Context of the Organization

Context of the Organization 1

4.1 Understanding the organization and its context

The organization shall determine external and internal

issues that are relevant to its purpose and its strategic
direction and that affect its ability to achieve the
intended result(s) of its QMS.

The organization shall monitor and review information

about these external and internal issues.

Context of the Organization 2

Requirements here is to;

— Understanding the organization, and

— Understanding its context (business environment)

Context of the Organization 3

Understanding the
Organization

Context of the Organization 4

What is an organization?

person or group of people that has its own functions with

responsibilities, authorities and relationships to achieve its

objectives.

Context of the Organization 5

Understanding the organization

— Mission (organization’s purpose for existing as expressed

by top management)

— Vision (aspiration of what an organization would like to

become as expressed by top management)

— Strategy (plan to achieve a long-term or overall objective)

Context of the Organization 6

Understanding the organization

— Policy (intentions and direction of an organization as

formally expressed by its top management)

— Objective (result to be achieved)

— Core values, culture, beliefs, guiding principles

Context of the Organization 7

Understanding its Context

Context of the Organization 8

context of the organization

combination of internal and external issues that can

have an effect on an organization’s approach to developing

and achieving its objectives.

“context” here refers to;

— business environment
— organizational environment
— ecosystem of an organization

Context of the Organization 9

Issues
Issues are important topics for the organization, problems
for debate and discussion, or changing circumstances
that affect the organization’s ability to achieve the
intended outcomes it sets for its QMS.

Issues can include;

— positive and negative factors or conditions for consideration (Ref: NOTE 1)

Context of the Organization 10

external context

external environment in which the organization seeks to

achieve its objectives

Ref: NOTE 2

External context includes; cultural, social, political, legal, regulatory, financial,

technological, economic, natural and competitive environment, whether

international, national, regional or local (PESTLE)

Context of the Organization 11

internal context

internal environment in which the organization seeks to

achieve its objectives

Ref: NOTE 3
Understanding the internal context can be facilitated by considering issues related
to values, culture, knowledge and performance of the organization (capabilities &
constraints).

Context of the Organization 12

Context of the Organization 13
intended outcome

what an organization intends to achieve by implementing

its QMS.

minimal, core outcomes;

 ―consistent‖ products & services;

 ―enhancing‖ customer satisfaction;

 achieving results of QMS (objectives / KPI).

Context of the Organization 14

 Understanding the Organization & its context (4.1)
External Issues
Political, Economical, Social,
Technological, Legal & Environmental Determine
factors whether international, national, (on-going review & monitoring)
regional or local; (PESTLE)

Intended outcome of QMS

• consistent products & services
Issues / Factors / points for
• enhancement of customer
considerations
satisfaction
• results of QMS (objectives / KPI)

Internal Issues positive or negative, in line with;

values, culture, knowledge and — Purpose of the Organization’s existence
performance of the organization - (Mission)
capabilities and constraints — Aim / Goals of the Organization (Vision)
— Strategic direction

Context of the Organization 15

 Understanding the needs &
expectations of Interested Parties

Context of the Organization 16

interested party (preferred term)

stakeholder (admitted term)

person or organization that can affect, be affected by,
or perceive itself to be affected by a decision or activity

Eg.,
Customers, communities, suppliers, regulators, non‐governmental
organizations, investors and employees.

Note : to ―perceive itself to be affected‖ means the perception has been made
known to the organization.

Context of the Organization 17

4.2 Understanding the needs and expectations of
interested parties
Due to their effect or potential effect on the organization’s ability to
consistently provide products and services that meet customer
and applicable statutory and regulatory requirements, the
organization shall determine:
a) the interested parties that are relevant to QMS;
b) the requirements of these interested parties that are relevant
to QMS.
The organization shall monitor and review information about these
interested parties and their relevant requirements.
Context of the Organization 18
 Understanding the needs & expectations of interested parties (4.2)

Determine
(on-going review & monitoring)

that can affect, be affected by, or

perceive itself to be affected by

Statutory & Regulatory

requirements
relevant
External & Internal Issues
Interested Parties
(4.1)
(Stakeholders)

Risks & opportunities

relevant Requirements (6.1.1)
(needs & expectations)

Context of the Organization 19

Overview

— interested parties are also part of organization’s context

(internal or external) and should be considered when
reviewing its context.

