Search here..
CTRL+K

Guide to Clause 4.3 Determining Scope of Management Systems with Examples

CertBetter Icon

Team CertBetter

  • 63 reads
Guide to Clause 4.3 Determining Scope of Management Systems with Examples

As an ISO third-party auditor, I often see companies misinterpreting ISO Clause 4.3 when implementing their management systems. In this article, I’ll explain what Clause 4.3 Determining the scope of management systems means and provide practical examples following popular standards such as ISO 9001, ISO 14001 or ISO 45001. As always, if you have any questions, just post in CertBetter forum so I can assist you further.

Contents SHOW

Quick Refresher on ISO

The International Organisation for Standardisation, or ISO, is an independent, non-government body that creates and publishes standards. These standards are considered important for maintaining healthy business activities.

Companies often achieve independent certification in ISO standards to help increase their credibility, be more competitive and innovative, and show their commitment to continual improvement.

Like I always say, “For businesses to grow, continual improvement is inevitable.” — ISO standards advocate the same as well!

What is Clause 4.3 Determining the Scope of Management System?

ISO Clause 4.3 is about determining the scope of your management system. It tells organisations to define and write down the limits and applicability of their management system. Think of it as what you do as a business and what processes you want to manage within your management system to focus on special areas such as Quality Management System guided by ISO 9001.

In case you’re wondering, I have also written a detailed guide to management systems and their common types.

The scope usually covers the activities, products or services within your business but with a special focus such as Quality or Safety.

Once you have identified your internal and external factors as part of the context of organisation exercise, it becomes easier to define the scope of your management system.

By properly understanding Clause 4.3, you can make sure that your management system (quality, OHS, environment, etc) is suited to your specific needs and is in line with your business goals.

Why is ISO Clause 4.3 required by the ISO Standards?

Clause 4.3 in ISO standards is very important because managing your business systems without defining the boundaries of your management system becomes confusing (and sometimes too much work!).

Understanding those boundaries (what’s covered and what’s not) helps in making effective decisions and be focused to bring effective results.

ISO standards are based on organisational context using a risk-based approach. This means that you must pay close attention to all the best (and worst) things happening in and around your company so that you can make effective decisions and be well-prepared to handle all aspects of your business.

Therefore, ISO clause 4.3 scope addresses the establishment of boundaries for your management system, ensuring that not only diligent attention is maintained but that the boundaries themselves facilitate efficient management of business activities.

How to determine the scope of Management System?

Determining the scope under Clause 4.3 first requires the type of standard you’re intending to implement at your business. There are some common requirements (along with some specific requirements) to ensure the relevancy of the type of management system you’re going to implement.

Auditor tip: Don’t exclude activities from the scope which are directly influencing your activities, products or services.

Let’s take a deep dive into the different ISO standards and how they expect you to determine the scope of the management system.

Clause 4.3 Scope in ISO 9001

If you’re determining the scope of the ISO 9001 Quality Management Systems, Clause 4.3 requires the following in addition to enhancing customer satisfaction:

a) the external and internal issues referred to in 4.1;
b) the requirements of relevant interested parties referred to in 4.2;
c) the products and services of the organisation.

Clause 4.3 Scope in ISO 45001

If you’re determining the scope of the ISO 45001 OH&S management system, the standard requires you to consider the following:

a) the external and internal issues referred to in 4.1;
b) the requirements of relevant interested parties referred to in 4.2;
c) take into account the planned or performed work-related activities.

Clause 4.3 Scope in ISO 14001

Similarly, if you’re determining the scope of ISO 14001, make sure to consider the following:

a) the external and internal issues referred to in 4.1;
b) the compliance obligations referred to in 4.2;
c) its organisational units, functions and physical boundaries;
d) its activities, products and services;
e) its authority and ability to exercise control and influence.

Clause 4.3 Scope in ISO 27001

And, if you’re determining the scope of the ISO 27001 information security management system, you must consider the following:

a) the external and internal issues referred to in 4.1;
b) the requirements referred to in 4.2;
c) interfaces and dependencies between activities performed by the organisation and those that are performed by other organisations.

How to Write the Scope per ISO Clause 4.3?

Once the scope has been determined in accordance with Clause 4.3, you should write it in your master-level document, such as a procedure or manual (or even policy). This scope defines the limits of your management system and, naturally, your commitment to it.

Do not mistake your management system scope for a commitment statement such as your company policy.

Company policies define your promise while scope defines the boundaries of your promise.

Remember that the intention of clause 4.3 under ISO standards is not the best service of your business or the great customer service you provide.

What to exclude from the Scope of Management System?

