ISO 9001:2015 – Interested Parties

The new version of ISO 9001 brought a lot of changes and new requirements. Among them, the introduction of the concept of ‘interested parties’ is particularly interesting.

So far in the evolution of this standard through the years and through the different stages of development, the customer has been almost the sole focus, mentioning suppliers, employees and regulators as carriers of key requirements but not specifically involving any other entity that could have had an impact on the actual results achieved. Not even owners of the organization.

While the customer keeps being the star of the new version of ISO 9001 as usual, they are not by themselves any longer: now the standard brings around the need of considering other stakeholders that could impact final results and customer satisfaction as an important part of the quality management system. These stakeholders are called interested parties

Why ISO introduced this new concept?

ISO 9001 is and it has always been a ‘supplier standard’. That means that its main concern is to make crystal clear that customers receive products and services as specified, ensuring and enhancing customer satisfaction.

The concept of assuring customer satisfaction just by meeting specifications has been considered obsolete for many years so now ISO 9001 is going much further: it requires to ensure that any eventual negative situation that could arise and impact on the outcome, and consequently on customer satisfaction, shall be avoided. The explicit concept of risk was born to ISO 9001:2015. Moreover, this new approach also brings the other side of the coin: the positive aspect of risks, i.e. opportunities.

The organization shall identify any risks and opportunities that could affect the effectiveness of the quality management system, preventing customers from not receiving products in a timely manner. Likewise, the organization shall identify any opportunity to make the management system even more effective and reliable.

While the intent of risk analysis has been somehow implicit in ISO 9001 since the very beginning, it is just now that it is openly and explicitly included.

As an example, ISO 9001:2008 requires that ‘the type and extent of control applied to the supplier and the purchased product shall be dependent upon the effect of the purchased product on subsequent product realization or the final product’. In other words, it is a requirement to control suppliers and products according to potential risks.

Pointing to ensure that customers are kept safe, the new standard drills deeper in the risk based thinking widening the view for all probable actors that could pose any risk to the customer. This is how interested parties came around. That is why interested parties were included in the new standard: they are probable sources for risks for customers. Consequently they matter and their requirements shall be considered.

While the concept of interested parties is no news for ISO 14001, it is new for ISO 9001. The advantage is for current users of the environmental management system standards that could extend the concept to be included in quality management systems.

For the rest of the users it is required to face this as a new challenge.

Who could be an interested party?

The key to consider a stakeholder as an interested party is to evaluate how they could probably influence the outcome of the organizations. It is not about ‘possibilities’ but it is clearly about ‘probabilities’. That means that in the wide field of possibilities, anything could happen, but it is very important here to differentiate ‘contingencies’ from ‘acts of God’ in order not to open a door highly unlikely to be closed. The eventual consideration of any possible interested party could lead to an endless analysis of situations that might never happen in this life, adding complexity, costs and waste of time to the organization, while not adding any actual value to customers.

In fact, the aim of this requirement is just the opposite: avoid waste of resources by an early identification of threats to customer satisfaction, enabling the organization to direct resources to key facts that could negatively impact on customer satisfaction.

So those stakeholders, who actually are able to support or stay on the way to customer satisfaction, shall be considered as interested parties.

If any stakeholder has requirements for the organization, and those requirements and all interfaces with this stakeholder affect operations, projects, products, processes, or outcomes and results from the organization so it is to be considered as an interested party and resources and efforts shall be devoted to attend their requirements in order to prevent risks to customers.

Interested parties could be split into three different groups:

– Usually enforced interested parties: this group includes those stakeholders that could seldom be disregarded because of their usual impact on outcome and customer satisfaction such as customers (obvious), employees, suppliers, owners, and regulators, all them in different shapes and modalities.

– Possible interested parties: this group includes those stakeholders that could or could not affect the outcome and customer satisfaction such as unions, banks, neighbors, etc. but it could be valid to analyze their eventual impact.

– Openly interested parties: this group includes those stakeholders that for some reason the organization believes they are important to assure the outcome and customer satisfaction, even though its relationship is not that obvious.

It is for the organization to define who the interested parties are and what requirements of those interested parties are to actually be considered in its quality management system. Naturally, this definition of the organization shall be consistent with context, products, processes, projects, developments, operations, etc.

The definition of what interested parties are is not a simple one. In some organizations, links with stakeholders are multiple and complex. As an example, let us consider the case of a hospital, where physicians, nurses, different regulators, several unions, technology and equipment providers, drugs providers, medical and scientific institutions, communities, etc. could be considered as interested parties, making risk analysis highly cumbersome. In some other cases, such as small organizations with no critical products or processes, the definition of interested parties is pretty simple and even obvious.

Additionally, this is not a permanent definition either: interested parties as well as their requirements are not always the same and their identification needs to be reviewed on a regular basis to ensure adequacy, since the context of the organization is a living thing, posing new challenges and new situations constantly. This situation forces the organization to continually monitor context, operations, market, requirements, customer expectations, technology, regulations, etc. in order to make sure that the quality management system keeps focusing on risks and opportunities, keeping customers safe.

So, this is not a one in a lifetime job but it is a new way of thinking.

ISO 9001:2015 make us go much deeper, working hard to ensure customer satisfaction, which should also be added value for the organization when using it as a strategic tool for survival.

Good luck!

Headshot Raf Griffi-Rafael Griffi

Managing Director, DQS MSS Argentina s.r.l.

October 2015

  • Murthy Mohan

    1.Who is responsible for identifying the interested parties? What should be his competency level or do the organisation appoint a panel who will identify.
    2.There can be difference of opinion between the organisation and the audit team in identifying the interested parties.
    3. What will be the severity of the findings if agreed between the two (auditor & auditee)