4 Context of the organization T 16
- 4.1 The organization and its context
- 4.2 Needs and expectations of interested parties
- 4.3 Scope of the QMS
- 4.4 QMS and its processes
4.1 The organization and its context
External and internal issues that can influence the QMS
Requirements ISO 9001 1 to 2 (see also the quiz)
The two most important things in a company do not appear in its balance sheet: its reputation and its people. Henry Ford
To successfully implement a quality management systemset of processes allowing the achievement of the quality objectives (see also ISO 9000, 3.5.4), we must understand and evaluate everything that can influence the reason for being and business performancemeasurable and expected results of the management system (see also ISO 9000, 3.7.8). You should think carefully about a few key activities:
- develop a thorough diagnosis of the unique context in which your company exists, taking into account these issues:
- the external environment, such as:
- social
- regulatory
- economic
- technology
- the internal environment, such as:
- specific aspects of the corporate culture:
- vision
- rationale, purpose and mission
- core values
- staff
- products and services
- infrastructure
- specific aspects of the corporate culture:
- the external environment, such as:
- monitor and review regularly any information relating to external and internal issues
- analyse the factors that may influence the achievement of business objectives
The SWOT and PESTEL analyses can be useful for relevant analysis of business context (cf. annex 05).
A list of external and internal issues is carried out by a multidisciplinary team. Each issue is identified by its level of influence and control. Priority is given to issues with great influence and poor control.
Minute of relaxation. Game: Context of the company
- diagnosis of the context includes the main external and internal issues
- the core values as part of the corporate culture are taken into account in the context of the company
- the results of the context analysis are widely diffused
- the SWOT analysis includes many relevant examples
- the SWOT analysis is a powerful tool for identifying the main threats and opportunities
- the issues of the context of the company, such as the competitive environment, are not taken into account
- in some cases, the corporate culture is not taken into account
- risk analysis does not take into account strategic issues
- no clear link between the SWOT analysis and the actions undertaken
4.2 Needs and expectations of interested parties
Understand the requirements of interested parties
Requirements ISO 9001 3 to 5
There is only one valid definition of a business purpose: to create a customer. Peter Drucker
To understand the needs and expectations of interested partiesperson, group or organization affected by the impacts from a company (see also ISO 14001, 3.2.3), we must begin by determining those who may be affected by the quality management systemset of processes allowing the achievement of the quality objectives (see also ISO 9000, 3.5.4), such as:
- employees
- customers
- external providers
- owners
- shareholders
- bankers
- distributors
- competitors
- citizens
- neighbors
- social and political organizations
A list of interested partiesperson, group or organization affected by the impacts from a company (see also ISO 14001, 3.2.3) is created by a multidisciplinary team. Every interested partyperson, group or organization affected by the impacts from a company (see also ISO 14001, 3.2.3) is determind by its level of influence and control. Priority is given to interested partiesperson, group or organization affected by the impacts from a company (see also ISO 14001, 3.2.3) with great influence and poor control.
The customer is king but we still can fight against rudeness. This example is from the restaurant La petite Syrah in Nice and its coffee prices:
“A coffee”...................................7 €
“A coffee, please”...............4,25 €
“Hello, a coffee, please”....1,40 €
Anticipating the reasonable and relevant needs and expectations of interested partiesperson, group or organization affected by the impacts from a company (see also ISO 14001, 3.2.3) involves:
- meeting the requirements of the product or service offered
- preparing to address risks
- finding improvement opportunities
When a requirementexplicit or implicit need or expectation (see also ISO 9000, 3.6.4) is accepted, it becomes an internal requirementexplicit or implicit need or expectation (see also ISO 9000, 3.6.4) of the QMSQuality Management System.