Ensure that your management system scope covers everything from sales and operations to marketing and administrative tasks that are directly influencing your business activities or the results (product or service).

Consider this: if you excluded sales from your business, would you be able to run the business for which you intend to get ISO certification?

You may exclude some areas or locations of the business that are not impacting your management system’s performance. I often see companies excluding some of their branches from the scope, which seems to be fine.

Examples of Clause 4.3 Determining the Scope of Management System

This is a simple way to put the scope on a document to cover the areas under your management system. Please do not copy as it might not be relevant to your business activities.

Examples of ISO 9001 QMS Scope

Some clauses under ISO 9001 can be excluded if not applicable to your business. For example, you can write a statement within the scope stating that you do not handle after-sale warranty service or repairs (8.5.5 Post-delivery activities) or that you are not responsible for designing the products (8.3 Design and development of products and services).

Keep in mind that every external audit requires verification of all clauses under 9001 to ensure they continue to be non-applicable and relevant to the nature of your business.

Let’s look at some examples:

Product Companies

“The scope of the QMS covers the design, manufacture and sale of XY products. The scope applies to all processes and departments involved in achieving the above objective.”

Software Complanies

“The QMS scope encompasses the development, testing and maintenance of software applications. This includes requirement gathering, software design, coding, testing, and support processes conducted within the headquarters and remote development centers globally.”

Healthcare Providers

“The QMS scope includes the provision of medical products import, storage and distribution to hospitals. The company is not involved in the design or development of products.”

Construction Company

“The QMS scope covers the project management, construction and renovation of commercial buildings and residential estates. It applies to project planning, construction processes, materials sourcing and quality assurance activities conducted by the company and its sub-contractors.”

Examples of ISO 45001 OHSMS Scope

Unlike ISO 9001, the ISO 45001 Occupational Health and Safety Management System standard does not allow any exclusions. This means you can not exclude any clause of the standard from your management system.

The good news is that you can exclude physical locations that are not part of your management system.

It’s also important to note that if your business relies on your service providers or contractors, you can not handover the OH&S accountability to them. You need to demonstrate influence/control of such external services.

Let’s look at some examples:

Manufacturing Company

“The scope of OHSMS covers all activities and processes at Manufacturing (site ABC) including production, assembly and warehousing. The scope excludes site XYZ. “

Hospitality Sector

“The scope of the OHSMS includes all operations within Hotel ABC that covers activities such as guest services and kitchen operations to maintenance and housekeeping.”

Mining Company

“The OHSMS scope covers all extraction and processing activities at Mine F located at XYZ Address. “

Examples of ISO 14001 EMS Scope

Similar to ISO 45001, the ISO 14001 Environmental Management System does not allow the exclusion of any clauses. You may exclude locations and their activities to a justifiable extent.

For example, if you have main operations in Sydney with a separate sales office, you can not exclude the sales office because main operations rely on sales activities. If the sales office is an additional location covering other areas, you may exclude it.

Chemical Company

“The EMS scope covers all operations at Chemical Plant A, including production, storage and despatch of chemical products.”

Food Processing

“The scope of the EMS covers the processing, packaging and distribution of organic food products at Facility B.”

Project Management Company

“The EMS scope applies to all projects undertaken by Company C, including design, construction and project management services.”

Final Thoughts

There you go! I hope you got some well grip on Clause 4.3 Determining the Scope of Management System and found it to be interesting and practical. Remember: Before you start writing down the scope, make sure you understand the organisational context per the ISO standards. My suggestion is to keep an open mind; when an auditor like me discovers a gap in the scope of the management system, we need to make sure it’s aligned with the management system’s intention and covers the necessary business activities.

Post your question about “Guide to Clause 4.3 Determining Scope of Management Systems with Examples” on the CertBetter Compliance Forum and tap into a wealth of expertise!

Our community of compliance professionals and ISO experts is ready to provide you with insightful answers and practical solutions. Join the discussion now!
  • Recommended Reads
Understanding ISO Terminology A Comprehensive Guide to Key Terms and Concepts

Understanding ISO Terminology: Guide to Important Terms and Concepts

What is Climate Finance Why is it Important for Businesses

What is Climate Finance? Why is it Important for Businesses?

Connect with ISO Certification Consultants

CertBetter makes it easy to find ISO certification consultants and compliance professionals from around the globe.

Filter results
{{ activeFilterCount }}
Standards

More than just a directory — we're a community.

For Companies
For ISO Consultants
Help & Support
Linkedin X-twitter Facebook Instagram

© CertBetter. All rights reserved.

We use cookies to ensure you have the best experience on our website.
Got it!