Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice

X

When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

ISO Guide: Understanding the Scope of your Management System

Determining the scope of your management system is a key starting point in the implementation process. The scope is vital as it defines how far the management system extends within the organization’s operations and details any exclusion from the standard’s requirements, if exclusions are permitted and, the justification for these.

The Scope falls within clause 4.3 of the standard and states that ‘the organization shall determine the boundaries and applicability of the management system’ and details the requirements for determining the scope of the management system.

Determining the scope

The scope can include either:

  • the whole organization
  • specifically identified functions of the organization
  • specifically identified sections of the organization
  • one or more functions across a group of organizations

To start, there are three considerations to be included when determining the scope:

  1. External and internal issues that are relevant to the purpose of the organization, the strategic direction, and the ability to achieve intended results
  2. Requirements of relevant interested parties
  3. The product and service of the organization

In addition, the scope is to include any requirements of the standard that can be applied, and if a requirement is determined to not apply, the organization will not use this as a reason for not ensuring conformity of product and service.

The scope must state the products and services covered by the management system. For instance, if the organization is a calibration specialist, then they must adhere to regulatory requirements, and therefore do not create these requirements. For example, within the ISO9001 quality management system, they could exclude clause 8.3 Design and development of products and services, as they don’t design or develop any. They just provide a calibration service which is regulated.

Defining the boundaries of your scope

Careful consideration about what you include within your scope must be taken.  A look at the critical areas, processes and procedures should help identify the boundaries.  Many organizations implement management systems that only cover critical areas of the business. For instance, a manufacturing company may only want a quality management system that covers its production and support functions. Therefore its sales and finance departments may not be included within the scope.

When deciding your scope it is best to work through your business processes. Depending upon the ISO standard you are looking to get certified to, there will be mandatory requirements and these must be considered.  Many management systems require that staff working within the boundaries of the scope are competent, have roles and responsibilities defined and if necessary, training and upskilling requirements identified.  This generally falls under the HR umbrella, so they would fall within the scope of the management system.

Make your scope statement clear and concise

Your scope does not have a size limit and should include enough information to determine what is covered by the processes of the management system. However, it is important to make it clear what is included and what is not. If it is not clear to you what processes in your company are covered by your management system, then how will it be clear to an outside auditor or other interested party?

Making your scope statement simple and easy to read can help to focus your management system’s efforts and prevent unnecessary questions about activities that you may perform that may not be applicable to your certification.

As you implement your management system keep reviewing your scope.  It will need adjustment as areas, previously not thought to be part of the management system, become obvious. This is also true as your management system matures, or your organization grows.  The scope of your management system will continue to change over time and should be reviewed during your management review meetings to ensure it still is fit for purpose.

 

Written by Ted Spiller, CertiKit’s Compliance Consultant. Ted is an expert in many ISO management systems; he is a Lead Auditor for ISO9001 and ISO14001, and an Auditor for ISO45001 and ISO22301.


More ISO Resources

CertiKit is a provider of ISO toolkits, consultancy and internal auditing services, and has helped more than 4000 organizations worldwide with their compliance.

For more guidance on implementing the ISO standard of your choice, go to our guidance pages where you can find more specific information about each standard and more downloadable resources.

More ISO Guidance

We’ve helped more than 7000 businesses with their compliance

Testimonials

The sample documents are very rich in their scope. Our attorneys have reviewed our edits and can find no fault with what is presented.

Institute for Supply Management
USA

View all Testimonials