Welcome back to this blog. In this entry I will analyze Subclause 4.2 Understanding the needs and expectations of interested parties, of ISO 9001: 2015 standard.
As I have already mentioned in another previous entry, this Sub-clause
4.2, together
with 4.1, are characterized by containing the least
understood and applied requirements of the entire ISO 9001
standard. That is why
I recommend you dedicate the necessary time and effort to understand them properly.
To do this, I will start by identifying, based on the information
presented in this subclause, and according to the methodology that I have been
using, what its established requirements are, continuing with its progressive numbering
that I will be following for all the requirements of this standard.
To start with the analysis of this subclause, we should consider that every organization has what is called interested
parties, that is, as defined by the ISO 9000:
2015 standard,
"person or organization that can affect, be affected or perceive itself to
be affected by some decision or activity”, and this because it has a legitimate
interest in relation to the performance of said organization, and each of these parties obviously has particular needs and expectations in relation
to it.
The ISO 9000: 2015 standard indicates, as examples of interested
parties, the following: Customers, owners, people in an organization, suppliers, banks, legislators, unions, partners or society in general,
which may include competitors or pressure groups with opposing interests. .
More specifically, Appendix 2 of ISO Annex SL mentions the following as possible interested parties of an organization:
If we consider that the first requirement of this Subclause 4.2 is that the organization shall determine the interested parties that are relevant to the quality management system, we should assume that the first activity must be to carry out a formal analysis, by the organization, by either one or more people, from all of its interested parties, to identify its relevance to the quality management system.
It is important to remember that this subclause of ISO 9001 standard, like 4.1, will lead us to establish input elements for the planning of the quality management system. Similarly, it is important that we remember the
definition established by the ISO 9000: 2015 standard of the term Determination:
“Activity to find one or more characteristics and their characteristic values”.
This same standard also defines the term Characteristic as follows: “Differentiating feature”. For this,
this definition includes three explanatory notes:
Note 1.- A characteristic can be inherent or assigned.
Note 2.- A characteristic can be qualitative or
quantitative.
Note 3.- There are several classes of characteristics, such as the following: a) physical (for example, mechanical,
electrical, chemical or biological characteristics); b) sensory (for example, related to smell, touch, taste, sight and
hearing); c) behavioral (for
example, courtesy, honesty, truthfulness); d)
time (for example, punctuality, reliability, availability, continuity); e) ergonomic (for example,
physiological characteristics, or related to the safety of people); f) functional (for example, maximum
speed of an airplane).
Therefore, that person or group of people who performs this analysis on
behalf of the organization, must identify, among all the interested parties of that organization, those that are relevant to the quality management system, through the identification of its characteristics and characteristic values.
Starting from the determination of the relevant interested parties of an organization, the next step is to establish the relevant requirements of those interested
parties. Within this analysis, we may consider that among the characteristic values of the characteristics of those determined
relevant interested parties, those
relevant requirements of those interested
parties can be determined.
It is important not to lose sight of the fact that this information
determined by the organization, both those interested
parties and their associated requirements, must be aimed at establishing the quality objectives of the organization itself. That is why the standard includes the term "relevant" in both cases.
Similarly, it is important to consider paragraph A.3 of
Appendix A of ISO 9001 standard, which
states that Subclause 4.2 specifies requirements for the organization
to determine the interested parties
that are relevant to the quality management system, but it does not imply that the requirements of the quality management system should be extended beyond the scope of the standard itself, which establishes that this standard is applicable
when an organization needs to demonstrate its ability to regularly
provide products and services that meet customer requirements and applicable legal and regulatory requirements, and that aspires to increase customer
satisfaction.
It also mentions that this standard does not establish requirements for the organization to consider interested
parties when it has decided that those interested parties are not relevant
to its quality management system. It is the organization that decides whether a particular requirement
from a
relevant interested party is
relevant to its quality management system.
This last point is very important, since as in applying Sub-Clause
4.1, the
determination made by the organization with respect to external or internal issues,
as in this case with respect to interested
parties and their requirements, it pertains only to the strategic direction of the organization, and these determinations have the objective of supporting the
establishment, as precise as possible, of the quality
objectives. In a
similar way to what I mentioned in the entry: ISO 9001 –
4.1 – Understanding the organization and its context (Part 2), the establishment of objectives is a basic element for any management system or for the organization in general, since that all the other activities that are going to be
carried out by the organization, within that system, will be to fulfill and verify the fulfillment of
those objectives. However, no auditor or certification
body will be able to qualify whether those interested parties, or their requirements are well or poorly determined, or if those quality objectives are well or poorly established, since they are elements of the strategic direction of the organization itself.
