It's not uncommon for Quality folks to not understand finance, legal and business activities, Its quite common for those at mid level management not to understand either upper level management (executive level) or board level functions of an organization.
Operational activities of an organization usually occur at the Executive levels downward (not at the board levels). Further this recent revision of ISO 9001, is based upon ISO's risk standards and language which can be found in 31000 and 31010. ISO 31000 and 31010 become the basis for Annex SL or what is termed the "High Level" structure.
In legal terms, liability is a very tricky arena. If the language of a prescribed MSS to which an organization is registered is limited to the Operational levels (Executive downward) then there are limitations to liability at those levels. However once the scope of that liability is expanded via base documents (in this case ISO 31000 and 31010) then those effected move from the Operational level to the ownership level. Law, especially liability is wrapped around two things, the first being duty of care and the second being reason to know.
Given that this current revision of ISO 9001 is based specifically upon ISO's risk documents (31000 and 31010), operations level managers have reason to be aware of what is stated in those ISO risk documents, especially since the language of those risk documents now appears in ISO 9001. It's impossible to claim ignorance of intent with so well crafted connections between the two sets of ISO documents. How would one explain the meaning and intent of the exact and duplicate language of 9001 section 4, without ever reading ISO 31010? The two cannot be separated as they were constructed by ISO, as one.
Further, there are prescriptive requirements in section 4 of ISO 9001 which come directly from 31010, which are not related to quality historically. How are the quality folks within an organization going to explain their assessment to the effectiveness of such things as the consideration of political, social, natural environment risks and how they have been addressed at the governance level (board level) of the organization? I would dare say that most folks at mid Management level (below Executive level) have never seen the governance documents, nor the bylaws of their corporation, however this 2015 revision specifically mentions governance in its duplication of language from ISO 31010.
I would not suggest that anyone considering registration to any of the current revisions of ISO MSS ignore the scope and intent of these standards and the effect they can have upon that business. That is why my statement to engage legal council is not without merit. Where previously Mid level Management may have been given the leeway by Executive Management to involve a company at an operational level to ISO MSS's I doubt the Executives will feel the same once they realize this current revision of ISO MSS addresses governance and topics which are generally outside the realm of Quality and or Environmental and or Safety.
From ISO 9001:2015 section 4 CD version
4 Context of the organization
4.1 Understanding the organization and its context
The organization shall determine external and internal issues, that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended outcome(s) of its quality management system.
The organization shall update such determinations when needed.
When determining relevant external and internal issues, the organization shall consider those arising from:
a) changes and trends which can have an impact on the objectives of the organization;
b) relationships with, and perceptions and values of relevant interested parties;
c) governance issues, strategic priorities, internal policies and commitments; and
d) resource availability and priorities and technological change.
Note 1 Understanding the external context can be facilitated by considering issues arising from legal, technological, competitive, cultural, social, economic and natural environment, whether international, national, regional or local.
Note 2 When understanding the internal context the organization could consider those related to perceptions, values and culture of the organization.
How can quality folks consider these things when in most cases thay have no access to them? Further, they usually have no authority or influence over them.
These things have huge implications to the organization and not including legal advice and or Executive guidance could result in issues beyond the comprehension of any mid level Manager.
Operational activities of an organization usually occur at the Executive levels downward (not at the board levels). Further this recent revision of ISO 9001, is based upon ISO's risk standards and language which can be found in 31000 and 31010. ISO 31000 and 31010 become the basis for Annex SL or what is termed the "High Level" structure.
In legal terms, liability is a very tricky arena. If the language of a prescribed MSS to which an organization is registered is limited to the Operational levels (Executive downward) then there are limitations to liability at those levels. However once the scope of that liability is expanded via base documents (in this case ISO 31000 and 31010) then those effected move from the Operational level to the ownership level. Law, especially liability is wrapped around two things, the first being duty of care and the second being reason to know.
Given that this current revision of ISO 9001 is based specifically upon ISO's risk documents (31000 and 31010), operations level managers have reason to be aware of what is stated in those ISO risk documents, especially since the language of those risk documents now appears in ISO 9001. It's impossible to claim ignorance of intent with so well crafted connections between the two sets of ISO documents. How would one explain the meaning and intent of the exact and duplicate language of 9001 section 4, without ever reading ISO 31010? The two cannot be separated as they were constructed by ISO, as one.
Further, there are prescriptive requirements in section 4 of ISO 9001 which come directly from 31010, which are not related to quality historically. How are the quality folks within an organization going to explain their assessment to the effectiveness of such things as the consideration of political, social, natural environment risks and how they have been addressed at the governance level (board level) of the organization? I would dare say that most folks at mid Management level (below Executive level) have never seen the governance documents, nor the bylaws of their corporation, however this 2015 revision specifically mentions governance in its duplication of language from ISO 31010.
I would not suggest that anyone considering registration to any of the current revisions of ISO MSS ignore the scope and intent of these standards and the effect they can have upon that business. That is why my statement to engage legal council is not without merit. Where previously Mid level Management may have been given the leeway by Executive Management to involve a company at an operational level to ISO MSS's I doubt the Executives will feel the same once they realize this current revision of ISO MSS addresses governance and topics which are generally outside the realm of Quality and or Environmental and or Safety.
From ISO 9001:2015 section 4 CD version
4 Context of the organization
4.1 Understanding the organization and its context
The organization shall determine external and internal issues, that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended outcome(s) of its quality management system.
The organization shall update such determinations when needed.
When determining relevant external and internal issues, the organization shall consider those arising from:
a) changes and trends which can have an impact on the objectives of the organization;
b) relationships with, and perceptions and values of relevant interested parties;
c) governance issues, strategic priorities, internal policies and commitments; and
d) resource availability and priorities and technological change.
Note 1 Understanding the external context can be facilitated by considering issues arising from legal, technological, competitive, cultural, social, economic and natural environment, whether international, national, regional or local.
Note 2 When understanding the internal context the organization could consider those related to perceptions, values and culture of the organization.
How can quality folks consider these things when in most cases thay have no access to them? Further, they usually have no authority or influence over them.
These things have huge implications to the organization and not including legal advice and or Executive guidance could result in issues beyond the comprehension of any mid level Manager.
Last edited:
