A matter of scope
The presents its updated guidance on understanding the difference in scope of ISO 9001, quality management systems and certification
Clause 1 of ISO 9001 defines the scope of the standard itself as specifying the requirements for a quality management system that enables an organization to demonstrate its ability to consistently provide a product that meets customer and regulatory requirements and aims to enhance customer satisfaction through the effective application of the system.
This should not be confused with the scope of a quality management system itself, which should be based on the nature of the organization's products and their realization processes, the result of risk assessment, commercial considerations and contractual, statutory and regulatory requirements.
While ISO 9001 is applicable to all organizations regardless of type, size or product category, under certain circumstances an organization may exclude complying with some specific ISO 9001 requirements in clause 7 and still be permitted to claim conformity to the standard. This is because it is recognized that not all the requirements in clause 7 are relevant to all organizations. ISO 9001 makes allowance for such situations through clause 1.2. Consequently, the scope of ISO 9001 certification encompasses the scope of the quality management system as well as describing any excluded ISO 9001 requirements.
Often the terms ‘scope of the quality management system’ and ‘scope of certification’ are used interchangeably, but this can lead to confusion. It can be especially difficult when a customer is trying to identify what parts of an organization have been certified to ISO 9001, what product lines or processes are covered by the quality management system or what ISO 9001 requirements have been excluded.
In order to lessen such confusion and to enable identification of what has been certified, the scope of certification should clearly define:
- the scope of the quality management system - including details of the product lines and related sites, departments and divisions that are covered by it
- the organization's main processes for its product realization or service delivery activities (such as design, manufacture and delivery) for the product lines that are covered
- any ISO 9001 requirement that has been excluded.
It should be noted that the scope of certification is not the same as the certificate that is awarded to the organization after successful demonstration of conformity to ISO 9001. The certificate will usually include a synthesized description of the scope of certification, but not the details of the ISO 9001 requirements that have been excluded. However, it may include a note to refer to the fact that the exclusions are detailed in the organization's quality manual.
It is essential that a scope of certification be drafted by the organization prior to applying for certification. This should then be analyzed by the certification body during the stage-one audit, for appropriate planning of the stage-two audit.
It is the responsibility of the auditor:
- to ensure that the final statement of the scope of certification is not misleading
- to verify that this scope only refers to the processes, products, sites, departments or divisions of the organization that were assessed during the certification audit
- to verify that this scope defines any excluded requirements from ISO 9001 and that justification for such exclusions is provided and is reasonable.
As an additional measure to combat potential confusion among customers and end-users, the scope of certification should be clearly defined in the organization's quality manual and any publicly available documents including any promotional and marketing material. Promotional statements should not, however, be included in the scope of certification itself.
About the author
The ISO 9001 Auditing Practices Group is an informal group of quality management system experts, auditors and practitioners drawn from ISO/TC 176 and the IAF. It has developed a number of guidance papers and presentations that contain explanations about the auditing of quality management systems. These reflect the process-based approach that is essential for auditing the requirements of ISO 9001
- ISO 17021-2: what will it mean?
- Auditing for the 21st century
- What is remote auditing?
- Good for your health
- How to tackle HR
- A matter of scope
This article is an edited version of ‘Scope of ISO 9001, scope of quality management systems and scope of registration/ certification’ from the website of the ISO 9001 Auditing Practices Group and is reproduced courtesy of ISO and the IAF. These papers were developed on current best practice and therefore have not been formally endorsed as IAF guidance or ISO/TC 176 interpretations. Follow the link for further information about the Auditing Practices Group