Continuing from last month, although not specifically required, objective evidence could be a list or matrix of the interested parties, their corresponding needs and expectations, and indication of which of these have been accepted as compliance obligations. Compliance obligations might include:
Communicating with stakeholders, particularly in relation to compliance obligations or legal requirements, is vital. Communication with stakeholders should be based on performance data generated by your organisation’s management system, which will require robust monitoring and measurement to ensure that the data is reliable. You should ensure that the monitoring and measurement processes are included in the internal audit programme so your organisation can assure itself that checking processes are validated and that the data it is communicating is accurate. Internal stakeholders could include: External stakeholders could include: The relevant requirements of interested parties should be available as inputs into the management system planning process, as potential risks and opportunities, and the following types of documentation would be helpful with this:
Look for evidence that your organisation has undergone a process to initially identify these groups, and then to identify any of their requirements that are relevant to your organisation’s management system. You should also determine whether these groups’ requirements are reviewed and updated as changes in their requirements occur, or when changes to your organisation’s management system are planned. If you would like to look at how to implement an ISO 9001 quality management system, then simply contact us. Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).
0 Comments
Last month we looked at using a PESTEL analysis to help you do the 'Context Analysis' requirement of the most popular ISO standards. This month we carry on in this vein to give you other ways to properly consider your organisation's context. Reviewing your organisation’s context could include interviews with senior management, questionnaires, surveys and research. Cross-functional input is essential for the specific expertise required to identify the full breadth of issues, such as finance, training, human resources, commercial, engineering and design, etc. Not only will this ensure a broader appreciation of the context but also wider engagement, particularly with those functions not previously involved with the management system. It is helpful to retain the following types of documented information to keep referring back to in order to measure the continual improvement of your management system:
To assess whether your organisation has a high-level, conceptual understanding of its internal and external issues that affect it, either positively or negatively, and its ability to achieve the intended outcomes, you should describe the processes used by your organisation to identify internal and external issues and make reference to all objective evidence, including examples of these issues. Understanding the needs and expectations of interested parties You should allow time to develop an understanding of your business’ internal and external stakeholder interests that might impact upon your management system’s ability to deliver its intended results, or those that might influence your business’ strategic direction. This information should be gathered, reviewed and regularly monitored through formal channels, such as management review meetings. I suggest that you undertake analysis of interested parties to determine the relevant interested parties and their requirements that relate to your business activities, and those which impact the management system. In order to determine the relevance of an interested party or its requirements, your organisation needs to answer: ‘does this interested party, or their requirements, affect our organisation’s ability to achieve the intended outcomes of our management system?’ If the answer is ‘yes’, then the interested parties’ requirements should be captured and considered when planning your management system. There are many ways to capture this information, and your approach could include:
Try using brainstorming techniques to identify relevant external and internal interested parties, e.g. customers, partners, end users, external providers, owners, shareholders, employees, trade unions, government agencies, regulatory authorities, and your local community. Similar to the context review discussed previously, cross functional input is vital, as certain functions will identify with particular stakeholders, for example procurement with suppliers, and sales with customers. A workshop approach should be encouraged which can be undertaken independent of, or in conjunction with, the context review workshop. Once stakeholders and their requirements are identified, the next step is to consider which stakeholder requirements generate compliance obligations. Legal requirements should be identified before other requirements. This process of adopting requirements will allow you to focus and coordinate on what’s important. Make reference to all objective evidence, including examples of interested parties and any resulting compliance obligations. Look for evidence that your organisation has undergone a process to initially identify these groups, and then to identify any of their requirements that are relevant to your management system. You should also determine whether these groups’ requirements are reviewed and updated as changes in their requirements occur, or when changes to your organisation’s management system are planned. Ensure that your organisation has properly identified its interested parties, and subsequently determined if any of their needs and expectations need to be adopted as a compliance obligation. Ensure that this process is revisited periodically because the relevant requirements of relevant interested parties may change over time. If you would like to look at how to implement an ISO 9001 quality management system, then simply contact us. Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses). Last month we looked at the ISO clause relating to the context of your organisation - how your company must determine external and internal issues that are relevant to your purpose and strategic direction, and that affect your ability to achieve the intended result(s) of your Management System. Information can be obtained via interviews with relevant Top Management in relation to your organisation’s context and its strategic direction, the identified issues and conditions, and how these may affect the intended outcomes of your management system. Identifying external issues External issues might include political, financial or economic trends, customer demographics or emerging product developments. You should undertake a PESTLE analysis in order to establish a suitable understanding of these circumstances, and the market in which your business operates at the macro level. PESTLE analysis provides a framework for measuring market and growth potential according to external political, economic, social, technological, legal and environmental factors. External issues might typically be influenced by the following:
Sources of information relating to external issues might include:
A workshop approach often allows ideas to be shared and provides an effective and efficient way of achieving a valuable outcome. The workshop could simply be a discussion identifying the issues that can be mapped out using Political, Economic, Social, Technological, Legal and Environmental (PESTLE) analysis. This method helps to structure the conversation and will also help to achieve buy-in to what is often seen as a peripheral or niche area, and should be centred around the following: What is happening politically in the environment in which we operate?
