an additional measure to combat potential confusion among customers and end users, the
scope of registration/certification should be clearly defined in the organization’s Quality
Manual and any publicly available documents (this includes, for example, promotional and
marketing material). However, promotional statements should never be included in the scope
of registration/ certification itself.

An example of how a scope could be derived

Organization’s purpose and strategic direction

Purpose:

“As one of India’s leading Data Communications manufacturers, installers and on-site managed
service providers of fiber optic cabling (for Information Technology connectivity): as well as
installer and on-site managed service provider of copper cabling and IT cabinets; our reason
for ‘being’ is a combination of our vision, mission, and values. “

What is our vision?

“To become the most trusted manufacturer, installer and service provider of fiber
optic/copper cabling (IT cabling) and IT cabinets within India and Europe. “

What is our mission?

“To expand our operations by Consistently meeting customers’ expectations, and our legal
requirements, which includes the enhancement of customer satisfaction through the effective
application of our processes for continual improvement.“

What are our values?

“Sustainable business practices including: corporate social responsibility (social, economic and
environmental), responsible governance, and equal opportunity are all expected values
within our organization. These are re—enforced through sustainable ethics and workforce
integrity throughout all business operations. Co-operation and collaboration are expected
norms within the organization’s management, with recognition provided for all through
regular appraisals. We encourage and embrace any values which enforce the behaviors that
employees cherish. “

Strategic Direction:

“To open two new offices in India, and one new office in Germany, and Spain this year.
To implement and gain accredited certification to ISO 9001 and ISO 14001 in these new
offices, within a year of the offices opening. To employ a motivated workforce that will
embrace the organization’s values, and complement the co-operation and collaboration
needed to achieve the effective application of our processes for continual improvement. “

2. Organization’s intended result(s) of its QMS

 From the Scope of the Standard:

 To demonstrate its ability to consistently provide products and services that
meet customer and applicable regulatory requirements
 To enhance customer satisfaction through the:
 Effective application of the QMS
 Processes for continual improvement of the QMS
 Assurance of conformity to customer and applicable statutory and
regulatory requirements
 Specific to our organization:
 Reduction in waste, during manufacturing, through reduced rejects,
effective corrective action and improvements in process understanding and
compliance
 To assist in the creation of an effective knowledge database for the
consistent provision of product and service, and for business continuity purposes

External issues

 Contractual arrangements – generally within the sector

 Competitive environment – overall low cost of entry into the market
 Legislation, e.g. employment of non-nationals
 Regulation within the industry generally
  Overall competition within the recruitment sector
 Overall economic climate in the country
 Countries environmental requirements affecting products and service
 Technology advances
 Standardization and certification within the industry
 Client consideration of bringing expertise in-house
 Client working environment other trades working alongside us,
 Client configuration changes during installation
 Relationships with external interested parties
 Perceptions/values of external interested parties
 Key drivers and trends
 Workforce culture within the sector and country
 Construction delays
 External inspections/audits
 Competitors cease trading
 Availability of raw materials
 Power cuts in countries
 Availability of external providers – machinery maintenance etc.

Internal issues

 Structure of the organization

 Roles within the organization
 Availability of reliable, qualified and competent workforce
 Stability of workforce
 Staff retention
 Staff training levels
 External providers competence and availability
 Availability and quality of candidates to fulfil our vacancies
 The culture within the organization
 Working hours
 Staff morale
 Internal politics
 Governance, Policies, objectives
 Strategies
 Capabilities
  Resources
 Knowledge
 General competence
 Technologies
 Information systems
 Decision-making processes
 Relationships with interested parties
 Perceptions/values of interested parties
 Standards, guidelines and models adopted
 Contractual relationships
 Potential conflicts
 Processes for resolving conflicts
 Social customs
 Management’s abilities
 Priorities
 Database skills
 Root cause analysis abilities
 Improvement tools and abilities to apply
 Ability to motivate the workforce
 Project management expertise – new offices
 Understanding and experience in implementing ISO 9001
 Co-operation of workforce

