[fibosearch]
[fibosearch]

Deep Analysis of ISO 9001 Clause 4

Deep Analysis of ISO 9001 Clause 4- ISO 9001 Clause 4

ISO may seem like a complex solution, right? But it is in fact easier than many expect. In this blog, we will be talking about ISO 9001 Clause 4. However, if you are interested about other clauses within this standard I invite you to look at the other reading material or YouTube videos that go over the rest of the clauses.

Clause 4 of the ISO 9001 standard is a relatively new clause. In fact, it was introduced in 2015 and I think it was an excellent addition to this particular standard. The ISO 9001 Clause 4 talks about the context of the organization meaning that your organization doesn’t operate in a bubble.

ISO 9001 Clause 4.1

You don’t operate by yourself, you operate in a world, you operate in an industry, you operate in a market that is affected by internal and external issues. And effectively that is what ISO 9001 Clause 4 is all about. It tells us that the organization shall determine external and internal issues that are relevant to the purpose and its strategic direction and that affect its ability to achieve the intended results of its quality management system.

Let’s chunk this statement down into smaller elements. So first of all when talking about external and internal issues, the word issues doesn’t matter because these internal and external issues, these internal and external issues factors, can also be positive factors.

Therefore, here the standard is effectively asking us to consider negative or positive internal and external issues factors that could have an impact on our organization. The standard is telling us that the organization shall monitor and review information about these external and internal issues.

What this means is that effectively we need to do a SWOT analysis. We need to analyze the strengths, weaknesses, opportunities and threats relating to your organization. And how does a SWOT analysis help to meet the requirements of this particular clause? When doing a SWOT analysis, the strengths and weaknesses relate to the positive and negative factors that are internal to your organization. So strengths could relate to things that you do well within your organization.

For example, you have an experienced management team, you have a large portfolio of customers, products or suppliers, which is a strength within your organization. A weakness might be something negative that pertains to your specific industry, rather than pertaining to your specific organization.

And this might be for example, a large employee turnover, not having certain funds to make certain investments that are needed within your organization. Maybe you have the limited mindset of some people within management. So these are internal issues and in this case they are actually issues because they are problems or weaknesses within your organization.

Now when we are considering opportunities and threats, okay, these will be opportunities naturally will be positive external factors and threats will be negative external factors.

So examples of opportunities might be that there might be good funding opportunities from the government to implement certain management systems within your organization. Another opportunity might be that there is free information online, for example, this video on how you can implement ISO standards within your organization or other opportunities.

Weaknesses might be arising inflation, it might be rising interest rates, it might be not having enough people to effectively work within the industry that you are working within. So that would be labor shortage.

So these are things that are negative and that can affect your organization but that you don’t have direct control over. Naturally, the idea between going into this detail of doing the SWOT analysis to consider the internal and external positive and negative factors that could have an impact on your organization would be that we take some type of action relating to these elements.

However, you don’t need to do anything about these elements just yet in clause 4 .1 because these will be discussed later in clause 6 within the standard when we are talking about the risks and opportunities relating to your organization.

ISO 9001 Clause 4.2

Moving on to ISO 9001 Clause 4.2 within the ISO 9001 standard, the standard tells us that our aim must be understanding the needs and expectations of different parties. Once again a fantastic addition to the ISO 9001 standard whereby if as an organization, we only focus on the needs of our clients (given that this is a quality management system), then, the business is bound to fail because if, for example, we are not considering the needs of the shareholders, the needs of the employees, the needs of our suppliers, then that is not a sustainable business.

So what the standard is asking us to do over here is that due to their effect or potential effect on the organization’s ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, the organization shall determine interested parties that are relevant to the quality management system and the requirements of these interested parties that are relevant to the management system.

So here, the standard is very clear on what we need to do. We need to make a list of all the interested parties that are relevant to your organization. In management school, you might call these stakeholders.

Looking Out for the Needs of Stakeholders

So all types of stakeholders, which might be employees, it might be the government, suppliers, clients of clients, it might be neighbours to your organization, or anyone who might have some type of impact on your quality management system. Then, for each one of these stakeholders or interested parties, we need to identify the needs and expectations for these types of stakeholders from our management system. The standard goes on to say that the organization shall monitor and review information about these interested parties and their relevant requirements.

What this means is that just like all other elements within this quality management system, we have to make sure that we are continuously updating and reviewing the needs and expectations of these different interested parties. After implementing the management system, we shouldn’t just let the requirements of clause 4 .2 slip by and say that they are met. We have to continually review and update. these, the needs and expectations of the interested parties relating to your organization.

