Informational "Context of the Organization" in ISO 9001:2015 Clause 4.1

Re: "Context of the Organization" in 4.1 of ISO 9001

An audit may only take place once a year, but quite often the stuff I am auditing was created on many different dates by many different people. For example, if I am auditing record retention, I look at records from many different processes, covering several different dates, and different people in the process. It is not a snapshot of just one time or you are doing it all wrong.

If you see no value in that, I don’t understand your perspective.

Re: "Context of the Organization" in 4.1 of ISO 9001

Actually in my view, before 2008 ISO still used the risk based approach in its design. Take 1994 issue for example, it is full of the mention of controls, either "controls needed to achieve required quality", "extent of control exercised over subcontractors", "control of customer-supplied product", "process control", etc. Why are controls considered and put in place? To address the effect of uncertainties (risk). The 1994 standard was a lot more rigid in its design as far as must have procedures and elements. The new standards are more flexible and user defined/designed. However, they unfortunately are more interpretive, as evident in the discussions on this subject and others.
I agree with Randy.

Re: "Context of the Organization" in 4.1 of ISO 9001

Mike S. said:

An audit may only take place once a year, but quite often the stuff I am auditing was created on many different dates by many different people. For example, if I am auditing record retention, I look at records from many different processes, covering several different dates, and different people in the process. It is not a snapshot of just one time or you are doing it all wrong.

If you see no value in that, I don’t understand your perspective.

Click to expand...

I hope you do not address this to me because I do not see your point. I am sure we all are doing things right.

Re: "Context of the Organization" in 4.1 of ISO 9001

LUV-d-4UM said:

I hope you do not address this to me because I do not see your point. I am sure we all are doing things right.

Click to expand...

Not aimed at you.

Unless I inferred what was not implied, another poster seemed to suggest audits were not effective because they only happened once a year.

Re: "Context of the Organization" in 4.1 of ISO 9001

Mike S. said:

Not aimed at you.

Unless I inferred what was not implied, another poster seemed to suggest audits were not effective because they only happened once a year.

Click to expand...

That is absolutely wrong! ISO9001:2015 does not require how many times IA should be conducted. My audits only happen once a year, however we have an audit program develop to consider customer feedback, risk and opportunities, and system alignment to quality objectives. We provide objective evidence, during closing meeting that the audit results are shared with the relevant process owner and managers. These are also reviewed during Management Review.

Re: "Context of the Organization" in 4.1 of ISO 9001

Internal audits are performed based upon needs and importance of the organization. To identify any potential issues. To assure that the Quality Management System is working and providing the required results.

If an organization has determined that once year can meet the results that they are seeking, than so be it. It is determined that every 6 months works, than that's ok. Basically, if the entire system is audited internally within the registration cycle, and can be justified and supported; there shouldn't be any issues.

Just my opinion.

Re: "Context of the Organization" in 4.1 of ISO 9001

Sometimes if you cannot think risk based, think like a coward


Sent from my iPhone using Tapatalk

Re: "Context of the Organization" in 4.1 of ISO 9001

Coming back once again to the "Context of the Organisation", I go by the clarification included in the standard (Annex.A.3 para 2) which says "There is no requirement....for the organisation to consider interested parties where it has decided that these parties are not relevant to its QMS. It is for the organisation to decide if a particular requirement of a relevant interested party is relevant to its QMS"". (emphasis is mine)

Thus there is no mention of any requirement calling for an organisation to record or otherwise offer a formal justification for their decision. My client is due for re-certification & up-gradation to the 2015 version in Oct/Nov. 2016. We have already identified the interested parties relevant to our QMS and do not expect any problem during the audit.

Re: "Context of the Organization" in 4.1 of ISO 9001

JoShmo said:

They "allow" a client to do one or two a year, is what I mean. I displike register auditors who have no clue what "effectiveness" looks like and use the CB process as a measure - asking for "all elements to be covered once a year/2 yers/cycle or whatevers. I don't dislike registers, I dilsike meaningless audits.

Click to expand...

A CB auditor who asks that all elements be covered twice a year, or even once a year, is not correct. There is no requirement as such in any of the (5) standards/technical specifications I audit to.

Nor should a CB auditor "allow" a certain number of audits. Effectiveness of the internal audit process can be demonstrated by its functionality and finding conformance, nonconformities, and opportunities for improvement if finding such opportunities is part of the process's purpose.

Re: "Context of the Organization" in 4.1 of ISO 9001

Mike S. said:

This whole requirement sounds like fluff and a waste of time to me.

Click to expand...

People are doing it already, just not realizing that's what the standard is asking for. LUV-d-4UM cracked the code; pointing out it is like the business plan was spot-on.

Does your organization have an Operating Plan or business plan? Chances are that document already has what you are asking about.

It is important to not overthink this standard.