How to define the context of the organization in IATF 16949:2016

Reading through the IATF 16949 standard, it’s clear that there are no extra requirements for identifying the context of the organization beyond those listed in ISO 9001:2015. So, an organization only needs to make sure it fulfills the ISO 9001 requirements to ensure compliance with IATF 16949.

Being one of the new requirements in the latest versions of ISO 9001 and IATF 16949, context of the organization is often one of the more confusing aspects of implementation. The requirement states that the organization must take into account all issues, both internal and external, that could have an impact on its Quality Management System (QMS) and/or on its strategic objectives. Basically, the entire concept of clause 4, and how it’s applied, have changed, and the requirements concerning context of the organization are rather murky—so what exactly is an organization to do if it wants to comply?

IATF 16949 clause 4, Context of the organization, mandates that the organization is to evaluate itself, and the context in which it operates. What this means, in essence, is that you have to determine what factors—both inside your company and outside—can affect your organization, and how these might influence things like:

  • company culture
  • strategic objectives and business goals
  • product quality and complexity
  • communication and information flow
  • the organization’s size, market share, and customer base
  • the Quality Management System itself
  • risks and opportunities for the company


Where do you start?

The IATF 16949 standard doesn’t actually specify any particular method for identifying the context of the organization, but there are some basic steps to follow and milestones to reach along the way.

So, where do you start? Well, that depends on where you’re starting from. Have you already implemented a QMS based on ISO 9001? If so, then there is very little else you’ll have to do, because IATF 16949 follows ISO 9001 exactly, and doesn’t add any requirements to the mix.

But, if you are starting from ISO/TS 16949 and transitioning to the new standard, you may have a bit more work to do. You’ll need to go through the documentation you already have and see what is useful, what parts of your organization’s context have already been identified, etc. Most of this information should be available in your Quality Manual, so you can probably just update that material and avoid starting from scratch.

Now, if you are starting from the beginning and implementing this standard for the first time, the first thing you need to do is read the ISO 9001:2015 standard and become familiar with its requirements. You will probably need to purchase the standard yourself, as IATF 16949 cannot include the ISO text due to copyright laws.

The following figure outlines the common steps to take when identifying the context of the organization:

How to define the context of the organization in IATF 16949:2016 - 16949Academy

Figure 1: Steps in determining context of the organization

Defining internal and external issues

Clause 4 is rather vague in its requirement of defining internal and external issues, which can lead an organization to cast too wide a net—concentrate on just those issues that could impact the organization’s ability to deliver quality products or services, and the satisfaction of its customers.

The internal context is the environment an organization operates in. This environment is not only physical, but encompasses the organization’s obligations to its customers, its company culture, its attitude toward leadership roles, and the requirements of other interested parties. When determining internal context, you must keep in mind the overall culture, values, and ethics within the company, plus the organizational structure and process complexity.

When defining the external context of the organization, you should take into account the legal, technological, political, ethical, and social issues, as well as environmental concerns and social factors. Some components of the external context often include:

  • technological advancements
  • the competitive landscape
  • changes to legal and other regulations
  • fluctuations in the local economy and market share
  • effects of incidents and situations on the company’s reputation

For the most part, an organization’s top management will keep this sort of information in the backs of their minds—but, to take a systematic look, you may need them to sit down together for a brainstorming session. It’s worth the effort, as properly organizing and examining this information will be a valuable part of understanding your organization’s context.

Do other people’s opinions really matter?

The standard requires that you identify relevant interested parties, which basically means that you must determine whose opinions, as they relate to your organization, really matter.

These interested parties might include clients or customers, suppliers, end users, partners, and regulatory bodies, as well as employees and other people inside the organization, owners and shareholders, and the community at large. In short, interested parties are anyone who impacts your organization, or could be impacted by your organization. In order to implement an effective and efficient QMS, it’s critical to identify these parties’ needs and expectations—and fulfill them as much as is feasible. In return, they will provide important feedback that can help in the continual improvement of your quality management efforts.

Should we document this information?

After gathering all of this data, it’s time to decide if you want to document it—and, if so, to what extent. You aren’t required by the standard to document your organizational context, but you do have to monitor it on a regular basis.

Of course, you’ll want to document certain components of your internal context, through process mapping, organizational charts, etc., but whether or not you choose to document the rest should be based on the size and complexity of your company.

So, where does all this information go? The easiest and most practical approach is to add or update this information in your Quality Manual. It’s a broad, general overview of your QMS, and as it already contains much of the previously required information, you’ll just have to insert information relating to internal and external contexts and interested parties. Besides the ease of updating the Quality Manual, those people inside your company are already familiar with it, so they won’t have to learn lots of new information or figure out new documentation structure. But, if you would rather start from scratch, you can always create a whole new document that only deals with this new information.

Going further, you should think about whether you need to document a procedure for how to define the context, who is involved, and how and when it is monitored and reviewed. It may sound like extra work, but it can be helpful, particularly when you’re just starting out with the new requirements, and those people involved could use some guidance.

But, wait—there’s more

After all that work is done, you must be sure to regularly monitor and review your company’s internal and external contexts, with the help of top management. With this new understanding of the organizational context, analyses such as PEST (Political, Economic, Social, Technological) and SWOT (Strengths, Weaknesses, Opportunities, Threats) can help your organization really take advantage of this new requirement.

Scrambling to document a new requirement like context of the organization, and then abandoning it, might seem like the easy way out, but don’t waste all that effort. Everything you learned when defining the context can be put to good use as you look for ways to continually improve your processes, and learning interested parties’ opinions about your company will only help you along the way.

This free white paper will provide you with details of the most important documents: Checklist of Mandatory Documentation Required by IATF 16949:2016.

Advisera Strahinja Stojanovic
Author
Strahinja Stojanovic

Strahinja Stojanovic is certified as a lead auditor for the ISO 13485, ISO 9001, ISO 14001, and OHSAS 18001 standards by RABQSA. He participated in the implementation of these standards in more than 100 SMEs, through the creation of documentation and performing in-house training for maintaining management systems, internal audits, and management reviews.