ISO 9001 All

    News & Commentary on ISO Management System Standards

    ISO 9001 Context of the Organization (COTO): DOs and DON'Ts
    ISO 9001 Context of the Organization (COTO): DOs and DON'Ts

    COTO Jigsaw-2-1-1

    Practical advice on ISO 9001:2015 Clauses 4.1 and 4.2 

    In this article, we are going to consider the first two ISO 9001 clauses in Part 4 of the Quality Standard, ISO 9001:2015, namely, Context of the Organization.

    NOTE: The advice given here also applies to ISO 14001, ISO 27001, ISO 45001 and other standards having the same HLS structure as ISO 9001.

    Table of Contents

    Context of the Organization (COTO)

    Part 4 is a new section that establishes the context of the Quality Management System (QMS) and how the business strategy supports this. The ‘context of the organization’ (frequently referred to as COTO) is the section that underpins the rest of the new standard.

    ISO 9001 Clause 4.1: The organization will need to determine external and internal issues that are relevant to its purpose and would have an impact on what the organization does.

    ISO 9001 Clause 4.2: The organization will need to identify the “interested parties” that are relevant to their QMS. Each organization will identify their own unique set of “interested parties” and over time these may change.

    ISO 9001 Clause 4.3: The scope of the QMS must be determined which should consider any outsourced functions or processes if they are relevant. The new standard does not make any reference to exclusions.

    However, in Annex A, the standard clarifies that the organization cannot decide a requirement to be not applicable if it falls within the scope of its QMS.  Conversely, the organization can decide a requirement to be not applicable if it cannot, rationally, be included within the scope of its QMS. 

    ISO 9001 Clause 4.4: The final requirement of Part 4 is to establish, implement, maintain and continually improve the QMS. We are going to consider ISO 9001 Clauses 4.1 and 4.2. We’ll examine ISO 9001 Clauses 4.3 and 4.4 in a later Article.

    New call-to-action


    4.1 Understanding the Organization and its context

    An understanding of the context of an organization is used to establish, implement, maintain and continually improve its QMS.  The internal and external issues that are determined here can result in risks and opportunities to the organization or to the quality management system.  

    Examples of internal issues relevant to the context of the organization

    • its activities, products and services,
    • strategic direction,
    • culture and capabilities (i.e. people, knowledge, processes, system),
    • values, knowledge and performance of the organization.

    SWOT Analysis

    SWOT Analysis is frequently used to establish the relevant internal issues. The four elements here are:

    • Strengths: Describe what an organization excels at and what separates it from the competition: a strong brand, loyal customer base, a strong balance sheet, unique technology, and so on.
      • Weaknesses: Stop an organization from performing at its optimum level. They are areas where the business needs to improve to remain competitive: a weak brand, higher-than-average turnover, high levels of debt, an inadequate supply chain, or lack of capital.
    • Opportunities: Refer to favourable external factors (product/service-related) that could give an organization a competitive advantage.
    • Threats: Refer to external factors (product/service-related) that have the potential to harm an organization. 

    Examples of external issues relevant to the context of the organization

    • cultural,

    • social,

    • political,

    • legal,

    • regulatory,

    • financial,

    • technological,

    • economic,

    • marketplace,

    • natural and competitive circumstances, whether international, national, regional or local.

    In implementing ISO 9001, prepare a listing of those issues, internal and external, that the organization has determined need to be addressed and managed within the QMS.

    New call-to-action

    PESTEL Analysis

    PESTEL Analysis is a popular tool used to establish the external issues. The elements of this tool are:

    • Political Factors: Determine the extent to which government and government policy may impact an organisation or a specific industry. This would include political policy and stability as well as trade, fiscal, and taxation policies too.

    • Economic Factors: Impact on the economy and its performance, which in turn directly impacts on the organisation and its profitability. Factors include interest rates, employment or unemployment rates, raw material costs, and foreign exchange rates.

    • Social Factors: Focus on the social environment and identify emerging trends. This helps a marketer to further understand their customers’ needs and wants. Factors include changing family demographics, education levels, cultural trends, attitude changes and changes in lifestyles.

    • Technological Factors: Consider the rate of technological innovation and development that could affect a market or industry. Factors could include changes in digital or mobile technology, automation, research and development. There is often a tendency to focus on developments only in digital technology, but consideration must also be given to new methods of distribution, manufacturing and also logistics.

    • Environmental Factors: Relate to the influence of the surrounding environment and the impact of ecological aspects. With the rise in the importance of CSR (Corporate Sustainability Responsibility), this element is becoming more important. Factors include climate, recycling procedures, carbon footprint, waste disposal and sustainability

    • Legal Factors: Establish what is legal and allowed within the territories the organization operates in. The organization must be aware also of any change in legislation and the impact this may have on business operations. Factors include employment legislation, consumer law, healthy and safety, international as well as trade regulation and restrictions. Political factors do cross over with legal factors; however, the key difference is that political factors are led by government policy, whereas legal factors must be complied with.