Interested parties and relevant requirements

INTERESTED PARTIES REQUIREMENTS

Good financial performance, legal
compliance/avoidance of
Executive Board fines, sustainable, corporate and social
responsibility with a suitable governance
framework
Local residents Local employment, good reputable employer
Identification of applicable statutory and
regulatory requirements for the products and
Law enforcers/ Regulators services provided, understanding of the
requirements, the application within the QMS,
and update/ maintenance of them, Legal
 INTERESTED PARTIES REQUIREMENTS
compliance, prompt responses to
investigations and enquiries
Value for money, high quality, expectations for
design innovation, on time, low-cost, quick
Customers
response, installation expertise, legal
compliance
Bank/Finance Good financial performance and cash flow
Professional development, employment
Employees security and good employee
working relationships
Insurers No claims/prompt payment/risk management
Clear, unambiguous contracts and scope
External providers
of works, good working relationship
Compliance (applicable laws) and good working
Trade Unions
relationships with management

Products and services of the organization

 Fiber optic cable manufacture – multimode

 Configuring /layout/plans of cable routes within a client building
 Installation of IT cabling on client site (fiber optic and copper cabling)
 Installation of IT cabinets and connect cabling to active IT equipment
 Test connectivity and data performance
 On-site configuration management – moves and changes
 On-site network incident management
 Provision/management of on-site IT human resource
 IT client disaster recovery service and help desk

Determined scope

The production, installation and on-site managed service of fiber optic cabling (for Information
Technology connectivity), and the installation and on-site managed service of copper cabling
and IT cabinets, at client sites in India, Germany and Spain.

Manufacturing sites/Offices:

 India (Manufacturing)
 Germany (Office)
  Spain (Office)

Applicability:

All clause requirements are applicable to the above scope, except 8.3 (Design and development
of products and services). This is because the organization does not design its products and
services, but produces fiber cable (and installs IT cabinets, and cabling along routes) according
to established/defined standards and industry guidance. Clause 8.3 is therefore not applicable
to our Quality Management System.
Clause 4.4 Quality management system and its processes

Clause 4.4.1

The organization must establish, implement, maintain and continually improve its quality
management system as per the requirement of this standards by determining the process
needed and its application throughout the organization. While determining the processes,
the organization must determine the inputs required and the outputs expected from these
processes, the sequence and interaction of these processes, The organization must control
these processes to ensure its effective operation. The organization must establish the
criteria and methods which include monitoring, measurements and other related
performance indicators to ensure the effective operation and control of these processes.
The organization must determine and ensure the availability of the resources needed for
effective operation of these processes. The personnel having authorities and
responsibilities for these processes must be identified. As per clause 6.1, the organization
must determine risk and opportunities, analysis them and must take appropriate action
to address them. There must be methods for monitoring, measuring, as appropriate, and
evaluation of these processes. The organization must make changes in its process if it
fails to achieve the intended result. The organization must look opportunities for
improvement for these processes and for Quality management system as a whole.

Clause 4.4.2

The organization shall maintain documented information to the extent necessary to

support the operation of processes and retain documented information to the extent
necessary to have confidence that the processes are being carried out as planned.

The primary focus of clause 4.4.1 requirements is to manage and control all your QMS processes
including processes for operations. QMS includes processes for management(leadership)
activities, planning which includes risk assessment, support processes (such provision of
resources, communication etc), Operation, performance evaluation and Improvement as part
of QMS. Clause 4.4.1 requires the ‘Process Approach’ to be used in defining your QMS.
Documentation of QMS processes and the need for and detail of specific process documentation
is determined by ISO 9001, customer, regulatory and your own organizational requirements,
the complexity of products and processes, effect on quality, the risk of customer
dissatisfaction, economic risk, effectiveness and efficiency, the competence of personnel.
Clause 4.4.2 requires you to have documents needed to ensure the effective planning, operation
and control for QMS processes. Based on these factors, you must determine what processes
need to be documented and how you will document it. Not all processes need to be
documented; your documents must also include a description of the interaction between your
QMS processes. Several different methods can be used to document processes, such as graphical
representations, written instructions, checklists, flow charts, visual media, or electronic
methods, etc. Process flowcharts or block diagrams can show how policies, objectives,
influential factors, job functions, activities, material, equipment, resources, information,
people and decision making interact and/or interrelate in a logical order. Procedures may be
an acceptable way to document processes provided they describe inputs and outputs,
appropriate responsibilities, controls and resources needed to satisfy customer
requirements. Regardless of whether you document all of your processes, you must provide
evidence of effective implementation of all your QMS processes. Such evidence does not
necessarily need to be documented.

