Management system guidance

4.0 Context of the Organization

ISO Navigator Pro™ is a free tool that provides practical, expert guidance for businesses wishing to interpret and better implement the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018.

Our range of templates cover the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018, and offer an easy way to implement your next management system.

4.1 Understanding your organization and its context

Clause 4.1 of ISO 45001:2018 requires the provision of a high-level understanding of key issues that can affect OHS both positively and negatively within the organization. Using this information will help develop an understanding of internal and external issues and the interaction of activities to help plan and develop controls within the system.

What are internal and external issues? There are many internal and external issues that affect, or have the potential to affect, the OHS management system. It is imperative these are identified so that there is clear understanding and appreciation of the operating environment.

Internal and external issues are circumstances, characteristics and changes which can positively or negatively influence the OHS management system. ‘Annex A’ of ISO 45001:2018 has been developed to provide examples of internal and external issues.

Use the Context & Interested Parties Matrix to document any external and internal issues relevant to your organization's operational purpose and strategic direction that may affect its ability to achieve the intended result of the management system.

To assess whether your organization has a high-level, conceptual understanding of its internal and external issues that affect it, either positively or negatively, its ability to achieve the intended outcomes, you should describe the processes used by your organization to identify internal and external issues and make reference to all objective evidence, including examples of these issues. Examples of organizational issues might include:

  • Health and safety conditions capable of affecting or being affected by the organization;
  • External: cultural, social, political, regulatory, financial, economic, natural and competitive issues, whether international, national, regional or local;
  • Internal: organization’s activities, products, services, strategic direction and capabilities (people, knowledge, processes, systems).

You will need to determine and understand the various health and safety conditions, internal and external issues, typically experienced in your type of organization that can have positive or negative impacts.

The standards do not specify that these internal and external issues, or their monitoring and review, be documented, so there might not be ‘lists of issues’ or records of reviews. However, information can be obtained via interviews with relevant Top management in relation to your organization’s context and its strategic direction, the identified issues and conditions, and how these may affect the intended outcomes of the management system.

Collate evidence to provide assurance that your organization is regularly, or as necessary, reviewing and updating its external and internal issues. Although there is no requirement for documented information to define the context of the organization, your organization will find it helpful to retain the types of documented information listed below to help demonstrate compliance:

  • Business plans and strategy reviews;
  • Competitor analysis;
  • Economic reports from business sectors or consultant’s reports;
  • SWOT analysis for internal issues;
  • PESTLE analysis for external issues;
  • List of external and internal OHSMS issues and conditions.
  • OHSMS action plans and objectives;
  • Annual reports;
  • Minutes of meetings (Management review and, e.g. design review minutes);
  • Process maps, tables, spreadsheets, mind mapping diagrams.

Reviewing your organization’s context could include interviews with senior management, questionnaires, surveys and research. Cross-functional input is essential for the specific expertise required to identify the full breadth of issues, such as finance, training, human resources, commercial, engineering and design, etc.

Not only will this ensure a broader appreciation of the context but also wider engagement, particularly with those functions not previously involved with the OHSMS. Using the SWOT and PESTLE analysis templates, undertake an analysis of internal and external issues.

This provides clear evidence that a comprehensive process has been carried out to understand the context within which your organization operates. This activity will also help to determine the scope of OHS management system as required under Clause 4.3 and 9.3.

With the information that is gathered during discussions at all levels of the organization to determine context, it is recommended this information is placed into a report. The benefit of this is it provides a cohesive explanation and a good reference to support present and future business strategy.

Internal issues

Using a SWOT Analysis Template identify and analyze your organization’s strengths, weaknesses, opportunities and threats. Below are typical examples, however each issue will be focused on the individual organization:

Strengths are characteristics of our organization that allow operation more efficiently and effectively than competitors. We consider:

  • What does our organization do well?
  • What advantages does our business have over other internal sections or external organizations, including competitors?
  • What makes our organization different from competitors?

Weaknesses are areas that are recognized as needing improvement. We consider:

  • What can be done better?
  • What causes problems or complaints (information from root-cause analysis)?
  • Which capabilities need modifying, strengthening or divesting for the future?