ISO 9001 Clause 4.3

ISO 9001 Clause 4.3 talks about the scope of the quality management system and before delving deeper, I wanted to explain what we are referring to over here. So the scope of the management system relates to what will be actually written on your ISO 9001 certification. Here we are looking for a few words that will summarize what you do as an organization. For example, provision of accountants and services or plastic injection moulding for the automotive industry or it might be supply and delivery of medical devices.

So as you can see it will be a few words that encapsulate everything that you do as an organization. The standard, when it comes to ISO 9001 Clause 4.3, states that the organization shall determine the boundaries and applicability of the quality management system to establish its scope.

What this means is that if your organization, let’s say that your organization imports medical devices and computer equipment, you might want to say that your scope of certification is supply and delivery of medical devices, it might be supply and delivery of computer equipment, or it might be supply and delivery of medical devices and computer equipment.

As you can see, from these three different scopes, we are depicting a completely different type of organization from one another. One focuses on selling medical devices, the other focuses on selling electronic products, and the other says both medical devices and computer products.

This can be done when implementing a management system within your organization, where if you see that you need to implement the management system on one aspect of your organization, that can be done as is explained over here. When determining the scope, the organization shall consider the external and internal issues that have been mentioned in ISO 9001 Clause 4.1, the requirements of relevant interested parties referred to in clause 4 .2, and the products and services of the organization.

So naturally, as a company, you will, for example, get ISO certified because one of your clients is asking you to get certified. If one of your clients is asking you to get certified, then you will definitely include the selling of those specific products within the scope of certification.

However, if there are other elements within your organization that you would not want to consider, you can freely do that. And the organization shall apply all the requirements of this international standard if they are applicable within the requirement scope of the quality management system.

START YOUR JOURNEY TODAY

Whether you’re after ISO Certification, internal audits, or results-oriented consultancy, Luke has the plan for you. Reach out to him and start your journey today.
ISO Consultant in Malta

SEE HOW LUKE CAN HELP YOU START YOUR JOURNEY TODAY

Luke has a plan for you whether you want ISO certification, internal audits, or results-oriented consulting. Contact him immediately to begin your adventure.

What this means is that if, for example, we are considering supply and distribution of medical devices, then for the activities of medical devices for your organization, we have to consider all of the requirements that are mentioned within this particular standard.

And the standard says that the scope of this organization’s quality management system shall be available and maintained as documented information. Here I wanted to take a side note. and explain that when the standard says that some information, for example, the scope of the quality management system in this case, has to be kept available as documented information, this means that we have to have it written somewhere on some type of paper or controlled document – that is the scope of certification.

So whenever we are seeing that it has to be available as documented information, then the auditor has the right to ask you to see written down whatever is being referred to in that particular clause for documented information.

And the scope shall state the types of products and services offered and provide justification for any requirement of this international standard that the organization determines is not applicable to the scope of its quality management system. As I explained earlier, if you are selling medical devices and computer equipment, you don’t need to justify why you are not including computer equipment. You can just say that you do medical devices.

But if you are not going to meet one of the requirements, so if you chose a scope of your certification, the selling of medical devices, for example, you cannot just say that we’re not going to consider the sales process for medical devices. hat would be rather absurd That cannot be just done unless there is a specific justification of why that should be done. And in my experience, I have worked with over 125 companies over the past decade to implement ISO standards within their organization and I’ve never seen a company that could get away or benefit by not implementing in a way each of the requirements of the standard.

What I mean by this is that a risk assessment way is that for example when it comes to traceability there are certain organizations for example those organizations who sell medical devices or food-related products who have to go into a lot of detail when it comes to traceability but then there are other organizations who need to focus much less on traceability.

Therefore for any organization for example in this case of traceability, I wouldn’t suggest that you completely eliminate it but you need the requirement in a way that meets the needs of your organization.

If you need to go in a lot of detail then you should go in a lot of detail but if you don’t need to then please don’t go in a lot of detail because it’s very easy to over complicate your management system and invariably that will result that then you will have a bureaucratic system that you will have to maintain throughout the years where you maintain your ISO certification.

And I’ve had clients who are certified for ISO 9001, for example, after having implemented their management system with other consultants in Malta, a small company, for example, helping this particular client to implement this standard.

And given that their consultants did not have enough experience, or they like to over complicate things, they have created an overly bureaucratic management system that is very hard to maintain. I’ve also had a client, for example, from California, the US, whereby they had over complicated once again their management system and just their management review used to take two days, so two sessions of eight hours each of six people to be able to do the management review for a company employing 50 people.

So that is definitely not written anywhere in this standard. And this was a practice that was implemented or inserted within the organization by the consultant that was working with this client before me.

So it’s important that we keep our management system realistic to the needs of our organization. And the scope shall state the types of products and services offered and provide justification for any requirement of this international standard like I have just explained.

