Clause 4.2 Understanding the Needs and Expectations of Interested Parties

Table of Contents

“Interested parties, who are they?” Some people refer to this term as ‘stakeholders’, and that term is provided in clause 3.2.3 of ISO 9000:2015. Let’s take a look at the ISO 9000:2015 definition for an interested party:


“person or organization that can affect, be affected by or perceive itself to be affected by a decision or activity”

Dissecting this definition reveals that an interested party could be anyone, regardless of whether they make a transaction with your organisation or not. An interested party might be something quite abstract like a focus group situated anywhere in the world who have an interest in banning the use of a particular chemical. Unfortunately, you use that particular chemical in your production and their campaigning could have a negative effect on your customers.

How Many Interested Parties Do We List?

Of course, once you start down the rabbit hole of listing your interested parties, how deep do you go? Well, the important word provided by ISO 9001:2015 is relevant’. The standard requires that you determine the interested parties that are relevant to your management system and which of their requirements are also relevant. It’s at this point that adopting a risk-based approach becomes important. It’s advisable to recognise those interested parties that could harm you the most if things were to go wrong, and then work backwards from there. One might use a scoring matrix such as the commonly used likelihood x severity. If this is designed to produce a range of scores from 1-20 you might decide that any score of 10 and above is an interested party that you need to capture and monitor their needs etc.

Your list of interest parties is going to be dictated by who you are and what you do (organisational context), but some of the more common interest parties include:

Some Common Interested Parties

  • Customers: it’s pretty obvious that if you don’t have customers then you don’t have a business. Anyone who ignores the requirements of their customers does so at their peril.
  • Suppliers: what do you need from them and what do they want in return from you? Are you meeting their needs effectively? Have you divided your risk point of failure between suppliers?
  • Regulators: are you meeting the compliance requirements that are placed upon you by local/national enforcement bodies? What might be the consequences should you fail to do so? Is there a process in place for this and who is responsible for it? Is the process reviewed regularly?
  • Legislation: we are all expected to act within the confines of the law without exception. Instances of theft, fraud and racial discrimination etc are all enforceable with fines and/or prison sentences.
  • Employees: expect to remain gainfully employed permanently. They also expect to receive a fair wage and good, safe working conditions. Equality, discrimination, motivation and reward are all terms that you should be considered when focusing on the needs of employees.
  • Focus Groups: these might include groups of individuals that are interested in safety, environmental issues, equal rights, fair trade and social responsibility etc. Are you aware of any such groups that might, or could possibly affect your organisation and its activities?
  • Social media: although a little abstract, social media platforms could affect your organisation both positively and negatively. Are you monitoring the effects of social media on your organisation? Do you have a process for this and do you really need one? The effects of social media cannot be ignored but should you prioritise this as a risk, opportunity or both?
  • Emergency services: what do they want from you? Site maps, drain maps, water points, pressure systems, emergency evacuation procedures and responsible persons etc are all things that must be documented and provided to the emergency services.
  • Neighbours: people or businesses that exist geographically close to your site expect to live in a noise-free, pollution-free environment. They don’t expect to have the dangers of heavy vehicles speeding past their homes or making deliveries at unreasonable times of the night or early morning.

What Do your Interested Parties Want From You?

As mentioned earlier, these are the most common interested parties that would apply to almost all businesses. I’m certain that your organisation could add to this list with some interested parties that are specific and unique to you. After identifying your list of interested parties, you next have to decide what they want from you, and how you are servicing that need. As already stated, you are only required to identify and service the needs of interested parties that you decide are relevant.

Some questions To Ask Yourself

When identifying and considering the requirements of interested parties you might want to ask the following questions:

  • Does the interested party pose a risk to the organisation?
  • Could the risk directly affect the customer?
  • What level of risk might this be?
  • How are we mitigating that risk?
  • Do we have a process to manage the risk?
  • Who is responsible for it?
  • How often is it reviewed?

Where is the best place to discuss and manage the concept of risk? Well, a management review would be a good place to begin. In fact, clause 9.3.2(e) management review inputs require that you consider:

“The effectiveness of actions taken to address risks and opportunities” (6.1)

Actions To Address Risks and Opportuntities

The (6.1) refers to the clause requirement of the standard where you are required to take actions to address your risks and opportunities. All things considered, it makes sense for any organisation to be aware of those interested parties that are relevant to them and to manage their needs and expectations accordingly. I’m stating this independently and regardless of the requirements of ISO 9001:2015. It’s all about adopting a proactive approach to risk management. Of course, where there is risk there may also be an opportunity and ISO 9001:2015 requires that you devote equal attention to both risks and opportunities.

The use of both the PESTLE and SWOT analysis tools is useful to help you in this process. Try to involve as many people from across-departments as possible when performing this exercise. Although it is a top management activity, having representatives from a broad range of the organisation will offer different, and often fresh perspectives. Be aware that the requirements of interested parties are likely to change over time and so the process should be performed and reviewed regularly. There is no requirement for you to document this activity, but from a maintenance and management perspective, it makes perfect sense to do so.

References: 

  • www.iso.org
  • ISO 9000:2015
  • ISO 9002:2015
  • ISO 14001:2015
  • ISO 45001:2018

Please be kind, share and create a link back to this article.

(c) All content is copyrighted to ISO Training UK – All rights reserved 2022.

Author Bio

Paul Ingram has over 15 years of experience working in quality, health and safety and environmental management. Specialising as a trainer, he has provided training to thousands of delegates for small and multi-national businesses across the globe. A specialist in management system training and able to design and deliver courses for ISO 9001, 45001 & 14001. This includes implementation, Introduction, Internal Auditor, Lead Auditor, Remote Auditing, Management Brief and many more. For more information about booking a course visit: ISO Training & Consultancy

You cannot copy content of this page