— interested parties can change over time (as a result of

changes in external & internal issues) and can depend on
the sector or industry or the geographic location in which
organization operates, so are their needs & expectations.

Context of the Organization 20

Overview

— developing a relationship with interested parties enables

communication which can lead to potential for building
mutual understanding, trust and respect

Context of the Organization 21

 Understanding the needs & expectations of interested parties (4.2)

Relationship Examples of relevant interested parties Examples of relevant needs and expectations

Expect the organization to manage its risks and

By responsibility Investors
opportunities that can affect an investment

Non-governmental organizations Need the organization’s cooperation to achieve a

By influence
(NGOs) safer living place

Expect socially acceptable performance, honesty

By proximity Neighbours, the community
and integrity

By dependency Employees Expect to work in a safe and healthy environment

By representation Industry membership organization Need collaboration on OH & S issues

By authority Regulatory or statutory agencies Expect demonstration of legal compliance

Context of the Organization 22

Reviewing its Context

Context of the Organization 23

How to review its context?
—establish a process (practical approach, that adds value
to the organization and provides a high-level, not detailed
conceptual understanding of the important issues that can
affect, either positively or negatively, the way the
organization manages its QMS)

Context of the Organization 24

How to review its context?
—involving a cross-functional team (from different
functions)
—consideration of its authority & ability to control and
influence

Context of the Organization 25

The review can include the following key areas;

— identification of relevant external & internal issues, which relate

to the organization’s activities, products and services that can

impact the organization’s QMS performance.

— consideration of how these issues can affect the organization’s

purpose and ability to achieve the intended outcomes of its QMS.

Context of the Organization 26

To understand which issues are important, the
organization can consider those that;
— are key drivers and trends, affecting the objectives of the
organization;
— can present problems for the organization;
— can be leveraged for beneficial effect;
— offer competitive advantage, value for customers, or improvement
of the organization’s reputation and image.

Context of the Organization 27

Understanding of its context should result in knowledge
that can be used to assist the organization in;

— setting the scope (boundaries & applicability) of its QMS (4.3)

— determining strategic risks & opportunities @ organizational context

(6.1.1)

— developing Quality policy (5.2)

— establishing its Quality objectives (6.2)

Context of the Organization 28

Understanding of its context should result in knowledge
that can be used to assist the organization in;

— determining the effectiveness of its approach to fulfil its Statutory and

Regulatory requirements

— identification of opportunities to improve its QMS performance (10.1 &

10.3)

Context of the Organization 29

Determining the scope of its QMS

Context of the Organization 30

 Scope of QMS (4.3)
provide justification for non-
applicability, if any

Consider;
Determining the
a) External / Internal Issues (4.1)
QMS Scope (4.3)
b) Needs & Expectations of IPs (4.2)
(boundaries & applicability)
c) its products and services;

made available to
relevant
Documented
information
interested parties

Context of the Organization 31

Overview – Scope of QMS;

— specific to the organization

— intended to clarify the physical, functional and organizational

boundaries (it may include the entire organization or specific

operating units of one or more locations)

— understand the extent of control or influence that it can exert (authority

& ability) over activities, products and services

Context of the Organization 32

Overview – Scope of QMS;

— critical to the success of QMS and to organization’s credibility

and reputation (to ensure that the scope is not defined in a way

that excludes activities, products, services or facilities that have

or can have significant impact on delivery of its products & services or

in a way that evades its Legal obligations, or misleads interested

parties)

