Conformance1

Tools for conforming to standards, goals and processes

Scope

  • How is scope defined under ISO 9001:2015?
  • How do companies determine the scope of their management systems?
  • What are some common questions companies have about defining the scope of their management systems?

How is Scope Defined Under ISO 9001:2015?

Essentially, scope identifies how your business operates. A well-developed scope statement puts organizations on the path to continual success. While some may be tempted to gloss over or rush through its creation, organizations that thoroughly consider their scope are more likely to benefit from continual improvement efforts. Scope is defined as how far the Quality Management System (QMS) extends within an organization’s operations and notes where any exclusions from the ISO 9001:2015 occur with justification for any exceptions. It is through the scope that a company can identify what their QMS encompasses. While determining scope, here are a few items organizations should consider:

  • External and internal issues that are relevant to the motive of the organization, the strategic direction, and the ability to achieve intended results (Clause 4.1)
  • Requirements of relevant interested parties (Clause 4.2)
  • The product and service of the organization
  • Justification of why any areas of the standard cannot be applied (if applicable)

The scope of your management normally includes your entire organization, but it may be broken down into specific and identified functions of the organization, specific sections of the organization, or one or more functions across several organizations. An organization’s scope must be rationally and consistently applied. This information is typically kept within an organization’s management system manual. 

How Do I Determine the Scope of My Management System?

The reason an organization’s leaders determine the scope is to define boundaries in a manner that allows them to achieve the intended purpose of the QMS. As a reminder, the scope should be established based on internal and external issues relevant to the purpose of the organization, requirements of relevant parties, and the product or services of an organization.

Internal Issues

In order to determine the internal issues of an organization, it is recommended that one use a SWOT (strength, weakness, opportunity, threats) analysis. Organizations must develop a SWOT analysis so that weaknesses and threats become determining factors for risk and opportunity. Below is a template of a SWOT analysis breakdown. 

Strengths: attributes that make one company have an advantage over a competitor

Questions to think about include:

  • What does the organization do well?
  • What makes the organization different from competitors?
  • What capabilities does an organization have that makes it successful (people, knowledge, processes, technology, etc)?

Weaknesses: areas in a company that needs to be improved

Questions to think about include:

  • What causes frustrations for employees or customers?
  • What processes could be improved for the company?
  • How can a company improve the spread of accurate information from within?
  • How is the company following its mission?
  • Is the company following important business ethics?
  • Can external reports demonstrate the company’s success?

Opportunity: circumstances a business can take advantage of

Questions to think about include:

  • What are current market trends?
  • What local and global events have taken place recently?
  • Are there changing customer values?

Threats: anything that might negatively impact an organization

Questions to think about include:

  • Are there any obstacles that may prevent continued operation?
  • What is the competition doing?
  • Are there internal changes (staffing, products, or services) that might cause a problem for operations?

External Issues

To determine the external issues of an organization, it is recommended that an organization performs a Political, Economic, Social, Technological, Legal, and Environmental (PESTLE) analysis. Below are questions to keep in mind. 

  • What is occurring in our political landscape? 
    • Are their upcoming governmental policy changes?
    • Are their inter-country relationship issues?
    • What pressure groups is a company facing? 
  • How is the economy?
    • Where are emerging markets?
    • What is the global financial situation?
  • What is happening socially within an organization’s market?
    • What trends might threaten or help an organization?
    • Are their changes in consumer behaviors?
  • What technological changes are occurring?
    • What are trends that could impact business?
    • What productivity improvements are being made?
  • Are there changes being made in legislation?
    • Will new regulations be required of an organization?
    • Are changes being made that will impact our goods or services?
  • What are some ecological and environmental issues?
    • What are environmental regulations?
    • Is there a need for an organization’s product or service in the market?
    • What separates a company from its competitors?

According to ISO 9001:2015 standards, organizations are not required to document information to define their context. However, it is helpful for organizations to keep track of these types of documents to show compliance: 

  • Policy statements
  • Strategy documents that show how an organization is reaching their goals
  • Minutes of meetings where context is discussed
  • Structured risk assessments of internal and external issues
  • Competitor analysis
  • Economic reports from business sectors or consultant’s reports
  • SWOT analysis for internal issues
  • PESTLE analysis for external issues
  • Annual reports
  • Process maps, tables, spreadsheets, mind mapping diagrams

Interested Parties

After determining the external and internal issues of an organization, the next step is to determine relevant and interested parties. While determining interested parties, think about groups whose requirements or reports must be updated when there are changes in the organization’s QMS. Organizations should pose the question: Does this group or their requirements affect the ability to accomplish the organization’s outcomes of its QMS? If so, parties’ requirements must be recorded. It is important to revisit this process periodically because an organization’s stakeholders may change over time. Interested parties may include:

Internal Stakeholders:

  • Employees
  • Contracted Workers
  • Customers
  • Suppliers
  • Unions

External Stakeholders:

  • Compliance Officers
  • Shareholders
  • Community Members
  • National and Local Government 

To understand interested party requirements, consider a few different methods of capture. This could include:

  • Information summarized as part of inputs to risk and opportunity registers
  • Information summarized as an input to the identification of environmental aspect and impact registers
  • Information summarized as an input to the identification of health & safety hazard and risk registers
  • Recorded in a simple spreadsheet
  • Logged and maintained in a database for reporting
  • Captured and recorded through key meetings
  • Gap analysis or internal audit output by Internal Auditors
  • Product requirements

During this process, it is valuable to communicate with stakeholders about legal and compliance obligations. The communication should be based around the data a company’s QMS generates. This data should be closely monitored to ensure accuracy. It is important to ensure that the monitoring and measurement processes are included in the internal audit program so the organization can assure itself that the checking processes are validated and that the data communicated is accurate. 

Common Questions Organizations Ask About Scope

Why is scope important in ISO 9001:2015?

Without meeting this requirement, an organization can lose its ISO certificate. Also, the scope defines the requirements for QMS which are mentioned in 7 different clauses: leadership, the context of an organization, support, planning, improvement, operation, and performance evaluation. 

What are some examples of scope statements?

Example 1:

Company X is a manufacturing company located in Indianapolis, Indiana; the organization produces automotive machines and their components within the USA. 

Example 2:

Company Y provides web development services to companies across the globe. 

Example 3:

Company Z, a part of Parent Company ZZ, operates in Chile in the pharmaceutical industry providing drugs to control diabetes.

Can’t the scope be written quickly?

To develop a comprehensive and complete scope takes time. It is important to go through the writing and revision process several times before settling. Not only will the process help in receiving a certificate, but it can also help an organization learn about itself.