Management system guidance
4.0 Context of the Organization
ISO Navigator Pro™ is a free tool that provides practical, expert guidance for businesses wishing to interpret and better implement the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018.
Our range of templates cover the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018, and offer an easy way to implement your next management system.
4.3 Determining the scope of the management system
The guidance shown on this page is relevant to ISO 9001, ISO 14001 and ISO 45001. Defining the scope of your management system is a key step when developing any management system. The scope should concisely describe the activities, regulatory requirements, facilities, and remote locations that are to be covered under, and supported by the management system.
The scope of registration and certification will need to reflect precisely and clearly the activities covered by your organization's management system; any exclusion to non-applicable requirements of the standards should be documented and justified in the manual. No single business-related activity should exist outside of the scope. You should discuss the scope of registration very early in your contact with the registrar, prior to or during the selection process.
From a review of the nature of your business's operations, products and services, the scope of the management system should be apparent by the extent of the processes and controls that your organization has already established. If you need a procedure to help determine and document your organization's scope, click here.
Look for confirmation that your organization has determined the boundaries and applicability of the management system to establish its scope with reference to any external and internal issues (Clause 4.1), the requirements of relevant interested parties (Clause 4.2), and the nature of your organization's products and services. Consideration of the boundaries and applicability of the management system can include:
- The range of products and services;
- Different sites and activities;
- External provision of processes, products and services;
- Common support provided by centralised functions;
- Processes, procedures, instructions, or site-specific requirements.
The scope of your management system may include the whole of the organization, specific and identified functions within the organization, specific sections of the organization, or one or more functions across a group of organizations. Auditors will challenge your organization if any activities, products and services that would likely have a significant impact on the environment or those that impact health and safety are omitted from the scope. Your organization’s scope determinations should be reasonable and consistently applied.
Ensure that your organization has considered its degree of control and influence over its activities, products and services from a life cycle perspective. The degree of control needs to be determined for environmental aspects associated with such things as procured goods and services, outsourced processes, product performance requirements, end of life treatment (recycling, disposal, etc.).
The management system scope must be retained as documented information in accordance with Clause 7.5.1, usually within the management system manual. The scope statement is normally shown on the certificate, for most registrars, 15 words or less, is generally sufficient. Here are two examples shown below:
'provision of marketing, sales, support, development and implementation of software solutions, located at...'
'manufacture of precision machined components for aerospace and industrial customers, including the delivery of these activities to requirements, located at...'
You may not design your products because your customers supply product specifications and drawings. In which case you can exclude the product design processes and requirements.
More information on PDCA
Want to know more?
- Read our customer's feedback
- Client list - who's using our templates?
- How the templates are formatted and download examples
- Why we use turtle diagrams and process maps
- What's the difference between a process and a procedure?
- About documented information
A certificate guarantees the information your internet browser is receiving now originates from the expected domain - https://www.iso9001help.co.uk. It guarantees that when you make a purchase, sensitive data is encrypted and sent to the right place, and not to a malicious third-party.
Free PDCA guidance
ISO Navigator™ is our FREE online training tool that shows you how to apply the principles of PDCA to your operations. We also offer many helpful templates that get you on the road to documenting your management system, please visit the download page.