Informational Context of the Organization & Interested Parties Evidence - ISO 9001:2015 Cl. 4.1/4.2

AMIT BALLAL

Trusted Information Resource
Trusted
#61
Re: Context of the Organization & Interested Parties Evidence - ISO 9001:2015 Cl. 4.1

Risk based thinking is addressed in 6.1.1 and 6.1.2:

6.1.1 asks:
Refer requirements referred to in 4.2 and determine the risks
and opportunities that need to be addressed to:
b) enhance desirable effects;
c) prevent, or reduce, undesired effects;
d) achieve improvement.

Intent is to determine the risks and opportunities against needs and expectations of interested parties.
Unless you determine the risk and opportunity rating:
how you'll be able to prioritize for enhancing desirable effects (Opportunities), prevent or reduce undesired effects (risks) / achieve improvement?

The intent is to quantify risk and you need to have some criteria for risk rating and weight-age. If you don't have any rating criteria, it will be subjective and will depend on interpretation of individual to decide whether the risk is significant or not.
 

dsanabria

Quite Involved in Discussions
#62
Re: Context of the Organization & Interested Parties Evidence - ISO 9001:2015 Cl. 4.1

Risk based thinking is addressed in 6.1.1 and 6.1.2:

6.1.1 asks:
Refer requirements referred to in 4.2 and determine the risks
and opportunities that need to be addressed to:
b) enhance desirable effects;
c) prevent, or reduce, undesired effects;
d) achieve improvement.

Intent is to determine the risks and opportunities against needs and expectations of interested parties.
Unless you determine the risk and opportunity rating:
how you'll be able to prioritize for enhancing desirable effects (Opportunities), prevent or reduce undesired effects (risks) / achieve improvement?

The intent is to quantify risk and you need to have some criteria for risk rating and weight-age. If you don't have any rating criteria, it will be subjective and will depend on interpretation of individual to decide whether the risk is significant or not.
In addition:

6.1.2 The organization shall plan:

a. actions to address these risks and opportunities;

b. how to:

1. integrate and implement the actions into its quality management system processes (see 4.4);

2. evaluate the effectiveness of these actions.

Actions taken to address risks and opportunities shall be proportionate to the potential impact on the conformity of products and services.

NOTE 1: Options to address risks can include avoiding risk, taking risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision.

NOTE 2: Opportunities can lead to the adoption of new practices, launching new products, opening new markets, addressing new customers, building partnerships, using new technology and other desirable and viable possibilities to address the organization’s or its customers’ needs.


As lang as you have address the risk (any written form to include management review) and made a decision I don't understand the thinking of the auditor.
 

AndyN

A problem shared...
Staff member
Super Moderator
#63
Re: Context of the Organization & Interested Parties Evidence - ISO 9001:2015 Cl. 4.1

URGENT HELP!!!
I´m in the middle of the IATF audit for transition, and the auditor is putting a non conformity bacause I haven´t a range/score table of severity x occurance for interested parts requirements.
I have identified interested parties and risks associated with their requirements and actions to manage those risks. Is it mandatory to score in terms of priority?
It's non-sense! You are not required to do anything of the sort. Tell the auditor you will be appealing the finding and that you'll also be making a formal complaint. This is way beyond what's required.
 

qualprod

Trusted Information Resource
Trusted
#64
Re: Context of the Organization & Interested Parties Evidence - ISO 9001:2015 Cl. 4.1

Unless you are describing in some document yo are doing it so.
and dont have the evidence
Regards
 

andrev

Involved In Discussions
#65
Re: Context of the Organization & Interested Parties Evidence - ISO 9001:2015 Cl. 4.1

Working at a small company (50 employees) with the owners being hands on every day our approach is to keep it simple. The following statement will be included in our Management Review minutes:

The management team reviewed the system elements of ISO 9001:2015 and concluded that the requirements are being met.

The owners understand the requirements and can explain to the auditor when asked. I do not see a need to document any further than this.
Thank you, very helpful, I have much the same situation, only 36 employees and Top Management works harder on the floor than anybody, no time to sit in boardrooms, they are basically not interested in ISO.
 

Kronos147

Trusted Information Resource
Trusted
#66
Thank you, very helpful, I have much the same situation, only 36 employees and Top Management works harder on the floor than anybody, no time to sit in boardrooms, they are basically not interested in ISO.
If 'Top Management works harder on the floor than anybody', that implies to me they really care about their process, and the "ISO System' is inappropriate for the Context of the Organization.

