IgeraIndustria Quality Team · Updated 2026-07-07 · 7 min read
Part 2 of the ISO 9001:2015 Step by Step series · ← Back to Article 1: ISO 9001 explained
ISO 9001:2015 Clause 4 requires your organisation to understand its context — the internal and external factors that can affect your ability to deliver quality — and to use that understanding to establish the scope and boundaries of your QMS. It has four sub-clauses: 4.1 (external and internal issues), 4.2 (interested parties), 4.3 (QMS scope), and 4.4 (QMS processes).
67%
of Stage 1 audit nonconformities trace back to Clause 4 — incomplete context analysis or an ill-defined QMS scope
Source: IgeraIndustria 2025 audit data (n=82 UK and European manufacturers)
Clause 4 is the foundation that everything else in the QMS rests on. An auditor who finds a weak context analysis will immediately question whether your objectives (Clause 6.2), your risks (Clause 6.1), and your process design (Clause 8) are actually connected to business reality. Getting Clause 4 right is not bureaucratic box-ticking — it is how you build a QMS that actually makes sense for your specific organisation.
4.1 External and internal issues — SWOT or PESTLE?
Clause 4.1 requires you to determine external and internal issues that are relevant to your purpose and strategic direction and that affect your ability to achieve the intended results of your QMS. The standard does not prescribe a methodology. Two tools dominate in practice: SWOT and PESTLE. The choice matters, because auditors will probe the depth and logic of whichever you use.
SWOT (Strengths, Weaknesses, Opportunities, Threats) is intuitive and maps neatly onto ISO 9001 terminology: Strengths and Weaknesses are internal issues; Opportunities and Threats are external issues. Most SMEs find SWOT sufficient. The risk is that SWOT tends to generate generic, unactionable statements ("Our weakness is reliance on key personnel") rather than specific, QMS-relevant issues.
PESTLE (Political, Economic, Social, Technological, Legal, Environmental) forces a more systematic scan of the external environment. For manufacturers operating in regulated markets, supplying global customers, or exposed to supply chain volatility, PESTLE is more rigorous. The 2026 UK context makes PESTLE particularly relevant: post-Brexit regulatory divergence (political/legal), energy price volatility (economic), skilled labour shortages (social), AI-driven quality inspection (technological), and product stewardship regulations (environmental) are all real issues that should inform QMS planning.
Recommendation: Use PESTLE for external issues (richer, more defensible) and a simple internal analysis (people, processes, technology, culture) for internal issues. Document the output as a register, not just a matrix — each issue should have an owner and a link to the risks and opportunities it generates in Clause 6.1.
4.2 The interested parties register auditors actually read
ISO 9001:2015 uses the term "interested parties" (not "stakeholders", though the concepts are equivalent). Clause 4.2 requires you to identify interested parties that are relevant to your QMS and to determine their relevant requirements. The standard explicitly states that "relevant interested parties" means those whose needs and expectations can affect the organisation's ability to consistently provide conforming products and services.
The typical mistake is producing an exhaustive stakeholder list and then doing nothing with it. Auditors want to see a register that:
- Identifies each interested party by category (not just "customers" as a monolith)
- States their relevant requirement — specifically, the need or expectation that affects QMS performance
- Notes whether each requirement is a legal/regulatory obligation or a voluntary commitment
- Is reviewed and updated when the business environment changes
| Interested party | Relevant requirement | Type |
|---|---|---|
| OEM customers (automotive) | Zero-defect delivery, PPAP documentation, IATF 16949 compliance | Contractual |
| Regulatory body (MHRA / HSE / EA) | Compliance with product safety regulations, environmental permits | Statutory |
| Key component suppliers | Clear specifications, forecast visibility, fair payment terms | Commercial |
| Employees and workforce reps | Safe working environment, competence development, involvement in improvement | Legal / ethical |
| Certification body (e.g., BSI, LRQA) | QMS conformance to ISO 9001:2015, availability for audit | Contractual |
4.3 Defining QMS scope — the 3 mistakes that fail Stage 1 audits
The QMS scope statement defines which products, services, sites, and processes are within the QMS boundary. It must be available as documented information and must state the types of products and services covered and any justification for clauses the organisation determines are not applicable (exclusions).
Three scope-related errors consistently generate Stage 1 nonconformities:
Mistake 1 — Excluding sites or products to make the scope "easier". Scope exclusions under Clause 4.3 are only permitted for requirements in Clauses 7–10 that do not apply to the organisation's processes. Excluding an entire manufacturing site because it is "less mature" is not permitted. Auditors see through this immediately.
Mistake 2 — A scope statement so vague it is meaningless. "All activities of ABC Manufacturing Ltd" tells an auditor nothing. The scope must state the specific products/services covered (e.g., "Design, manufacture, and supply of precision-machined aluminium components for the automotive and aerospace industries from our single site in Birmingham, UK").
