Understanding Section 4.1

Understanding the organization and its context


This is an educational article on Section 4.1 of ISO 9001. Section 4.1 is the first of what I call “the Strategic Planning sections,” which also includes sections 4.2 and 6.1. This article covers only section 4.1 – “Understanding the organization and its context.”

The purpose of this article is to give you a basic understanding of what Section 4.1 requires.

This article is directed towards:

  • Those responsible for compliance to section 4.1.
  • Those responsible for strategic planning activities generally.
  • Others interested in understanding section 4.1.

Sections 4.1, 4.2 and 6.1 are often called the Strategic Planning Sections. However, you could also call these sections the “Internal Requirements Sections”. 

We often speak of “ISO” requirements, but not often do we speak of “internal requirements.” Remember that ISO 9001 provides a “framework” – and that framework still needs to be fleshed out with your own internal requirements for achieving quality. ISO 9001 starts you down that path right away with sections 4.1, 4.2, and 6.1. These sections require you to determine the quality requirements that are unique to your company and its needs.

These unique requirements arise from:

  • Your internal and external issues. (covered in this section, section 4.1)
  • Your stakeholders and their needs. (covered in section 4.2)
  • Your risks and opportunities. (covered in section 6.1)

All of these factors imply certain requirements that are unique to your company.

You must identify, and plan to meet, not only ISO-specific requirements, but also these internal quality requirements, when developing your Quality Management System. 

Now, as I said before, section 4.1 is only the first of the three strategic planning sections we just discussed. It is entitled “Understanding the organization and its context” and it is the one that requires you to identify internal issues and external issues that could affect your quality.

Note 1 of section 4.1 indicates that the term “issue” is meant to connote both negative and positive possibilities. For example, not only weaknesses, but strengths. You will want to act on both the negative and positive issues.

Note 2 of section 4.1 provides examples of the difference between internal and external issues. The difference is their source, or what factors they arise from.

Internal issues arise from factors that are, for the most part, within your control. Managing internal issues is a bit like planning out your day to make sure that you cover everything to meet all your goals. 

Internal factors include, for example:

  1. The overall performance of the organization.
  2. Sufficiency of resources.
  3. Human aspects.
  4. Operational factors.
  5. Governance factors.

External issues arise from factors that are, for the most part, beyond your control. Managing external issues is a bit like managing the weather – when the storm comes there is no stopping it, you just have to plan your day around it. The aim is to learn to co-exist with these external factors and still achieve your goals. 

External factors include, for example:

  1. Economic factors.
  2. Social factors.
  3. Political factors.
  4. Technological factors.
  5. Market factors.
  6. Legal factors.

For example, a PESTLE Analysis is a common method for identifying external issues. PESTLE is an acronym that reminds you of external factors to consider. PESTLE stands for:

P – Political

E – Economical

S – Social

T – Technological

L – Legal

E – Environmental

Another method, for identifying both internal and external issues, is a SWOT Analysis. Again, SWOT is an acronym that reminds you of different factors to consider. SWOT stands for:

S – Strengths

W – Weaknesses

O – Opportunities

T – Threats

Strengths and Weaknesses, the SW in SWOT, are the positive and negative internal factors.

Opportunities and Threats, the OT in SWOT, are the positive and negative external factors.

Note that this method promotes the identification of positive and negative possibilities, as does ISO 9001.

So once you’ve considered the relevant internal and external factors, and have identified internal and external issues, section 4.1 requires you identify, monitor, and review information about those issues — in other words, to keep apprised of your organizational context, hence the title of this section, Understanding the organization and its context.

But as you can imagine, once you identify these issues, you will want to do more than just keep apprised of them, you will want to take actions to strengthen your weaknesses and mitigate your threats, and to magnify your strengths and exploit your opportunities. When you take these additional steps you are basically fulfilling the requirements of section 6.1 of the standard, which we will discuss in another training.

So ultimately, yes, you will have to do more than just keep apprised of these issues.

For more information about how to take action on these issues, request access to our training and implementation videos for sections 4.2 and 6.1.