What is happening with respect to ecological and environmental issues?
What is happening technology-wise which can impact what we do?
What is occurring socially and culturally in the markets in which we operate?
What is happening with changes to legislation?
What is happening within the economy?
Examples of external issues suitable for PESTLE Analysis include:
If you would like to look at how to implement an ISO management system, then simply contact us. Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses). "Context of the organisation" is a clause of the main ISO management systems (for example, ISO 9001, ISO 14001, etc) and this requires organisations to consider both the internal and external issues that can impact on their strategic objectives and how they plan their management system. This means you will need to determine and understand the various quality, safety and environmental conditions that could become inputs to internal and external issues, which are typically experienced in your type of organisation that can have positive or negative impacts. There should be no need to have separate a contextual description for each environmental, health and safety or quality management system. A single, integrated, contextual statement that suits the requirements of each management system will suffice since there will be a degree of overlap between the context of an OHSMS, a QMS, an EMS or an ISMS. In practice however, the needs and expectations and the types of interested party will likely have some degree of overlap too, as well as subtle but important differences which would require clear definition. You should consider the focus of your QMS as being different to the focus of your EMS, IMS or your OHSMS management system - your organisational context must reflect that. Identifying internal issues To help understand your business’ internal issues, at the micro-level, you need to understand its strengths and weaknesses and be able to identify relevant opportunities and threats. Undertake a SWOT analysis to review and evaluate current business strategies, the position and direction of your organisation, business propositions and other commercial leads. The SWOT analysis should be developed in such a way that the weaknesses and threats become inputs to determining risk and opportunity. Internal issues might typically be influenced by the following:
Sources of information relating to internal issues might include:
Below are typical examples, however each issue will be focused on the individual organisation: Strengths are characteristics of our organisation that allow operation more efficiently and effectively than competitors. Consider:
Weaknesses are areas that are recognised as needing improvement. Consider:
Opportunities are trends, circumstances or business opportunities that may be taken advantage of. Consider:
Threats can be external or internal and are anything that can adversely affect business or operations. External threats could be economic, new legislation or even a new competitor in the market. Internal threats could be a skill or staff shortage within your organisation. Consider:
Examples of internal issues suitable for SWOT Analysis include:
If you would like to look at how to implement an ISO management system, then simply contact us. Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses). Modern ISO Standards follow the Annex SL Structure (see the article last month), which ensures consistency across the Management System standards. The first real actionable clause of this structure - so no matter which standard you are looking - is number 4, 'Context of the Organization'. In essence, this states that an organisation must actively consider any internal and external concerns that might affect the Management System. But Context of the Organization is not always the most straightforward clause to understand, as it can be interpreted in many ways. Also, context can evolve as the organisation grows and internal and external factors change. Your company must determine external and internal issues that are relevant to your purpose and strategic direction, and that affect your ability to achieve the intended result(s) of your Management System. You will need to monitor and review the information about these external and internal issues. Determining the context of your organisation is a requirement of ISO 9001:2015, ISO 14001:2015, ISO 45001:2018 and ISO 27001:2013. Also known as contextual intelligence, this approach is not new to those familiar with business planning and strategic development. Your organisation is required to identify and assess all internal issues and external issues that could impact upon your management system’s ability to deliver its intended results. You will need to develop a methodology to understand the needs and expectations of all interested parties. Identify the stakeholders of your organisation’s management system and capture their relevant requirements that might influence the type and complexity of your management system. You need to determine internal issues relevant to your organisation’s purpose and strategic direction that may affect its ability to achieve the intended results of your management system. This information should be retained as a strategy or tactical planning document to underpin your organisation’s policies and to provide a road map to achieve future goals. You should allow time to develop an understanding of the key internal and external factors that influence your business, and to set up processes to capture, monitor and review these issues. The following types of documents and tools often help to provide a source of contextual information:
A review of organisational context could include interviews with senior management, questionnaires, surveys and research. Cross-functional input is essential for the specific expertise required to identify the full breadth of issues, such as finance, training, human resources, commercial, engineering and design, etc. Not only will this ensure a broader appreciation of organisational context but also wider engagement, particularly with those functions not previously involved with the management system. If you would like to look at how to implement an ISO 9001 quality management system, then simply contact us. Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses). |
WelcomeHere you'll find the latest blog articles on all things compliance, particularly focussed on quality, environment, health & safety and information security. Get a completely free, no obligation, totally tailored ISO Gap Analysis for your business...
Categories
All
Archives
October 2023
|