Scope of the Organization

The High Level Structure (HLS) for management systems (which could be ISO 9001:2015, ISO 14001:2015 and the pending ISO 45001), states the following requirements for clause 4.3,

Clause 4.3 Determining the Scope of the Management System

4.3 Determining the scope of the management system

The organization shall determine the boundaries and applicability of the management system to establish its scope.

When determining this scope, the organization shall consider:

• the external and internal issues referred to in 4.1;
• the requirements referred to in 4.2,

The scope shall be available as documented information.

Additionally, it is stated within the definition of 3.04 management system that:

The scope of a management system may include the whole of the organization, specific and identified functions of the organization, specific and identified sections of the organization, or one or more functions across a group of organizations.

What Does This Mean?

Management system requirements and HLS requirements are intended to be generic and applicable to all organizations, regardless of type, size, products or services.  However, the boundaries and applicability of the QMS need to be determined, documented, available and maintained.

As an organization when determining the scope, the following is to be considered:

• the external and internal issues (context) determined (clause 4.1)
• the requirements of relevant interested parties (clause 4.2)

Application to Standards:

ISO 14001:2015 also requires the consideration of:

• activities, products and services undertaken or provided
• compliance obligations
• organizational units, functions and physical boundaries
• what it can control and influence

All clause requirements are applicable to an organizations system.

ISO 9001:2015 also requires the consideration of:

• the products and services of the organization
• justification for any instance where a requirement cannot be applied.

If any requirement/s cannot be applied or is/are not applicable and does not affect the organizations ability or responsibility to ensure conformity of products and services, they can be stated as not applicable, however they have to be justified.

When deciding whether a requirement in ISO 9001:2015 cannot be applied to an organization, ask the following questions:

• what problem could occur in the absence of this requirement?
• Would meeting the requirement increase customer confidence?
• If the organization is not responsible for the requirement, then who is?
• Is this a process that is required, however which is outsourced to a third party?

Examples of an Organizations Scope

Some examples of an organizations scope could include:

• Sales, compliance, build, delivery, installation, support, service and maintenance of communication services as per customer requirements.
• Manufacture, design and supply of architectural membrane structures excluding installations.
• Bulk earthworks, civil construction, plant hire, heavy haulage and workshop activities.
• Design and development is not applicable to the organizations activities.

What an Auditor Looks For

An organization is required to document the scope, so therefore this might be within any type of document such as a:

• Policy
• Manual
• Business plan
• Scoping statement

The Standards do not require the documented scope to be within any specific document, however as auditors we are looking for it to be documented (written down) whether this is hard copy, electronic or within an intranet/internet site.

When reading the scoping statement, the auditor should easily be able to identify the areas, processes, departments and even locations that are applicable to the management system.  As well as for a quality management system what areas are NOT applicable. 

As an auditor this information is ‘gold’ as this is where the sampling of evidence throughout the audit will come from.  The evidence will come from within the scope of the organizations management system, so always remember to stay within scope.