All ISO standards written to the Annex SL format mention interested parties in two areas: clauses 4 and 6. Specifically subclause 4.2 – ‘Understanding the needs and expectations of interested parties’, and subclause 6.1 – ‘Actions to address risks and opportunities’. These two areas of the standard are closely linked and many organisations implementing an ISO management system fail to align them.
The ISO standards drive you to identify your interested parties, so you can carry out risk assessments on each one, and produce a stakeholders table that lists the stakeholder, their requirement or influence, together with what you are going to do to manage that risk and who will be responsible for it.
It helps you focus on the question ‘what if?’ and it drives the culture of proactive actions. This allows you to always be in control and no nasty surprises can be sprung on you, meaning you can remain compliant with both statutory and regulatory requirements.
What is an interested party?
Well, it’s the same as a ‘Stakeholder’, which is:
‘A person, group or organisation that has interest or concern in an organisation.’
In layman terms, it is any person or entity that can affect your organisation’s outputs or has requirements that have to be met by your business.
Interested parties can affect or be affected by the organisation’s actions, objectives, and policies. Interested parties can have a direct or indirect influence on your organisation’s products or services, and the impact depends on the stakeholder tiers.
Example of stakeholder tiers:
1st tier stakeholders – Customers; suppliers; government agencies
2nd tier stakeholders – Supplier’s suppliers; customs in customer’s country
3rd tier stakeholders – Other countries government agencies; political situations around your business
The Needs and Expectations of Interested Parties
Interested parties can also be internal within the organisation, for example your staff and board members are important interested parties. It’s critical to identify both the internal and external interested parties and their requirements you have to satisfy, or the influence they could have over your organisation.
Once you have all the information, it must be documented. This can be done in a CRM system, an excel spreadsheet or a table in a word document. It must contain the name of the interested party, their requirement, what actions are to be implemented, who will be responsible for those actions and who will monitor the actions being taken.
The table below is an example of a ‘needs and expectations of interested parties’ table.
STAKEHOLDER (The entity or person who can influence your work) | REQUIREMENT (What they require that can affect your output) | ACTION TO BE TAKEN (The action to be taken to monitor or mitigate the potential problem) | NAME OF RESPONSIBLE PERSON | MONITORING AUTHORITY (Individual(s) who will be monitoring the Action taken) |
Clients | Quality Service | To keep clients updated on the status of their application, quality control on processes, and training for knowledge improvement. | Client Relationship Executive | Ops Manager |
Local Government Departments | Compliance with changing regulations | Regular checks on new legislations, rules, and requirements. | Company Representative | Ops Manager |
Competitors | Maintain larger market share | Regular market research on competitors and their services and pricing. | IT Manager | CEO |
Lawyers | An understanding of the requirements | Maintain relationships and proficiently communicate information required. | Ops Manager | Ops Manager |
Actions to address risk and opportunities
Now that you have identified your interested parties you must put in place actions to be taken to ensure these requirements are met. But you must also look to see if there are any benefits from meeting these requirements. These are the opportunities. Not all interested parties will have opportunities attached to their requirements, however some will, not just for the management system but on the business overall. Again, these need to be identified and documented. A similar format as the ‘needs and expectations of interested parties’ table can be used.
INTERESTED PARTIES) | REQUIREMENTS | RISKS (R) AND OPPORTUNITIES (O) | EFFECTIVENESS OF ACTIONS |
Clients | Quality Service | (R) Bad reputation (O) Increase in business through referrals | Happy clients More revenue, good name in business sector |
Local Government Departments | Compliance with changing regulations | (R) Unhappy clients. Less efficient service (O) Good audits | Efficient quality service. Realistic timeframes No fines |
Competitors | Maintain larger market share | (R) Loss of business to competitors (O) New revenue streams | Increase of revenue Remain competitive within the market |
Lawyers | An understanding of the requirements | (R) Less referrals, documentation errors, delays in delivery (O) Potential referral to Lawyers’ clients | Service delivered on time Good reputation and increase in revenue |
This table is very similar to the first table, the first two columns contain the same information. This makes it easier to align the requirements to the risks and opportunities, and also makes it easier for an auditor to identify interested parties against their risks and opportunities.
The third column has the identified risks, these are the potential outcomes if you do not meet the requirement(s) of the interested party and, where identified, the potential opportunity in meeting them.
The final column shows the expected effectiveness of the actions taken. These were the actions identified in the first table.
Summary
Interested parties are an important part of any management system. Failing to identify their needs and requirements could be costly to your organisation. Putting in place and monitoring actions to address them will ensure you meet these needs and also identify potential opportunities that could benefit both the management system and the organisation as a whole.
