Management system guidance
4.0 Context of the Organization
ISO Navigator Pro™ is a free tool that provides practical, expert guidance for businesses wishing to interpret and better implement the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018.
Our range of ISO templates cover the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018, and offer an easy way to implement your next management system.
4.2 Understanding the needs and expectations of interested parties
Understanding your business's internal and external stakeholder interests
The guidance shown on this page is relevant to ISO 9001, ISO 14001 and ISO 45001. Identify the stakeholders of your organization's management system and capture their relevant requirements.
You should allow time to develop an understanding of your business's internal and external stakeholder interests that might impact upon your management system's ability to deliver its intended results, or those that influence your organization's operational purpose.
This information should be gathered, reviewed and regularly monitored through formal channels, such as management review meetings.
We suggest that you undertake analysis of your stakeholders to determine the relevance of the interested parties and their requirements as they relate to your business activities, and those which impact the management system.
In order to determine the relevance of an interested party and their requirements, your organization needs to answer: ‘does this interested party, or their requirements, affect our organization’s ability to achieve the intended outcomes of its management system?’.
If the answer is 'yes', then the interested parties’ requirements should be captured and considered when planning your management system. There are many ways to capture this information, your approach could include:
- Information summarised as an input to the risk and opportunity registers;
- Information summarised as an input to the identification of environmental aspect and impact registers;
- Information summarised as an input to the identification of health and safety hazard and risk registers;
- Recorded in a simple spreadsheets with version control;
- Logged and maintained in a database to allow tracking and reporting;
- Captured, recorded, and disseminated through key meetings.
Try using brainstorming techniques to identify relevant external and internal interested parties, e.g. customers, partners, end users, external providers, owners, shareholders, employees, trade unions, government agencies, regulatory authorities, local community.
Climate change issues are one of many issues that your organization needs to consider when analysing your internal and external context and determining requirements from customers and other relevant interested parties.
Engage relevant stakeholders, such as customers seeking sustainable products or with regulatory bodies who have stricter environmental regulations and permit requirements. Involve the key stakeholders in the process and understand their climate-related requirements to address them effectively within your management system.
Similar to the context review discussed previously in Clause 4.1, cross functional input is vital, as certain functions will identify with particular stakeholders, for example procurement with suppliers, and sales with customers. A workshop approach should be encouraged which can be undertaken independent to, or in conjunction with the context review workshop.
Once stakeholders and their requirements are identified, the next step is to consider which stakeholder requirements generate compliance obligations. Legal requirements should be identified before other requirements. (ISO 14001 and ISO 45001 only) This process of adopting requirements will allow you to focus and coordinate on what’s important.
Make reference to all objective evidence, including examples of interested parties and any resulting compliance obligations. Look for evidence that your organization has undergone a process to initially identify these groups, and then to identify any of their requirements that are relevant to your management system.
You should also determine whether these groups’ requirements are reviewed and updated as changes in their requirements occur, or when changes to your organization’s management system are planned. Ensure that your organization has properly identified its interested parties, and subsequently determined if any of their needs and expectations to be adopted. Ensure that this process is revisited periodically because the relevant requirements of relevant interested parties, especially those relating to climate change may change over time.
Some organizations may choose or even be committed by relevant stakeholders to adopt climate change requirements. They may be required to take action to either adapt to relevant climate change aspects during the planning process or to mitigate relevant climate change aspects as part of their operational processes, e.g., reducing Co2 output within the supply chain or during production.