Clause 4.4 c requires you to determine criteria for effective process operation and control. You
could determine criteria to control inputs, outputs and resources used. For example

a.
 Raw materials as an input to production would have acceptance criteria that it must
meet before it can be used.
 Finished product as an output of the production process must meet acceptance
criteria before it can be shipped to the customer;
 The equipment used to transform raw materials into the finished product may have
set-up and capability criteria or parameters that it must meet in order to produce
conforming product.

These criteria (controls) must be established for each QMS process. Note that such controls may
also come from the customer, regulatory or industry bodies. Equally important are the specific
methods required for effective operation and control of each process. These may include job
travelers; work instructions; in process inspection sheet; specifications and drawings; SPC
charts; set up checklist; machine manuals; etc. Note these control methods may apply to any
or all of inputs, outputs or conversion activities.

This clause also requires you to monitor and measure your QMS processes. Clause 9.1 provides
requirements to plan and implement these controls for monitoring and measuring conformity
to process performance criteria determined above. Ways to monitor and measure QMS processes
may include – tracking against process parameters, goals and objectives, using tools and records
such as process check-sheets; product acceptance criteria; SPC records; production records;
maintenance records; labor records, etc. More details on monitoring and measuring controls
are covered in clause 9.1.
Under 4.4.1d, resources for QMS processes may include facility, material, equipment, labor,
supplies, utilities etc. Every QMS process will require a different combination of resources.
Resource details may be identified in specifications, production schedules, bill of materials,
production travelers or routers, work instructions, etc. Information for QMS processes will vary
from process to process and may include -production schedules, bill of materials, product
acceptance and process performance criteria, production traveler or router, work instructions
etc. Use clause 7.5 and other relevant clauses to control process information.

Under 4.4.1 e the organization shall has to ensure that adequate responsibilities and authorities
are assigned as per as the requirements given in the clause 5.3.

This promotes the use of risk-based thinking. Risk is defined as the “effect of uncertainty.”
Notes in the definition further describe risk as a “deviation from the expected,” either positive
or negative. The term “uncertainty” is defined as a lack of information or knowledge about a
potential event that can be expressed because of the likelihood and consequence of such an
event. A positive deviation arising from a risk can provide an opportunity, but not all positive
effects of risk result in opportunities. Actions to address opportunities can also include
consideration of associated risks. Clause 4.4.1 f requires that when planning its QMS, the top
management must implement and promote a culture of risk-based thinking throughout the
organization to determine and address the risks and opportunities associated with providing
assurance that the QMS can achieve its intended result(s); provide conforming products and
services, enhance customer satisfaction; promote desirable effects and improvement; and
prevent, or mitigate, undesired effects.

Clause 4.4.1 g requires to evaluate of QMS processes as per the requirement given in clause
9.1.3 and evaluation may be done through a review of measurement and monitoring records
and performance indicators for each process. These reviews must identify opportunities to
improve QMS processes, use of resources and product quality. Clause 4.4.1 h calls for
improvement in the process as per as the requirement given in clause 10. When process
nonconformities occur, then corrective action is required to bring the QMS process under
control. Remember, the corrective action process is not just for product related
nonconformities. Processes must be continually improved through the setting of incrementally
realistic, measurable objectives. Planning for continual improvement requires a review of
process data, resources and controls to bring about the desired change.
Clause 4.4.1a – 4.4.1h must be applied to all QMS processes. Note also that many ISO 9001
clauses (e.g. clause 8.2; 8.4; 8.6; etc.), require specific processes to be established within your
QMS, these processes must also be identified and controlled in your QMS.