HOW TO CARRY OUT YOUR ISO CONTEXT ANALYSIS

Last month we looked at using a PESTEL analysis to help you do the 'Context Analysis' requirement of the most popular ISO standards. This month we carry on in this vein to give you other ways to properly consider your organisation's context.

Reviewing your organisation’s context could include interviews with senior management, questionnaires, surveys and research. Cross-functional input is essential for the specific expertise required to identify the full breadth of issues, such as finance, training, human resources, commercial, engineering and design, etc. Not only will this ensure a broader appreciation of the context but also wider engagement, particularly with those functions not previously involved with the management system.

It is helpful to retain the following types of documented information to keep referring back to in order to measure the continual improvement of your management system:

• Business plans and strategy reviews;
• Management system manual;
• Competitor analysis;
• Economic reports from business sectors or consultant’s reports;
• SWOT analysis output;
• PESTLE analysis output;
• Risk and opportunity assessments;
• Statement contained within a Management System Manual;
• Minutes of management review meetings (that show decisions and actions relating organisational context);
• Process maps, tables, spreadsheets, mind mapping diagrams, etc.

To assess whether your organisation has a high-level, conceptual understanding of its internal and external issues that affect it, either positively or negatively, and its ability to achieve the intended outcomes, you should describe the processes used by your organisation to identify internal and external issues and make reference to all objective evidence, including examples of these issues.

Understanding the needs and expectations of interested parties

You should allow time to develop an understanding of your business’ internal and external stakeholder interests that might impact upon your management system’s ability to deliver its intended results, or those that might influence your business’ strategic direction.

This information should be gathered, reviewed and regularly monitored through formal channels, such as management review meetings. I suggest that you undertake analysis of interested parties to determine the relevant interested parties and their requirements that relate to your business activities, and those which impact the management system.

In order to determine the relevance of an interested party or its requirements, your organisation needs to answer: ‘does this interested party, or their requirements, affect our organisation’s ability to achieve the intended outcomes of our management system?’

If the answer is ‘yes’, then the interested parties’ requirements should be captured and considered when planning your management system. There are many ways to capture this information, and your approach could include:

• Information summarised as an input to the quality risk and opportunity registers;
• Information summarised as an input to the identification of environmental aspect and impact registers;
• Information summarised as an input to the identification of health & safety hazard and risk registers;
• Recorded in a simple spreadsheets with version control;
• Logged and maintained in a database to allow tracking and reporting;
• Captured, recorded, and disseminated through key meetings.

Try using brainstorming techniques to identify relevant external and internal interested parties, e.g. customers, partners, end users, external providers, owners, shareholders, employees, trade unions, government agencies, regulatory authorities, and your local community.

Similar to the context review discussed previously, cross functional input is vital, as certain functions will identify with particular stakeholders, for example procurement with suppliers, and sales with customers. A workshop approach should be encouraged which can be undertaken independent of, or in conjunction with, the context review workshop.

Once stakeholders and their requirements are identified, the next step is to consider which stakeholder requirements generate compliance obligations. Legal requirements should be identified before other requirements. This process of adopting requirements will allow you to focus and coordinate on what’s important.

Make reference to all objective evidence, including examples of interested parties and any resulting compliance obligations. Look for evidence that your organisation has undergone a process to initially identify these groups, and then to identify any of their requirements that are relevant to your management system.

You should also determine whether these groups’ requirements are reviewed and updated as changes in their requirements occur, or when changes to your organisation’s management system are planned. Ensure that your organisation has properly identified its interested parties, and subsequently determined if any of their needs and expectations need to be adopted as a compliance obligation. Ensure that this process is revisited periodically because the relevant requirements of relevant interested parties may change over time.

If you would like to look at how to implement an ISO 9001 quality management system, then simply contact us.
​
Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).

---