Quality means including the customer's point of view from design to final recycling
- the list of interested parties is updated
- the needs and expectations of interested parties are established through meetings on-site, surveys, roundtables and meetings (monthly or frequent)
- the application of statutory and regulatory requirements is a prevention approach and not a constraint
- statutory and regulatory requirements are not taken into account
- the delivery time is not validated by the customer
- the expectations of interested parties are not determined
- the list of interested parties does not contain their area of activity
4.3 Scope of the QMS
Define the scope of the QMS
Requirements ISO 9001 6 to 12; requirements IATF 16949 1 to 4
In many areas, the winner is the one who is best informed. André Muller
The scope (or in other words, the perimeter) of the quality management systemset of processes allowing the achievement of the quality objectives (see also ISO 9000, 3.5.4) is defined. Support functions such as design and engineering centers, distribution centers or other offices and sites are included in the scope.
When a requirementexplicit or implicit need or expectation (see also ISO 9000, 3.6.4) cannot be applied, a justification is included in the documented informationany support allowing the treatment of information that is maintained and is available to any interested partyperson, group or organization affected by the impacts from a company (see also ISO 14001, 3.2.3). The exclusion of design requirementsexplicit or implicit need or expectation (see also ISO 9000, 3.6.4) for manufacturing processesactivities that transform inputs into outputs (see also ISO 9000, 3.4.1) is never permitted for an automotive company.
The specific context of the company is taken into account to determine the scope of the QMSQuality Management System including:
- issues (cf. sub-clause 4.1)
- products and services
- corporate culture
- environment:
- social
- financial
- technology
- economic
- requirements of interested parties (cf. sub-clause 4.2)
- customer requirements
- outsourced processes
- the scope is relevent and available upon request
- non applicable requirements (product design and development) are justified in writing
- customer-specific requirements are included in the scope of the QMS
- some products are outside the scope of the QMS without justification
- the paint shop is not included in the scope of the QMS
- the requirements of a customer are not accepted and no justification is present
- the scope is obsolete (a new subsidiary is not included)
4.4 QMS and its processes
QMS requirements, processes and interactions
Requirements ISO 9001 13 to 24; requirements IATF 16949 5 to 19
If you cannot describe what you are doing as a process, you do not know what you're doing. Edwards Deming
The requirementsexplicit or implicit need or expectation (see also ISO 9000, 3.6.4) of the ISO 9001 and IATF 16949 standards include:
- management through quality and
- the control of business processes
To do this:
- the quality management system is:
- established
- documented (a simple and sufficient documentation system is set up)
- implemented and
- continually improved
- the quality policy, objectives, resources and the work environment are determined
- risks are determined and actions to reduce them are established (cf. sub-clause 6.1)
- the core necessary QMS processes are controlled:
- corresponding resources are ensured
- the inputs and outputs are determined
- the necessary information is available
- owners are appointed (responsibilities and authorities defined)
- sequences and interactions are determined
- each process is measured and monitored (established criteria)
- objectives are set and performance indicators analyzed
- process performance is evaluated
- necessary changes are implemented to achieve the expected results
- actions for continual improvement of processes are established
- audits and reviews of the QMS are performed regularly
- the necessary minimum ("as much as needed") of documented information on the processes is maintained and retained ( )
The quality manualdocument specifying the general measures taken by an organization to obtain conforming products or services (see also ISO 9000, 3.8.8) is not a requirementexplicit or implicit need or expectation (see also ISO 9000, 3.6.4) of ISO 9001 version 2015, but of IATF 16949 (cf. sub-clause 7.5.1.1). It is always a possible method to present the companya structure that satisfies a need, its QMSQuality Management System and its proceduresdocument describing the to carry out a process (see also ISO 9000, 3.4.5 and documented information) and processesactivities that transform inputs into outputs (see also ISO 9000, 3.4.1) (cf. annex 07).
The requirementsexplicit or implicit need or expectation (see also ISO 9000, 3.6.4) of IATF 16949 include the conformityfulfillment of a specified requirement (see also ISO 9000, 3.6.11) of processesactivities that transform inputs into outputs (see also ISO 9000, 3.4.1), productsany outcome of a process or activity (see also ISO 9000, 3.7.6), spare parts and all that is provided by external providersan entity that provides a product (see also ISO 9000, 3.2.6).
