All management systems adopting the Annex SL format are required to identify and manage as appropriate, the management system’s internal and external issues. This will initially require an organisation to determine the scope of the management system, then to understand the processes within its scope, and then to further understand how they inter-relate both internally and externally.
Determining the Scope of the Management System
The requirement to determine the scope of the management system remains a requirement of ISO 9001:2015. It also remains a mandatory documentary requirement, however there is no longer any requirement as to where it must be documented (in ISO 9001:2008 it was required to have been documented with the Quality Manual). The issue of applicability remains within ISO 9001:2015. This means that, in certain circumstances, some of the requirements of ISO 9001:2015 may not be applicable to some management systems. The word “exclusion” no longer features, however clause 4.3 still states that;
“The scope shall state the types of products and services covered, and provide justification for any requirement of this International Standard that the organisation determines is not applicable to the scope of its quality management system”
Exclusions, therefore (in the ISO 9001:2008 use of the word), may still be claimed, and must still be justified, so in that sense there is no major change. In other words, and for example, if the organisation has no design and/or development function then it may state that the requirements of clause 8.3 do not apply. Clearly this claim of non-applicability must be consistent with the nature of processes that operate within the scope of the QMS in order for that claim to be justified.
ISO 9001:2015 does not put any limits on claims of non-applicability in the way that ISO 9001:2008 limits claims of exclusion to its clause 7. This places a higher emphasis for detailed justification on the organisation if it is to make any claim of non-applicability.
The Quality Management System and its Processes
Some processes will be purely internal, IT Support, for example, while other processes may interface with external bodies such as customers, suppliers and regulatory bodies. The Annex SL definition of a process is;
“Set of interrelated or interacting activities which transforms inputs into outputs”
(Annex SL definition of Process)
Whilst it is important to understand how each process works, in terms of its individual inputs, outputs, objectives, the efficiency of the process flow and so on, it is also important to remember that the management system will contain several processes, and the efficiency and effectiveness of the system will depend to a large extent on how well these processes are harmonised as part of a cohesive system.
Needs and Expectations of Interested Parties
Some processes will interface with external parties, most commonly customers, regulators and suppliers. The effective operation of processes that interface with external interested parties will, as a minimum require the organisation to understand the inputs and expected outcomes from these processes in order that the needs and expectations of the interested parties can be served.
Customers and regulatory bodies in particular are critical to the long term success of the organisation and it is important that any processes that interface with these parties are appropriately monitored and measured in order to ensure that their needs are being fulfilled. However the “external issues” can be far more numerous and complex than the external parties that the organisation interacts with. Additional issues could include currency or commodity price fluctuations, the effect of weather (for example if you sell caravans or ice cream), seasonal demand, fashion, political sanctions and so on.
So far as “internal issues” are concerned, for a simple, single site organisation, this is pretty much limited to process interfaces, communications, staff turnover and so on. It’s important not to go hunting for issues where issues don’t exist. Not every system is complex and multi-layered. At the more complex end of the scale there are multi-site organisations with diverse products and processes. Their sites may not all be in the same country or even time zone, there may be language issues, they may have a lot of home working or off-site working, they may operate a three shift system (making handover a key issue) or, by their very nature suffer from a high staff turnover (hospitality industry, call centres etc).
A word of caution
Be careful not to get too carried away identifying every conceivable “internal and external issue” – remember the standard is only interested in those that have an effect on the QMS. The trouble with creating an exhaustive list of every internal and external issue you can think of is that it opens Pandora’s Box, because the requirement does not end with simply identifying them. Once issues have been identified, the standard requires that they are then monitored, evaluated and reviewed on an ongoing basis. Therefore, just as it is bad practice to create a “Corporate Risk Register” that contains every conceivable, barely conceivable and improbable risk, it is bad practice to over-burden your QMS processes with “internal and external issues” that are insignificant.
You can find more ISO 9001:2015 articles here
Find out more about Capable People, our work, and our fantastic clients at CapablePeople.net
IRCA Approved ISO 9001:2015 Transition Courses delivered worldwide.