Opportunities are trends, circumstances or business opportunities that may be taken advantage of. We consider:

  • What are the changes in technology or markets?
  • What local and global events may be useful?
  • What are the changes in customer/societal values?

Threats can be external or internal and are anything that can adversely affect business or operations. External threats could be economic, new legislation or even a new competitor in the market. Internal threats could be a skill or staff shortage within our organization. We consider:

  • What obstacles are there for ongoing operation?
  • Are there any potential competitors to the business?
  • Who might be the new competition?
  • Are there any potential changes to staffing, products, services or technology that could threaten operation or business?

Examples of internal issues suitable for SWOT Analysis include:

  • Governance, organizational structure, roles and accountabilities;
  • Policies, objectives and the strategies in place to achieve them;
  • Resources (including human), knowledge and competence;
  • OHS culture within the organization and the relationship with workers;
  • Process for the introduction of new products, materials, services, tools, software, premises and equipment;
  • Working conditions.

External issues

A workshop approach often allows ideas to be shared and provides an effective and efficient way of achieving a valuable outcome. The workshop could simply be a discussion identifying the issues that can be mapped out using a Political, Economic, Social, Technological, Legal and Environmental (PESTLE) analysis. This method helps to structure the conversation and will also help to achieve buy-in to what is often seen as a peripheral or niche area.

What is happening politically in the environment in which we operate?

  • Trading policies;
  • Funding, grants and initiatives;
  • Home market lobbying/pressure groups;
  • International pressure groups;
  • Wars and conflict;
  • Government policies, term and change;
  • Inter-country relationships and attitudes;
  • Political trends;
  • Internal political issues;
  • Shareholder needs and demands.

What is happening with respect to ecological and environmental issues?

  • General market conditions that affect the business;
  • Market direction;
  • Environmental issues;
  • Environmental regulations;
  • Stakeholder/investor values;
  • Needs for the organization’s products and services in the market;
  • Customer market technology opportunities;
  • Competitors and differences between competitors;
  • Competitiveness of the organization and what affects its ability to compete;
  • Customer problems and complaints with current products and services.

What is happening technology-wise which can impact what we do?

  • Maturation of existing technologies;
  • Technological developments or trends that affect or could affect the business;
  • New product development and potential markets: government, international, resource sector, etc.;
  • Productivity improvements through automation;
  • Telecommunication infrastructure;
  • Online connectivity and digital data.

What is occurring socially and culturally in the markets in which we operate?

  • Current or emerging trends in lifestyle and their implications;
  • Demographic trends that may affect market size (growth rate, income, population shifts);
  • Whether these trends represent an opportunity or a threat;
  • Changes in consumer behaviour;
  • Increasing environmental awareness;
  • Urbanization;
  • Consumer demands; personalization and high-end experiences;
  • Public demand for transparency and participation in decision-making.

What is happening with changes to legislation?

  • Possible changes in regulation/legislation;
  • Impacts of these changes on business;
  • Stability of government;
  • Outsourcing regulations;
  • Government bureaucracy – rules and regulations;
  • Legal constraints.

What is happening within the economy?

  • National and internal financial trends (trends in economic forces);
  • Economic trends that may have an impact on business activity;
  • Emerging markets;
  • Inflation, employment levels, supply;
  • Energy available;
  • Global financial situation.

Examples of external issues suitable for PESTLE Analysis include:

  • Cultural, social, political, legal, financial, technological, economic and natural surroundings including the environment in which the organization operates;
  • Who the competitors are and any contractors, subcontractors, suppliers, partners and providers;
  • National and international law;
  • Industry drivers and trends which have influence on the organization;
  • The organization products and services and their influence on occupational health and safety.

Ensure that OHS-related internal and external factors and conditions have been identified that could affect, or be affected by, your organisation’s activities. Ensure that any significant risks and opportunities been identified.