A lot of great information in the standard is to be found in the pages prior to section 4.0!

My premise would be for an organization such as the one described above, the process definition is not effective and not effectively communicated or perceived across the organization.

Were I to be asked to come in and consult, I would meet with each of top management and ask them what their process is, and figure out the turtle (inputs, outputs, measurements, guides, goals, controls....). Then I would go back and redo the process map, and put all the metrics on a quick form.

I would keep the form posted and update often. I would assign "sections" of management review to process owners, and I would meet on the floor with them for 15 minutes a week and keep the records required to meet all the requirements of management review.

I have found this an effective method to achieve engagement.

It's not 'your' system. It's their system documented.

Then, figure out what requirements apply to each process. Internally audit each process with those requirements assessed specifically. Over time. Fix along the way. Long term plans, and continual improvement!
 

kdburkh0214

Starting to get Involved
#67
Re: 4.1 & 4.2 Context and Interested Parties, ISO 9001:2015



Sure, but be ready to SHOW how you "monitor and review the information about these interested parties and their relevant requirements."

I'm personally including this as an agenda item during Management Review meetings. This way the intent of the clause can be met and I've got meeting minutes showing the review (inputs/outputs, action items, etc.) took place.
At my last company, I included them in Mgmt. Review. I just started at a new company and they have interested parties listed in their QM.
 

tony s

Information Seeker
#68
Clause 4.2 of ISO/TS 9002:2016 - Guidelines for the application of ISO 9001:2015, actually, mentioned this statement:
"The organization should have robust systems in place to monitor and review the relevant requirements of its interested parties. Monitoring and reviewing can be done by using the organization’s processes related to customer requirements, design and development of products and services, and (at a more strategic level) during management review".

So, monitoring and reviewing the information about interested parties can be evidenced through:
  • reviewing orders received;
  • contract review;
  • reviewing product design and development output against customer input requirements;
  • reviewing compliance with statutory and regulatory requirements;
  • market study;
  • benchmarking;
  • conducting customer surveys;
  • review of feedback of relevant interested parties during management review.
 

andrev

Involved In Discussions
#69
If 'Top Management works harder on the floor than anybody', that implies to me they really care about their process, and the "ISO System' is inappropriate for the Context of the Organization.

A lot of great information in the standard is to be found in the pages prior to section 4.0!

My premise would be for an organization such as the one described above, the process definition is not effective and not effectively communicated or perceived across the organization.

Were I to be asked to come in and consult, I would meet with each of top management and ask them what their process is, and figure out the turtle (inputs, outputs, measurements, guides, goals, controls....). Then I would go back and redo the process map, and put all the metrics on a quick form.

I would keep the form posted and update often. I would assign "sections" of management review to process owners, and I would meet on the floor with them for 15 minutes a week and keep the records required to meet all the requirements of management review.

I have found this an effective method to achieve engagement.

It's not 'your' system. It's their system documented.

Then, figure out what requirements apply to each process. Internally audit each process with those requirements assessed specifically. Over time. Fix along the way. Long term plans, and continual improvement!
f 'Top Management works harder on the floor than anybody', that implies to me they really care about their process, and the "ISO System' is inappropriate for the Context of the Organization.
If 'Top Management works harder on the floor than anybody', that implies to me they really care about their process, and the "ISO System' is inappropriate for the Context of the Organization.

A lot of great information in the standard is to be found in the pages prior to section 4.0!

My premise would be for an organization such as the one described above, the process definition is not effective and not effectively communicated or perceived across the organization.

Were I to be asked to come in and consult, I would meet with each of top management and ask them what their process is, and figure out the turtle (inputs, outputs, measurements, guides, goals, controls....). Then I would go back and redo the process map, and put all the metrics on a quick form.

I would keep the form posted and update often. I would assign "sections" of management review to process owners, and I would meet on the floor with them for 15 minutes a week and keep the records required to meet all the requirements of management review.

I have found this an effective method to achieve engagement.

It's not 'your' system. It's their system documented.

Then, figure out what requirements apply to each process. Internally audit each process with those requirements assessed specifically. Over time. Fix along the way. Long term plans, and continual improvement!
 

Top