Don’t overthink it!
There has been a lot of chatter this past year about this new section 4 requirement of ISO 9001. Not all of it, in my opinion, either informed or particularly helpful. In essence, the whole concept of ISO 9001 Organisational Context is something we can summarise in very simple terms.
The End of Copy and Paste …. Maybe
In very simple terms, the requirement for Organisational Context requires the system to be demonstrably the system that belongs to the organisation. Something developed by them, for them, taking into account its own organisational environment and challenges and NOT a copy/paste job. Putting it bluntly, it should see an end to copy/paste/generic manuals. That’s the idea anyway.
The concern I have is that it might not. Already I have seen banner adverts on LinkedIn that advertise for sale “ISO 9001:2015 compliant Management System Documentation”. By definition there can be no such thing. Anything that is off the shelf simply cannot meet the Context requirements of Section 4. We need our Certification Body auditors to see this as a red line. Let’s hope …
And The Auditors?
In my experience its quite rare for an organisation and its people not to have a reasonable understanding of its own context. They may not have designed the system around it particularly well, and many issues that affect the organisation might be managed in a less than systematic way, but generally everyone knows what sort of things are likely to bite them on the behind. That could be things like fluctuations in demand, seasonal fluctuations, price of supplies and commodities, trading conditions, weather events, transport and infrastructure disruptions etc – they will know what they are. It is quite common on the other hand, for an external auditor to fail to understand the context of the auditee. There is a reasonable excuse for this – how could they? The auditor visits one or two times a year, they can’t possibly understand the context of the auditee organisation as well as the people that work there day in day out. Part of the requirement of Section 4 involves the auditee explaining its system to the auditor. Explaining why they do what they do, and, in some ways, making the auditor’s job easier and reducing the chances of conflict through ignorance.
Internal and External Issues
In an earlier article I explained how important this new requirement is. It is, in my opinion, also likely to be the most significant transition issue for most organisations as it is commonly not managed in a documented or a systematic way.
There is a requirement for a greater level of detail to be documented in the statement of scope. The reason for this, again, goes back to context. A vague, general or woolly scope is not helpful to customer organisations. It doesn’t clearly express the extent and limits of your the system. Again, also, the scope is used to match auditee and auditor. Making sure you get allocated with an auditor that is in a good position, based on industry experience, to discharge a competent audit. It’s important too.
Anyway, thanks for reading. Feel free to comment.