More information on PDCA


ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
4.1 Organizational Context 4.1 Organizational Context 4.1 Organizational Context
4.2 Relevant Interested Parties 4.2 Relevant Interested Parties 4.2 Relevant Interested Parties
4.3 Management System Scope 4.3 Management System Scope 4.3 Management System Scope
4.4 QMS Processes 4.4 EMS Processes 4.4 OH&S Management System
ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
5.1 Leadership & Commitment 5.1 Leadership & Commitment 5.1 Leadership & Commitment
5.2 Quality Policy 5.2 Environmental Policy 5.2 OH&S Policy
5.3 Roles, Responsibilities & Authorities 5.3 Roles, Responsibilities & Authorities 5.3 Roles, Responsibilities & Authorities
    5.4 Consultation & Participation
ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
6.1.1 Address Risks & Opportunities 6.1.1 Address Risks & Opportunities 6.1.1 Address Risks & Opportunities
6.2.1 Quality Objectives 6.1.2 Environmental Aspects 6.1.2 Hazard Identifcation
6.2.2 Planning to Achieve Objectives 6.1.3 Compliance Obligations 6.1.3 Legal & Other Requirements
6.3 Planning for Change 6.1.4 Planning Action 6.1.4 Planning Action
  6.2.1 Environmental Objectives 6.2.1 OH&S Objectives
  6.2.2 Planning to Achieve Objectives 6.2.2 Planning to Achieve Objectives


ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
7.1.1 Resources - General 7.1 Resources 7.1 Resources
7.1.2 People 7.2 Competence 7.2 Competence
7.1.3 Infrastructure 7.3 Awareness 7.3 Awareness
7.1.4 Operational Environment 7.4.1 Communcation - General 7.4.1 Communcation - General
7.1.5 Monitoring & Measuring 7.4.2 Internal Communcation 7.4.2 Internal Communcation
7.1.6 Organizational Knowledge 7.4.3 External Communcation 7.4.3 External Communcation
7.2 Competence 7.5 Documented Information 7.5 Documented Information
7.3 Awareness    
7.4 Communcation    
7.5 Documented Information    
ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
8.1 Operational Planning & Control 8.1 Operational Planning & Control 8.1.1 General
8.2.1 Customer Communication 8.2 Emergency Preparedness 8.1.2 Eliminating Hazards
8.2.2 Determining Requirements   8.1.3 Management of Change
8.2.3 Reviewing Requirements   8.1.4 Outsourcing
8.2.4 Changes in Requirements   8.2 Emergency Preparedness
8.3.1 Design Development - General    
8.3.2 Design Development - Planning    
8.3.3 Design Development - Inputs    
8.3.4 Design Development - Controls    
8.3.5 Design Development - Outputs    
8.3.6 Design Development - Changes    
8.4.1 External Processes - General    
8.4.2 Purchasing Controls    
8.4.3 Purchasing Information    
8.5.1 Production & Service Provision    
8.5.2 Identification & Traceability    
8.5.3 3rd Party Property    
8.5.4 Preservation    
8.5.5 Post-delivery Activities    
8.5.6 Control of Changes    
8.6 Release of Products & Services    
8.7 Nonconforming Outputs    


ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
9.1.1 Performance Evaluation 9.1.1 Performance Evaluation 9.1.1 Performance Evaluation
9.1.2 Customer Satisfaction 9.1.2 Evaluation of Compliance 9.1.2 Evaluation of Compliance
9.1.3 Analysis & Evaluation 9.2 Internal Audit 9.2 Internal Audit
9.2 Internal Audit 9.3 Management Review 9.3 Management Review
9.3 Management Review    


ISO 9001:2015
ISO 14001:2015
ISO 45001:2018
10.1 Improvement - General 10.1 Improvement - General 10.1 Improvement - General
10.2 Nonconformity & Corrective Action 10.2 Nonconformity & Corrective Action 10.2 Incident, Nonconformity & Corrective Action
10.3 Continual Improvement 10.3 Continual Improvement 10.3 Continual Improvement

Want to know more?

SSL certification

A certificate guarantees the information your internet browser is receiving now originates from the expected domain - It guarantees that when you make a purchase, sensitive data is encrypted and sent to the right place, and not to a malicious third-party.

Free PDCA guidance

ISO Navigator™ is our FREE online training tool that shows you how to apply the principles of PDCA to your operations. We also offer many helpful templates that get you on the road to documenting your management system, please visit the download page.