    4.1 Understanding the Organization and its context – Dos and Don'ts


    • Do not treat the requirements here as trivial.  The COTO must be demonstrated as providing the ‘foundation’ for the QMS.
    • Do not limit the evidence presented here to a few cleverly crafted generic sentences. Objective evidence of both internal characteristics and of external characteristics must be provided to support claims of understanding the context of the organization.

      What will not suffice, and what the more arrogant members of top management may want to limit themselves to, is a claim such as: ‘Of course, we understand the context of the organization; just look at our financials; our very profitability demonstrates our understanding of our customers and their needs. What more could you want?’
    • Do prepare a statement of the internal and external issues that are significant to the business. Such a statement, in addition to its being offered as evidence of compliance to an ISO 9001 Audit Team during a Certification Body (CB) Audit, could usefully be reviewed and updated at Management Review Meetings (or equivalent).
    • Do not limit your research here to sources immediately ‘to hand’.  Consult a wide range of sources, such as through internal documented information and meetings, in the national and international press, websites, publications from national statistics offices and other government departments.
      Professional and technical publications, conferences and meetings with relevant agencies, meetings with customers and relevant interested parties, and professional associations will work as well.

    Available ISO 9001 Courses image map. Click on any course you are interested in to learn more about it including the course content, learning materials, etc.


    4.2 Understanding the needs and expectations of interested parties – what to do

    • Gain a general (i.e. high-level, not detailed) understanding of the expressed needs and expectations of those internal and external interested parties. These are the ones that have been determined by the organization to be relevant.
    • Consider the knowledge gained when determining which of these needs and expectations it has to or it chooses to comply with, i.e. its compliance obligations.

    In the case of an interested party perceiving itself to be affected by the organization’s decisions or activities related to its quality system performance (say, a local authority), the organization considers the relevant needs and expectations that are made known or have been disclosed by the interested party to the organization.

    • Interested party requirements are not necessarily requirements of the organization and your ISO 9001 Implementation is expected to reflect this clearly.

    Some interested party requirements reflect needs and expectations that are mandatory because they have been incorporated into laws, regulations, permits and licences by governmental or even court decisions.

    • Decide if you want to voluntarily agree to or adopt other requirements of interested parties (e.g. entering a contractual relationship, subscribing to a voluntary initiative). If the organization adopts them, they become organizational requirements (i.e. compliance obligations) and are considered when planning the quality management system. You will need to get top management approval for any new compliance obligations you propose to include in the QMS.

    4.2 Understanding the needs and expectations of interested parties – what not to do

    • Do not limit the scope here to the needs and expectations of Customers and Suppliers alone.  A broader approach is expected. 
    • Prepare a checklist of potential interested parties. You may also want to conduct desk research and conduct interviews (online interviews with Skype or similar) to determine their needs and expectations. 
    Sample Checklist of Potential Interested Parties
    1. Customers
    2. End-users or beneficiaries
    3. Joint venture partners
    4. Franchisors
    5. Owners of intellectual property
    6. Parent and subsidiary organizations
    7. Owners, shareholders
    8. Bankers
    9. Unions
    10. External providers
    11. Employees and others working on behalf of the organization
    12. Statutory and regulatory authorities (local, regional, national or international)
    13. Trade and professional associations
    14. Local community groups;
    15. Non-government al organizations
    16. Neighboring organizations


    • Again, do not limit the evidence presented here to a few cleverly crafted generic sentences. Objective evidence of needs and expectations must be provided to support claims of understanding such needs and expectations.
    • Prepare a statement of needs and expectations and including statutory and regulatory requirements. Such a statement, in addition to its being offered as evidence of compliance to Certification Body Auditors, could usefully be reviewed and updated at Management Review Meetings (or equivalent).

    Conclusion & Feedback

    As stated at the outset, an understanding of the context of an organization is used, and is necessary, to establish, implement, maintain, and continually improve an effective quality management system.

    You can anticipate that the CB Audit Team will start with Part 4 - they will want to fully understand the organization's context, the better to understand the QMS and its suitability in addressing the needs and expectations of all stakeholders.  Make sure that you have a suitable body of evidence to present (and preferably documented evidence).

    We'd value your feedback and comments, including any points you disagree with.  Please use the Comments section, below.

    Reference: In preparing this article use was made of ISO/TS 9002:2016, Quality management systems- Guidelines for the application of ISO 9001:2015

    ISO 9001 Lead Implementer CTA Button

    Related Articles


    deGRANDSON Global is an ISO Certified Educational Organization

    New call-to-actionIn October 2021 we secured certification to three education-related ISO Standards.  We now have a university-grade management system in place conforming to the requirements of  …

    • ISO 21001, Educational Organizational Management System,
    • ISO 29993, Learning Services outside formal Education,  and
    • ISO 29994, Learning Services – additional requirements for Distance Learning.

    We have chosen ISO 21001 certification because, unlike IRCA and Exemplar badges (which in our opinion are commercially compromised), it is based on independent third-party assessment.  It is a ‘university grade’ standard in use globally by schools, colleges, and universities to demonstrate their competence.


    Written by Dr John FitzGerald

    Director & Founder of deGRANDSON Global. Spent 15 years in the manufacturing industry and 25 years training, consulting & auditing management systems
    Find me on:

    Subscribe to Email Updates

    Recent Posts