Context of the Organization – Interested Parties
This is one way of looking at Interested Parties. Other consultants look at it differently. You need to decide what works best in your company.
Scope, requirement hasn’t changed, Assume you reviewed it and it accurately represents your organization
Who are the interested parties?
This changes from company to company only you can determine who the interested parties are. In previous revisions of ISO we were mostly concerned with the customer with some interest in our suppliers and our employees. But nothing was formalized and there wasn’t a direct consideration of risk/opportunity.
¡ People who have a stake in what and how your organization performs in producing products or services which meet the customers’ requirements
¡ Are relevant to the QMS
While section 4.2 of the ISO 9001:2015 standard does not require you to identify the risks and opportunities, they should be included in section 6.1. So we’ll go over that now and save repetition later.
Risk negative or positive, ISO 31000, 14001 opportunity, Interested Parties can be both
Here is a side point in ISO 9001 risk is considered to be either negative or positive. In ISO 31000 and ISO 14001 they consider risk as negative and opportunity as positive. Keep that point in the back of your mind in-case an auditor challenges the term “opportunity” and be prepared to say in your company opportunity means positive risk. You can use whatever name you want. I have a client who names quality objectives as “rocks”. It is a term everyone there knows and understands and it meets the standards requirements for quality objectives so the auditors don’t challenge the name.
Interested Parties effect the QMS
Interested parties effect the QMS. This is important because this may or may not include the customer, the end users and your competitors.
One way to look for Interested Parties is to consider the following areas. Again you may not have all of these and you may think of some not included in this presentation. It is up to you to identify the interested parties for your company.
- Suppliers – Providers of raw material, components, sub-assemblies, finished product and services
- Internal groups – Employees, unions, stock holders, management
- Intermediaries – The most common is a distributor but there are also aftermarket service groups
- Alliances – A bank may recommend a consultant they think will increase the company’s profitability, while the consultant may recommend a bank to clients who are having banking issues
- Influencers – Think of peer groups, councils, chambers of commerce
Organizing Interested Parties
There is more to be done than just list the interested parties. Some of the interested parties can provide both a risk and an opportunity. For example a supplier performance issue presents a risk to you meeting your customers’ requirements. However, if they are a leader in their industry they could provide you with a competitive advantage with a new product none of your competitors has access to use.
Slide 10 – Risks and opportunities
So let’s start the table.
| Interested Party | Concern | Risk | Opportunity |
| Suppliers | Their reputation and quality/delivery/price influences yours | Nonconformance | Superior performance |
| Employees | Is it stable? Do they have pride of workmanship? | Controls product quality | Source of innovation |
| Shareholders | Source of investments, company direction | Looking for short term ROI | Supports re-investing |
| Community | Impact on your reputation, and ability to produce | Demands which reduce profits | Promotes development |
| Intermediaries | Increased sales, impacts your reputation | Damage to product | More contacts/sales |
| Alliances | Increased opportunities, concerns for reputation | Your reputation is tied to theirs | Increased sales |
| Interested party | Concern | Risk | Opportunity |
| Influencers | Is their advice of value | Different frame of reference | Wide range of experience |
| Regulators | Compliance | Not managing changes | Good rating |
| Certifying bodies | Do they understand the organization and the standard(s) | Dependent on auditor training | Global view of QMS |
You get the idea.
Controlling Risk from Interested Parties
Now that you have a list of your interested parties and the concern or impact they have on your company with the inherent risks or opportunities, you need to monitor and control your risk and capitalize on your opportunities. So let’s add a column.
| Interested Party | Risk | Opportunity | Monitor | |||
| Suppliers | Nonconformance | Superior performance | Annual performance review/ random inspection | |||
| Employees | Controls product quality | Source of innovation | Annual performance review | |||
| Shareholders | Looking for short term ROI | Supports re-investing | Review BOD reports | |||
| Community | Demands which reduce profits | Promotes development | Community newsletters, membership in community organizations | |||
| Intermediaries | Damage to product | More contacts/sales | Reports of NC and Sales | |||
| Alliances | Your reputation is tied to theirs | Increased sales | Monitor press releases Qtrly Sales | |||
| Influencers | Different frame of reference | Wide range of experience | Monthly meetings | |||
| Regulators | Not managing changes | Good rating | Regulator updates/ ratings | |||
| Certifying bodies | Dependent on auditor training | Global view of QMS | Annual surveillance audit | |||
Of course these controls are typical examples and you should define what works for your company. The point is you should have a way to monitor and address risk and capitalize on opportunities.
Documenting Interested Parties
When the auditor arrives they are going to ask, “Who are your interested parties?” There is no requirement in the standard that you list interested parties.
You must communicate to your organization who are the interested parties and how they will be monitored.
So when identifying Interested Parties think about who affects or has the potential to affect your QMS
Let your common sense guide you on identifying the Interested Parties, Don’t worry, you can do this. If you need help, e-mail me at technacon1986@sbcglobal.net or call (708) 814-3685.
The next presentations will be on internal and external influences.
6.1 & 4.1 & 4.2 are the MOST confusing I have ever read in 30 years, can you tell is it even possible to achieve 10% of what the ISO committee came up with in these 3 sections
This is WRONG: “You must communicate to your organization who are the interested parties and how they will be monitored.” It is the RELEVANT REQUIREMENTS from interested parties that needs monitoring.
There is MUCH confusion regarding suppliers are their role in “interested parties”. Suppliers (and now, external providers) are controlled under 8.4. If an organization determines that they are in fact, an “interested party”, then the organization must deem what the SUPPLIER EXPECTS OF THEM, not the other way around. The “other way around” is already subject to the requirements of 8.4.
In section 4.2 it does require the organization to understand the requirements of the interested parties. It does not require you monitor the needs of the interested parties but to evaluate the risk and opportunity and how you monitor so you can react to the risk/opportunity.
The new edition of the standard does leave a lot of confusion with terms and generalization. The idea was to make the standard easier to use by service organizations. The result was confusion with for companies who already implemented previous versions of the standard. The idea in section 4.1 and 6.1 was to better communicate ideas and decisions top management make. In determining internal and external (4.1) issues the concept is to brainstorm and thing through influences and impacts on your business. Some of these impacts/issues you can control; those are internal issues. Some are out of your control but still can help or hurt your business; those are external issues. Section 6.1 is the level of risk management is willing to accept and when is action required. Think of it like crossing the street. You look both ways and if no cars are coming you cross. Now if it is a busy street you evaluate if you can cross before a car gets to your position in the road. Those you deem far enough away to safely cross are acceptable risks, your not concerned. Those that are closer and you will have to run to make it across are an acceptable risk provided they don’t speed up and you are a good runner. It is a risk you will monitor but not react at the current moment. Those to close for you to cross are the high risk issues you have to address now. As for interested parties, I think the idea was to get away from tunnel vision of focus only on customers and suppliers. Other entities impact your business, are you looking at that or is a unionization of your workers going to blind-side you? You are right, compared to the previous versions, the 2015 edition can feel about as clear as mud.