In this short video, we're going to run through clause 4 of the ISO Standards, Context of the Organisation.
What I generally say to people is think of Context of the Organisation as
· who we are,
· what we're about,
· and what influencing factors we need to understand within our business
These can be things internal to our business that can have a significant impact, internal issues, but it can also be external issues that we are aware of, i.e. supply chain concerns or issues associated wider in the industry.
Also, it can be associated to what’s classed as interested parties. The standard refers to something called interested parties, really what it’s meaning there is, if something goes wrong within your organisation who outside of your business would be interested in knowing about that.
From a health and safety point of view, that could be
· local authority,
· police,
· Health and Safety Executive.
Think about the environment,
· that could be SEPA,
· it may also be a local authority,
And if we think in terms of quality,
· it could be things have gone wrong,
you need to make sure your customers aware.
you need to make sure that if there are external certifiers or standard assessors or anything like that, they need to be aware.
No businesses are exactly the same, but there are a number of common themes within them, but that are other areas that you know specifically to each individual organisation.
One of the key things that a business will be asked to do is look at the context of the organisation identify external or internal issues. If an organisation really buys into the system and works with a system, then you should be looking at this on a regular basis.
Identifying the needs of your workforce and interested parties and what those needs are, what do they expect from you? What do they expect to see? And if those things change, which may be driven by errors that have occurred previously, then you have to be able to demonstrate that you bring that back in.
The context of the organisation, often is an area that is documented in a manual or process or procedure, and then forgotten about. But all companies change a little bit, and as they change, likewise where they work, the industry, the local authority they work in, the government requirements where they work, can change as well.
It's important to recognize when change happens that you go back and just check that the context is fit for purpose.
One way of doing that is auditing against - What has been documented versus what you've seen part of going past?
Things that might be relevant to your business could be
· changes in supply chain,
· changes in political landscape,
· loss of key personnel,
· changes in leadership,
· legal changes,
· changes in environmental economics, so on.
Where these things happen, if these changes have a significant potential impact, then they have to be considered again for what needs to be changed within the system.
Also, when we think about the needs and expectations of interested parties, we have to understand what information they would expect to receive, what would we expect to present to them if something changes?
· Could it be specification requirements?
· Could it be performance information?
· Could it be issues associated to delivery of a project, of a project,
· If there are changes in terms of workforce.
If you're working with a customer and a large project, and there's key individuals named within that project documentation and project team, and those change
Is a part of your contract that you have to document and inform interested parties about that change?
· What about in terms of environmental requirements?
· Could it be that you're changing the way you operate the way your waste is captured?
· Do you need to be able to run out past SIPA to check that it's acceptable?
You may have a certificate permit from SIPA that allows you to operate a certain way.
But if the way you operate changes, what do you need to do to go back and ensure that permits still fit for purposes?
These are a couple of examples of internal and external issues and interested parties and why you need to ensure that you keep on top of that.
The scope I’m not going to go into too much detail, effectively the scope is; - what you do.
The only thing I would say about the scope, is that if you're a large organisation with a Group Level Certification or a Group Level Management system, it is possible that certain areas within that group may be operating out of scope for certain products or services.
That is quite a common approach in larger organisations, if you take for example, an oil and gas operator: -
I assessed an Oil and Gas operator back in 2012 to achieve ISO 14,001. The scope of their management system was the management of oil and gas operations.
The scope was not oil and gas operations, effectively it was what they did in the office in terms of how they manage the operations from the office. The auditors didn't go offshore, or to any of the locations and assess the activities that were done at the operational level. The scope was purely around the management of the activity, and not the operational side of it.
That just gives you an idea of why this scope can be quite important in terms of what the system is there to try and achieve.
We'll speak about external internal issues.
· It could be changes that could have an impact on your objectives,
· different relationships you might have with other organisations and changes that might occur
· interested parties,
you have to think about what legal requirements there may be on your business and what changes, if they happen, would have to notify about
can also be contractual obligations and
other requirements specific to your business or the contracts that you have.
It’s just thinking about context, it's really, what we are, what we are about, the people we interact with in terms of how our business operates, and importantly, from a legal point of view and a contractual point of view, what information we say we must share and what we do share and how we share it.
Also, within Clause 4 is demonstration that our IMS has been implemented and is maintained, and really most of the other clauses are used to demonstrate that, it's just an upfront commitment really within Clause 4.
To me, there is no huge amount of area for internal audit in the context of the organisation unless it's a company who are fairly early in their maturity of having a management system in place.
If it was a fairly mature system the level of auditing in this area is quite minimal.
Couple of things
1. if you are involved in assisting a company or working with a company who are quite early in the process, it's just getting a greater understanding of how their IMS functions and
2. setting up to understand what the resources are that are required to have put the system in place and implement effectively, and that includes some of the responsibilities and authorities associated to it.
You may be interested in watching this next video, which talks about Clause 5 Leadership, please subscribe to our YouTube channel and LinkedIn