Mistake 3 — Claiming clause exclusions without justification. Many organisations claim Clause 8.3 (design and development) as an exclusion because they manufacture to customer specifications. This is valid — if the customer provides complete design information and the manufacturer has no design input. However, if your organisation makes any design decisions (tolerances, material selection, process parameters), the exclusion is unjustifiable and will generate a major nonconformity.
4.4 Process approach — minimum viable process map
Clause 4.4 requires the organisation to establish, implement, maintain, and continually improve its QMS processes — their inputs, outputs, sequence, interactions, criteria, methods, resources, responsibilities, risks, and improvement opportunities. It also requires the organisation to maintain documented information to support process operation and retain documented information to demonstrate processes are being carried out as planned.
The most common question is: how detailed does the process map need to be? The honest answer is: detailed enough to show the auditor that you understand what your processes are, how they connect, and how the QMS controls them. A "turtle diagram" or "process interaction matrix" covering eight to twelve core processes is typically sufficient for a mid-size manufacturer. Over-engineering the process map (100+ sub-processes, swim lane diagrams for every activity) consumes time without adding audit value and creates a maintenance burden.
Core processes for a typical manufacturer: customer requirements review, design and development (if applicable), purchasing and supplier evaluation, production planning, production and process control, inspection and testing, nonconforming output control, customer satisfaction monitoring, internal audit, management review, corrective action.
// IgeraIndustria RAG demo — Clause 4 query
Quality Manager: What interested parties have we identified in our QMS context register and are their requirements up to date?
IgeraIndustria: Your Interested Parties Register (QMS-CTX-002, Rev 3, last reviewed 2026-02-14) lists 9 interested parties. 7 have current requirements documented. 2 require attention: (1) Regulatory — MHRA requirements entry last updated 2024-09-01; the MHRA updated its guidance on Annex II device components in March 2026 — review recommended. (2) Customers — the Tier 1 automotive customer group requirement references the 2019 IATF 16949 customer-specific requirements; Ford and Stellantis issued updated CSRs in Q4 2025. Your next management review is scheduled 2026-09-15 — flagging these for agenda item 3 (context review).
Frequently asked questions
Does ISO 9001 require a formal SWOT or PESTLE analysis?
No. The standard requires you to determine relevant external and internal issues — it does not mandate a specific methodology. SWOT and PESTLE are widely used because they are familiar to auditors, but a simple register of issues with associated risks is equally acceptable. What matters is that the output informs your QMS planning (Clause 6).
How often must we review the context analysis and interested parties register?
The standard requires review when changes occur that could affect the QMS and as part of the management review (Clause 9.3). In practice, an annual formal review tied to the management review cycle is the minimum. High-change environments (fast-growing companies, regulated sectors, supply chain volatility) should review quarterly.
Can we exclude Clause 8.3 (design and development) from our QMS scope?
Only if your organisation truly has no influence over product or service design — for example, a contract manufacturer that produces strictly to customer-owned drawings with no design input. If you make any decisions about materials, tolerances, process parameters, or product configuration, Clause 8.3 applies and cannot be excluded. Incorrectly claiming a Clause 8.3 exclusion is one of the most common major nonconformities at initial certification audits.
How detailed must our process map be?
Detailed enough to demonstrate process understanding and control — no more. Eight to twelve core processes with a turtle diagram or interaction matrix is typically sufficient for SMEs. The standard requires documented information to support process operation (procedures, work instructions where needed), not an exhaustive process architecture. Over-documentation creates a maintenance burden without audit value.
Is a quality manual still required under ISO 9001:2015?
No. The 2015 revision explicitly removed the requirement for a formal quality manual that existed in ISO 9001:2008. Many organisations continue to maintain one because customers or certification bodies are familiar with it, but it is not an ISO 9001:2015 requirement. The context analysis, scope statement, and process map collectively replace the function a quality manual served.
What is the difference between "issues" in Clause 4.1 and "risks" in Clause 6.1?
Issues (Clause 4.1) are the facts about your environment — market conditions, regulatory landscape, technology trends, your internal capabilities and constraints. Risks (Clause 6.1) are the potential effects of uncertainty arising from those issues. An issue such as "supply chain concentration in a single region" generates the risk of "supply disruption due to geopolitical or logistics events." Clause 4.1 feeds Clause 6.1 — they are linked, not separate activities.
Need to build your Clause 4 context documents quickly? IgeraIndustria generates gap analyses and registers from your existing documentation in minutes.
See IgeraIndustria in actionISO 9001:2015 Step by Step series
Article reviewed by IgeraIndustria Quality Team, updated 2026-07-07. References: ISO 9001:2015 Clause 4; ISO/TC 176/SC 2 guidance document N1218; IgeraIndustria audit data 2025.