You should ensure that the monitoring and measurement processes are included in the internal audit programme so your organization can assure itself that the checking processes and validated and that the data it is communicating is accurate. It is important to remember that Clause 4.2 'Understanding the needs and Expectations of Interested Parties' interacts with the following clauses:
- Clause 4.3 - 'When determining the scope, the organization shall consider requirements of relevant interested parties referred to in 4.2'. Do relevant climate change issues impact the QMS scope?;
- Clause 5.2.2 - 'The quality policies are available to relevant interested parties, as appropriate';
- Clause 6.1.1 - 'When planning the management system, the organization shall consider the requirements and the relevant climate change issues referred to in 4.2, and determine risks and opportunities that need to be addressed' What are the risks and opportunities that need to be addressed?;
- Clause 8.3.2 - 'In determining the stages and controls for design and development, the organization shall consider the level of control expected for the design and development process by customers and other relevant interested parties'. Address requirements related to climate change in product and service design and development;
- Clause 9.3.2 - 'Management reviews are planned and carried out considering information on management system performance and effectiveness, including trends in customer satisfaction and feedback from relevant interested parties'. If relevant issues related to climate change have been determined by the organization, these may have specific monitoring and measurement needs.
Internal stakeholders could include:
| Types of Internal interested parties: | Possible needs and expectations: | How to capture key issues: |
| Employees and contractors | Shared culture, attitudes and job security | Employee meetings, consultation and feedback |
| Clients and customers | Competitive pricing, climate change requirements | Client/customer reviews and relationship management/customer feedback |
| Suppliers | Beneficial supplier-client relationships | Supplier reviews and relationship management |
| Unions and worker representatives | Representation and cooperation | Consultation and feedback on employment and safety issues |
External stakeholders could include:
| Types of External interested parties: | Possible needs and expectations: | How to capture key issues: |
| Regulators | Compliance and reporting | Critical product specification issues and conformity |
| Shareholders | Profitability and strategies for growth | Consultation and engagement exercises to identify concerns |
| Neighbours and communities | Social responsibility and engagement | Consultation and engagement exercises to identify climate change concerns |
| Local Authorities and Government | Consultation and information | Engagement with planning and development issues |
The relevant requirements of interested parties must be available as inputs into the management system planning process, as potential risks and opportunities (Clause 6.1). There is no requirement to retain documented information, but the following types of documentation would help to evidence this:
- Minutes of meetings (from meetings from each group of interested party);
- Requirement spreadsheets and databases (CRM & ERM type applications);
- External communications and documentation;
- Quality manual;
- Flow down and capture of requirements relevant to the management system defined in contracts, orders, statements of work, terms of business etc;
- Records of meetings where interested parties and their requirements, including those relating to climate change are routinely discussed and monitored.
- Stakeholder mapping to determine importance;
- Records of surveys, networking, face-to-face meetings, association membership, attending conferences, lobbying, participation in benchmarking.
When analyzing the requirements of interested parties, the needs and demands in connection with climate change must also be considered. This should be discussed during management review meetings and recorded in the meeting minutes.
Look for evidence that your organization has undergone a process to initially identify these groups, and then to identify any of their requirements that are relevant to your organization’s management system.
You should also determine whether these groups’ requirements are reviewed and updated as changes in their requirements occur, or when changes to your organization’s management system are planned.
If your organization has determined there are relevant issues or customer and other interested parties' requirements related to climate change, the next step is to address them in the management system.
Ensure your organization considers climate change-related requirements when determining or reviewing the customer requirements related to products and services. These climate change-related requirements may have specific implications for monitoring and measuring customer satisfaction.
More information on PDCA
Planning
Context
Planning
Support
Doing
Support
Operations
Checking
Monitoring, measurement, analysis and evaluation
Acting
Improvement
Want to know more?
- Read our customer's feedback
- Client list - who's using our templates?
- How the templates are formatted and download examples
- Why we use turtle diagrams and process maps
- What's the difference between a process and a procedure?
- About documented information
SSL certification
A certificate guarantees the information your internet browser is receiving now originates from the expected domain - https://www.iso9001help.co.uk. It guarantees that when you make a purchase, sensitive data is encrypted and sent to the right place, and not to a malicious third-party.
Free PDCA guidance
ISO Navigator™ is our FREE online training tool that shows you how to apply the principles of PDCA to your operations. We also offer many helpful templates that get you on the road to documenting your management system, please visit the download page.