Clause 4.3 Determining the Scope of the Management System

Table of Contents

• Example Scope Statement
• The Scope Statement Functions
• Exclusions To Requirements
• The Role of PESTLE and SWOT Analysis
• ISO 14001:2015
• ISO 45001:2018
• For Auditors
• Future Questions That I Will Answer

Building upon the foundation work of clauses 4.1 (context) and 4.2 (interested parties) you are required to determine the scope of your management system. But what exactly is meant by the term scope in this context? The scope of your management system refers to the boundaries of what will be included within the system. The scope statement that you declare will appear upon your certificate of registration if you are successfully certified by an approved, awarding body.

Example Scope Statement

Here is an example of a fictitious scope statement:

“Based in Birmingham UK since 1965, we are the ACME trading company that manufactures precision-made high tensile steel components for the aerospace and automotive industry. We also specialise in bespoke finishing processes including all types of anodising finish”.

A scope statement is usually a very high-level description of who you are and what you do. It does not require any specific detail and it does not have to mention any of the sub-processes that support the overall purpose of the business. For example, in the above statement, there is no requirement to mention the purchasing, finance, HR or training processes as these are common and assumed to be an integral part of a quality management system. Your scope declaration informs a 3^rd-party certification auditor what is applicable to be audited.

The Scope Statement Functions

For a management system to be fully effective, your scope statement should be fully inclusive. In other words, it should include all parts, processes and functions of the organisation. If this is not done, there will be pockets of potential weakness that are not guided by the requirements or best practices of the management system. With this in mind, it makes very good sense to include all aspects of everything that you do within your scope statement. Your scope statement is the boundary of your management system and can be thought of as consisting of two parts:

• Inclusivity of your functions and processes: as mentioned earlier, is your management system intended to include all aspects, functions and processes of the organisation or just parts of it? Does it include all geographical locations or only certain sites? Will there be any exclusions, and if so, what would be the reason for this?
  
  
• Management system requirements: will all of the requirements of the particular standard apply to you or will you declare exclusions because they don’t apply. A very common example of this is clause 8.3 Design & Development. Many organisations either purchase design and development functions from a 3rd party or they are obtained from the customer. If this sounds like you, then could (possibly) declare an exclusion from the requirements of this clause. A word of caution here, you might well be performing design activities without realising it for example the design of a training program or the design of a non-routine maintenance procedure. Please remember that ISO 9001:2015 is focused on both products and services.
  
  
  
  

Exclusions To Requirements

If you do decide to declare an exclusion from a particular requirement, be aware that a 3^rd-party certification auditor will examine any exclusion with great interest. It should now be clear that your scope statement informs a certification auditor about what parts of the organisation are to be included within an audit, and also what requirements of a standard will apply. As I stated earlier, it makes sense for all parts of the organisation to be included with the requirements of the management system. Internally, this also eliminates any confusion because all departments will be aware that they are working within the requirements of the management system.

Let’s take a look at what the requirements for ISO 9001:2015 clause 4.3 are:

When determining the scope, your organisation shall consider:

1. The external and internal issues referred to in 4.1
2. The requirements of relevant interested parties referred to in 4.2
3. The products and services of the organisation
   
   

The Role of PESTLE and SWOT Analysis

In the chapter where I discussed clause 4.1 requirements, I mentioned the benefits of performing both a PESTLE and SWOT analysis. Just to remind you that a PESTLE analysis looks at all things political, economical, social, technological, legal and environmental both from a risk and opportunities perspective. How you decide to manage the results of this analysis will be dictated by your strengths and weaknesses as identified by your SWOT analysis. Strengths and weaknesses describe internal qualities while opportunities and strengths are external factors. The information gained from these exercises should also help to shape your scope statement.

The work that you perform to satisfy the requirements of clause 4.2 will also be helpful in constructing your scope statement. For example, your PESTLE analysis has identified the opportunity for a new product or service. The parts (or materials) required for the new product/service will involve a new supplier, a new site for production, new staff and bespoke delivery requirements. If you have an existing scope statement, this will require a revision to include the new site etc. If you are at the planning stages of preparing for certification, then this information will ensure that your scope statement is accurate and a true reflection of your organisation.

This is the first clause requirement within ISO 9001:2015 where there is a requirement for documentation to be maintained.

ISO 14001:2015

Due to the high-level structure, the requirements for this clause remain essentially the same as for ISO 9001:2015 except for the following:

Clause 4.3

b) Compliance obligations referred to in clause 4.2: this refers to any compliance obligations, legal or otherwise that come from the needs or expectations of interested parties. For example, there might be a clause in a contract that requires all materials to be 100% recyclable with zero waste to landfill. This may or may not have a bearing on your scope statement.

c) Its organisational units, functions and physical boundaries: as mentioned earlier, is it all functions and processes across all sites or just particular processes on a single site? Where does the boundary of your management system lie and will this alter your scope statement?

e) Its authority and ability to exercise control and influence: are you employing subcontractors, outsourcing work or dealing with suppliers? What environmental control do you have over their activities and functions? Will any of this alter your scope statement?

ISO 45001:2018

Due to the high-level structure, the requirements for this clause remain essentially the same as for ISO 9001:2015 except for the following:

Clause 4.3

1. Take into account the planned or performed work-related activities: this is just a bloated way of asking you to consider all and everything that you do when considering how to construct your scope statement. The only difference here is the word ‘planned’. This obviously is referring to a future event. If you plan to expand your activities to a new site sometime in the near future for example, then you might want to consider how this might affect your scope statement.
   
   

For Auditors

• Check for the existence of a maintained scope statement.
• Investigate its accuracy through a conversation with top management.
• Investigate if any planned changes might affect the statement.
• Investigate any exclusions to requirements that have been claimed.
  
  

Future Questions That I Will Answer

• What is the scope of an audit?
• Who determines the audit purpose scope and standards?
• What is meant by the scope of processes?
• How do you write an audit scope?
• When can a site change its scope of certification?
• What are the 5 steps of defining scope?