— factual and representative statement of the organization’s

operations, or business processes included within its boundaries

Context of the Organization 33

Overview – Scope of QMS;

— Scope should be reconsidered (when the organization changes its

sphere of control or influence, expands its operations, acquires / divests

business lines or property)

Context of the Organization 34

QMS & its Processes

Context of the Organization 35

 QMS & its processes (4.4)

Integrate / Embed

QMS Scope Management / Governing Processes

(boundaries &
applicability)
(4.3)

Supplier CORE CORE CORE Customer

Knowledge
gained from
4.1 & 4.2

Support / Enabling Processes

Context of the Organization 36

Process Approach (PDCA);

PDCA is an on-going, iterative process to enhance customer

satisfaction with a commitment to provide consistent products & services

and continual improvement of QMS.

Context of the Organization 37

Benefits - Integrating QMS into business processes;

— operate more effectively and efficiently, through sharing of processes

and resources

— deliver increased value by being more closely associated with those

processes that the organization depends upon to operate

Context of the Organization 38

Risk Management Framework

Context of the Organization 39

What is Risk?
The effect of uncertainty in achieving the objectives

Note: An effect is a deviation from the expected

Context of the Organization 40

Risk Management Framework @ Organizational Context

What matters?
Establish Organizational Context (External & Internal
Issues, needs & expectations of interested parties /
stakeholders)

What can go right / wrong?

Determine Risks and Opportunities

Context of the Organization 41

Risk Management Framework @ Organizational Context

What is the risk? So what?

Analyse & Evaluate Risk

What do we do now? Let’s do it!

Planning & Implementation of Actions (Risk Treatment /
Operational controls)

Is it working? Can we make it better?

Monitor, measure, analyse, evaluate
Review, update / revisit ---- Improvement initiatives

Context of the Organization 42

 Top-down approach
(Strategic Risk)

4.1 4.2

Change Management Risk @ Organization Context

(6.3) BUSINESS RISKS

Statutory &
Conformity of Customer
Regulatory
Products & Services Satisfaction
requirements

Bottom approach
(Operational / Process Risk)

Context of the Organization 43

 Actions to address risks and opportunities (6.1)
Consider;
— External / Internal Issues (4.1)
— Needs & Expectations of IPs (4.2)
— Change Management (6.3)
— Operational / Process Risk(s) RISK MANAGEMENT FRAMEWORK (ISO 31000:2018)

Determine the Risks (6.1.1)

Business Continuity?
(Organizational Context, i.e., Business Risks)
(ISO 22301:2012)

Assess the Risk

Verify the effectiveness of the
actions taken (9.1.1 / 9.1.2)
Planning actions to address Risk
Resilience Management
Risk Treatment (6.1.2)
(BS 65000:2014)
Integrate Analysis and evaluation (9.1.3 e)
with
QMS Review (9.2.3 e)
Implementing actions
Processes
(8.5.1)
(4.4) Update / Revisit (10.2.1 e) Improvement (10.1 & 10.3)

Context of the Organization 44

 Planning of Action

Risk Management Framework

Context of the Organization 45

actions to address these risks and opportunities
(proportionate to the potential impact) – Risk Assessment

Context of the Organization 46

Options to address risks (Risk Treatment) can include;

— avoiding risk,

— taking risk in order to pursue an opportunity,

— eliminating the risk source,

— changing the likelihood or consequences,

— sharing / transferring the risk, or

— retaining risk by informed decision.

Context of the Organization 47

Opportunities can lead to;
— the adoption of new practices,
— launching new products,
— opening new markets,
— addressing new customers,
— building partnerships,
— using new technology and
— other desirable and viable possibilities to address the
organization’s needs.

Context of the Organization 48

how to:

— integrate and implement the actions into its QMS

processes, or other business processes (4.4);

— evaluate the effectiveness of these actions.

Context of the Organization 49