Conformityfulfillment of a specified requirement (see also ISO 9000, 3.6.11) is in relation with applicable statutory and regulatory requirementsexplicit or implicit need or expectation (see also ISO 9000, 3.6.4) (cf. sub-clause 8.4.2.2).
Productany outcome of a process or activity (see also ISO 9000, 3.4.2) safety is described in the processactivities that transform inputs into outputs (see also ISO 9000, 3.4.1) "Guarantee product safety", cf. annex 03.
Productany outcome of a process or activity (see also ISO 9000, 3.4.2) and processactivities that transform inputs into outputs (see also ISO 9000, 3.4.1) management related to productany outcome of a process or activity (see also ISO 9000, 3.4.2) safety includes:
- statutory and regulatory requirements for product safety
- customer notification of product safety requirements
- approvals of process and product FMEAs and control plans by the customer for product safety
- special characteristics related to product safety
- monitoring of special characteristics in production
- reaction plans when objectives are not achieved (cf. sub-clause 9.1.1.1)
- managing problems through the escalation process including assigning responsibilities and notifying the customer
- training of personnel involved in safety-related products or processes
- the assessment of the safety impacts of the changes (cf. sub-clause 8.3.6)
- the transfer of security and traceability requirements along the supply chain, including the sources designated by the customer (cf. sub-clauses 8.4.3.1 and 8.5.2.1)
- lessons learned from new product launches, cf. annex 26
The ISO guide “The integrated use of management system standards” of 2018, contains relevant recommendations on the integration of management systems.
Pitfalls to avoid:
- going overboard on quality:
- a useless operation is performed without adding value and without the customer asking for it - it is a waste, cf. quality tools D 12
- having all procedures written by the quality manager:
- quality is everybody's business, "the staff is conscious of the relevance and importance of each to the contribution to quality objectives", which is even more true for department heads and process pilots
- forgetting to take into account the specificities related to the corporate culture:
- innovation, luxury, secrecy, authoritarian management (Apple)
- strong culture related to ecology, action and struggle, while cultivating secrecy (Greenpeace)
- fun and quirky corporate culture (Michel & Augustin)
- liberated company, the man is good, love your customer, shared dream (Favi)
The requirementsexplicit or implicit need or expectation (see also ISO 9000, 3.6.4) of the ISO 9001 standard are shown in figures 4-1:
Figure 4-1. The requirements of the ISO 9001:2015 standard
The requirementsexplicit or implicit need or expectation (see also ISO 9000, 3.6.4) of the IATF 16949 standard are shown in figures 4-2:
Figure 4-2. The requirements of the IATF 16949:2016 standard
- the process map has enough arrows to show who the customer (internal or external) is
- for a process, it is better to use a lot of arrows (several customers) rather than to forget one
- reveal the added value of the process during the process review
- the analysis of process performance is an example of continual improvement and evidence of the effectiveness of the QMS
- top management regularly monitors the objectives and action plans
- the commitments of top management on continual improvement are widely diffused
- applicable safety statutory and regulatory requirements are identified and updated
- product safety is included in control plans and FMEAs
- the purpose of each process is clearly defined
- some process outputs are not set correctly (customers not considered)
- process efficiency criteria are not established
- the process owners are not formalized
- outsourced processes are not determined
- very real activities are not identified in any process
- control of outsourced services is not described
- sequences and interactions of certain processes are not determined
- criteria and methods for ensuring effective processes are not determined
- monitoring the performance of certain processes is not established
- QMS resources do not allow achievement of quality objectives
- the QMS is not updated (new processes not determined)
- certain statutory and regulatory safety requirements are not taken into account
- product safety is not included in control plans and FMEAs
- the threats and weaknesses identified in the SWOT analysis remain without actions
The rest of the T 16v16 IATF 16949 readiness version 2016 training is accessible on this page.
See also the training T 36v16 Internal audit IATF 16949 and the training package IATF 16949.