Conformity to this international standard may only be claimed if the requirements determined as not being applicable do not affect the organization’s ability or responsibility to ensure the conformity of its product and services and the enhancement of customer satisfaction.

So as I have mentioned earlier, if, for example, you’re choosing the scope of certification to be supply and distribution of medical devices, then you have to consider all the requirements of ISO 9001 particular section within your organization.

ISO 9001 Clause 4.4

And the last section when it comes to ISO 9001 is clause 4 .4, which talks about the quality management system and its processes. Unfortunately, this sub-clause is a bit repetitive. In fact, the standard likes to repeat itself every now and then. And what I can just tell you over here is that when implementing ISO 9001 Clause 4.4 with any of my clients, I only use this clause to list down the processes that are relevant for my client.

In another blog/video, we’re going to talk about the sales process, the purchasing process, operational processes and design and development. The determination, sequence and interaction of these processes, will be discussed in clause 8 together with the determination and application of the criteria and methods including the monitoring measurements and related performance indicators needed to ensure the effective operation and control of these processes.

Apart from being discussed in clause 8 there is an actual section within the standard which is performance evaluation. Okay, so once again, this is being mentioned another time.

Ultimately once we implement these processes, the main aim of this quality management system is to achieve continual improvement and clause 10 is actually dedicated on continual improvement. Improved processes and the quality management system is once again a reference to clause 10.

And in ISO 9001 Clause 4 .4 .2 the standard says that to the extent necessary, the organization shall maintain documented information to support the operation of its processes, retain documented information to have confidence that the processes are being carried out as planned.

What this information in clause 4 .4 .2 is telling us is that first of all we have to map out our processes, we have to either create flowcharts, create procedures, create some type of way so that we are able to have a clear representation of the step -by -step process relating to our organization so that we can support the operation of its processes and to have confidence that the process are being carried out as planned. We will need to see evidence and when doing an internal audit or external audit, we don’t see the actual process itself. However, we see how that process plays out in real life.

So just to give you an example, if we are talking about the sales process of issuing a quote, when doing an audit, we will want to see how the request came in, how you got the information and how the quote was created as well as the manner in which the quote was sent to the customer.

So what the standard is telling us here is that we have to retain documented information to have confidence that the processes are being carried out as planned. If we cannot find information for how the request came in or how the quote was created or how the quote was sent to the customer, then we cannot have that assurance that we need to make sure that it was actually sent and that the right information was sent in the quote.

So that is why when doing an audit we are looking for evidence. Having said that, to meet the requirements of ISO 9001 Clause 4, we don’t really need to do anything in particular, but rather we need to make sure that we have mapped out our processes as will be explained in clause 8. What we need to do in clause 4.4 is to list down the key processes relating to sales purchasing operations and design and development for your organization.

If you have any questions, please feel free to get in touch because I would love to help you succeed.

WANT  TO LEARN MORE ABOUT ISO 9001 Clause 4?

As an ISO management system consultant Luke Desira will make it his personal mission to put your company in a class above all others! Read more about how to get ISO certified with Luke Desira here. Otherwise, you can also read about the difference between implementing ISO in a large company versus implementing ISO in a small firm.

If you are searching for information on different types of ISO certification, read more here, and find out about the 10 pitfalls that you may encounter during the implementation process of different types of ISO certification.

Don’t forget to follow us on our Facebook and LinkedIn profiles, and subscribe to our Youtube Channel for more great content.

That is it from my end, let’s keep building processes and uncover the definition of ISO through optimised systems!

Book a Free 15 minute discovery call

Select a date and time to schedule a free 15 minute discovery call with Luke Desira.

Message Luke through an email

hello@lukedesira.com

Give Luke a call

+356 7920 6686

Related Articles

ISO 9001 Clause 8
ISO 9001

ISO 9001 Clause 8 Shining a Light on Key Processes

The scope of this blog is to go into great detail about ISO 9001 clause 8. Now given that ISO 9001 clause 8 talks about the key processes of your organization, this blog will cover the sales, purchasing, operations and design processes of your organization. In this blog, an overview will be given about each

Read More »
ISO 9001 Clause 6.
ISO 9001

Taking a Closer Look at ISO 9001 Clause 6

By now, you may have realised that ISO is a business management process that is not so complex, right? If tackled well, It is easier than many expect. In this blog, we will be talking about ISO 9001 Clause 6. However, if you are interested in other clauses within this standard I invite you to

Read More »
ISO 9001 clause 5
ISO 9001

In-Depth Analysis of ISO 9001 Clause 5

This blog will cover ISO 9001 clause 5. This comes as part of the mini-series where the ISO 9001 standard is closely examined, and I want to give more information about the actual text that is available in the standard of ISO 9001:2015 version relating to clause 5. This mini-series can be followed either through

Read More »
Scroll to Top