Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

ISO Guide: Understanding the scope of your management system

Determining the scope of your management system is a key starting point in the implementation process. The scope is vital as it defines how far the management system extends within the organization’s operations and details any exclusion from the standard’s requirements, if exclusions are permitted and, the justification for these.

The Scope falls within clause 4.3 of the standard and states that ‘the organization shall determine the boundaries and applicability of the management system’ and details the requirements for determining the scope of the management system.

Determining the scope

The scope can include either:

  • the whole organization
  • specifically identified functions of the organization
  • specifically identified sections of the organization
  • one or more functions across a group of organizations

To start, there are three considerations to be included when determining the scope:

  1. External and internal issues that are relevant to the purpose of the organization, the strategic direction, and the ability to achieve intended results
  2. Requirements of relevant interested parties
  3. The product and service of the organization

In addition, the scope is to include any requirements of the standard that can be applied, and if a requirement is determined to not apply, the organization will not use this as a reason for not ensuring conformity of product and service.

The scope must state the products and services covered by the management system. For instance, if the organization is a calibration specialist, then they must adhere to regulatory requirements, and therefore do not create these requirements. For example, within the ISO9001 quality management system, they could exclude clause 8.3 Design and development of products and services, as they don’t design or develop any. They just provide a calibration service which is regulated.

Defining the boundaries of your scope

Careful consideration about what you include within your scope must be taken.  A look at the critical areas, processes and procedures should help identify the boundaries.  Many organizations implement management systems that only cover critical areas of the business. For instance, a manufacturing company may only want a quality management system that covers its production and support functions. Therefore its sales and finance departments may not be included within the scope.

When deciding your scope it is best to work through your business processes. Depending upon the ISO standard you are looking to get certified to, there will be mandatory requirements and these must be considered.  Many management systems require that staff working within the boundaries of the scope are competent, have roles and responsibilities defined and if necessary, training and upskilling requirements identified.  This generally falls under the HR umbrella, so they would fall within the scope of the management system.

Make your scope statement clear and concise

Your scope does not have a size limit and should include enough information to determine what is covered by the processes of the management system. However, it is important to make it clear what is included and what is not. If it is not clear to you what processes in your company are covered by your management system, then how will it be clear to an outside auditor or other interested party?

Making your scope statement simple and easy to read can help to focus your management system’s efforts and prevent unnecessary questions about activities that you may perform that may not be applicable to your certification.

As you implement your management system keep reviewing your scope.  It will need adjustment as areas, previously not thought to be part of the management system, become obvious. This is also true as your management system matures, or your organization grows.  The scope of your management system will continue to change over time and should be reviewed during your management review meetings to ensure it still is fit for purpose.


Written by Ted Spiller, CertiKit’s Compliance Consultant. Ted is an expert in many ISO management systems; he is a Lead Auditor for ISO9001 and ISO14001, and an Auditor for ISO45001 and ISO22301.

How can CertiKit help with you ISO compliance?

At CertiKit, ISO compliance is what we do best, and we have a range of solutions available to help businesses prepare for certification to the following standards:

  • ISO/IEC 27001
  • ISO/IEC 27701
  • ISO/IEC 20000
  • ISO 22301
  • ISO 9001
  • ISO 14001
  • ISO 45001

Whether you’re looking to do-it-yourself with the help of our toolkits, or you’re looking for additional assistance with our ISO consultancy and internal auditing services. Contact us to see how we can help you achieve compliance fast and efficiently.

We’ve helped more than 4000 businesses with their compliance


I like the fact that the documents are very comprehensive and more than sufficient for compliance.

South Africa

View all Testimonials