What should be auditable are the actions or mechanisms used by the organization to reach these determinations, so it is important that the organization define, plan and carry out
these actions and mechanisms appropriately. Keep in mind that the better these
relevant interested parties and
their relevant requirements are determined, the more elements the organization will have to establish its quality objectives in a better way.
Relevant interested parties
and their relevant requirements represent important inputs to several other ISO 9001 requirements, including scope, risks and opportunities, and
input to management review, among others.
Appendix
2 of ISO Annex SL mentions some examples of interested parties requirements:
− applicable laws;
− permits, licenses or other forms of authorization;
− government regulations;
− judgments of courts or administrative tribunals;
− requirements of a larger entity to which the organization belongs;
− treaties, conventions and protocols;
− relevant industry codes and standards;
− contracts that have been concluded;
− agreements with customers, community groups or non-governmental organizations;
− agreements with public authorities and customers;
− requirements through the adoption of voluntary principles or
codes of practice;
− voluntary labeling or environmental commitments;
− obligations arising from contractual agreements with the organization.
We can say that success of an organization depends on understanding and satisfying the
current and future needs and expectations of current and potential customers
and end users, as well as understanding and considering those of other interested parties.
To meet the needs and expectations of all interested parties, the organization should:
• identify your stakeholders and maintain a balanced response to their
needs and expectations;
• translate identified needs and expectations into requirements;
• communicate requirements throughout the organization; and
• focus on process improvement to ensure value creation for identified
stakeholders;
• understand the needs and expectations of your customers, including
those of potential customers;
• determine the key features of the product for customers and end users;
• identify and evaluate competitors in your market; and
• identify market opportunities, weaknesses and competitive advantages.
As examples of needs and expectations of customers and users, in
relation to the organization's products, we can mention the following:
The organization should be able to demonstrate that it has identified its interested parties, as well as the needs and expectations of each of them.
From there, in accordance with the requirement of the standard, the organization must track information about these interested parties and their relevant requirements.
This means that the organization should establish a monitoring program, to confirm
that interested parties are kept
identified, as well as the needs and expectations of each one of them, that
communication is maintained with each one of them, and if the performance is
aligned to each one of their needs and expectations. The organization should maintain documented evidence of
this monitoring.
As the last requirement of this subclause, the standard tells us that the organization shall review the information on these interested parties and their relevant requirements.
To do this, the organization should carry out a formal review of its
information on a scheduled basis, to confirm if it is still valid in terms of
their interested parties, as well as
for their needs and expectations, or, if applicable, what adjustments should be
made in this regard. The organization should maintain documented evidence of this
review.
The ISO Auditing
Practices Group indicates, with respect to this sub-clause, that auditors should understand and assess how an organization decides on interested parties
requirements that are relevant to the quality management system, to consider:
• the range of stakeholders considered,
• criteria for selecting relevant stakeholders,
• aspects to select the relevant requirements.
Auditors should be able to conclude on the appropriateness
of these practices and how this information is tracked and reviewed, for
example through management reviews.
Examples of relevant interested
parties are provided in ISO 9000:2015 standard, definition 3.2.3, and clarification related to
these requirements is provided in ISO 9001:2015, Annex A, clause A.3.
The relevant requirements of
those relevant stakeholders should be apparent as inputs to the planning
process, such as potential risks and opportunities. Again, although there is no
requirement to retain documented information, an organization would be expected to keep some record of its analysis for ongoing and
future reference. This could be expressed, for example, as:
• Minutes of meetings
• Tables
• Spreadsheets
• Databases
• Hyperlinks
• External documentation
• Quality manual (if the organization decides to have one)
• Among others.
Auditors should conduct this review in an interview with top management and follow these issues throughout the audit. If documented information is not provided, auditors should
collect objective evidence that the results of this activity are consistently
reflected in the risk and opportunity review, external documentation,
communication, and other relevant areas of their quality
management system.
I hope that this information provides you with more complete information
and helps you better understand and comply with this sub-clause.
Author:
Ernesto Palomares Hilton
Comments
Post a Comment
Nombre:
País:
Comentarios: