ISO 9001: 2015 - 4.2 - Interested parties - Needs and expectations


Welcome back to this blog. In this entry I will analyze Subclause 4.2 Understanding the needs and expectations of interested parties, of ISO 9001: 2015 standard.


As I have already mentioned in another previous entry, this Sub-clause 4.2, together with 4.1, are characterized by containing the least understood and applied requirements of the entire ISO 9001 standard. That is why I recommend you dedicate the necessary time and effort to understand them properly.

To do this, I will start by identifying, based on the information presented in this subclause, and according to the methodology that I have been using, what its established requirements are, continuing with its progressive numbering that I will be following for all the requirements of this standard.

To start with the analysis of this subclause, we should consider that every organization has what is called interested parties, that is, as defined by the ISO 9000: 2015 standard, "person or organization that can affect, be affected or perceive itself to be affected by some decision or activity”, and this because it has a legitimate interest in relation to the performance of said organization, and each of these parties obviously has particular needs and expectations in relation to it.

The ISO 9000: 2015 standard indicates, as examples of interested parties, the following: Customers, owners, people in an organization, suppliers, banks, legislators, unions, partners or society in general, which may include competitors or pressure groups with opposing interests. .

More specifically, Appendix 2 of ISO Annex SL mentions the following as possible interested parties of an organization: 

If we consider that the first requirement of this Subclause 4.2 is that the organization shall determine the interested parties that are relevant to the quality management system, we should assume that the first activity must be to carry out a formal analysis, by the organization, by either one or more people, from all of its interested parties, to identify its relevance to the quality management system.

It is important to remember that this subclause of ISO 9001 standard, like 4.1, will lead us to establish input elements for the planning of the quality management system. Similarly, it is important that we remember the definition established by the ISO 9000: 2015 standard of the term Determination: “Activity to find one or more characteristics and their characteristic values”. This same standard also defines the term Characteristic as follows: “Differentiating feature”. For this, this definition includes three explanatory notes:

Note 1.- A characteristic can be inherent or assigned.

Note 2.- A characteristic can be qualitative or quantitative.

Note 3.- There are several classes of characteristics, such as the following: a) physical (for example, mechanical, electrical, chemical or biological characteristics); b) sensory (for example, related to smell, touch, taste, sight and hearing); c) behavioral (for example, courtesy, honesty, truthfulness); d) time (for example, punctuality, reliability, availability, continuity); e) ergonomic (for example, physiological characteristics, or related to the safety of people); f) functional (for example, maximum speed of an airplane).

Therefore, that person or group of people who performs this analysis on behalf of the organization, must identify, among all the interested parties of that organization, those that are relevant to the quality management system, through the identification of its characteristics and characteristic values.

Starting from the determination of the relevant interested parties of an organization, the next step is to establish the relevant requirements of those interested parties. Within this analysis, we may consider that among the characteristic values ​​of the characteristics of those determined relevant interested parties, those relevant requirements of those interested parties can be determined.

It is important not to lose sight of the fact that this information determined by the organization, both those interested parties and their associated requirements, must be aimed at establishing the quality objectives of the organization itself. That is why the standard includes the term "relevant" in both cases.

Similarly, it is important to consider paragraph A.3 of Appendix A of ISO 9001 standard, which states that Subclause 4.2 specifies requirements for the organization to determine the interested parties that are relevant to the quality management system, but it does not imply that the requirements of the quality management system should be extended beyond the scope of the standard itself, which establishes that this standard is applicable when an organization needs to demonstrate its ability to regularly provide products and services that meet customer requirements and applicable legal and regulatory requirements, and that aspires to increase customer satisfaction.

It also mentions that this standard does not establish requirements for the organization to consider interested parties when it has decided that those interested parties are not relevant to its quality management system. It is the organization that decides whether a particular requirement from a relevant interested party is relevant to its quality management system.

This last point is very important, since as in applying Sub-Clause 4.1, the determination made by the organization with respect to external or internal issues, as in this case with respect to interested parties and their requirements, it pertains only to the strategic direction of the organization, and these determinations have the objective of supporting the establishment, as precise as possible, of the quality objectives. In a similar way to what I mentioned in the entry: ISO 9001 – 4.1 – Understanding the organization and its context (Part 2), the establishment of objectives is a basic element for any management system or for the organization in general, since that all the other activities that are going to be carried out by the organization, within that system, will be to fulfill and verify the fulfillment of those objectives. However, no auditor or certification body will be able to qualify whether those interested parties, or their requirements are well or poorly determined, or if those quality objectives are well or poorly established, since they are elements of the strategic direction of the organization itself.

What should be auditable are the actions or mechanisms used by the organization to reach these determinations, so it is important that the organization define, plan and carry out these actions and mechanisms appropriately. Keep in mind that the better these relevant interested parties and their relevant requirements are determined, the more elements the organization will have to establish its quality objectives in a better way.

Relevant interested parties and their relevant requirements represent important inputs to several other ISO 9001 requirements, including scope, risks and opportunities, and input to management review, among others.

Appendix 2 of ISO Annex SL mentions some examples of interested parties requirements:

− applicable laws;

− permits, licenses or other forms of authorization;

− government regulations;

− judgments of courts or administrative tribunals;

requirements of a larger entity to which the organization belongs;

− treaties, conventions and protocols;

− relevant industry codes and standards;

− contracts that have been concluded;

− agreements with customers, community groups or non-governmental organizations;

− agreements with public authorities and customers;

requirements through the adoption of voluntary principles or codes of practice;

− voluntary labeling or environmental commitments;

− obligations arising from contractual agreements with the organization.


We can say that success of an organization depends on understanding and satisfying the current and future needs and expectations of current and potential customers and end users, as well as understanding and considering those of other interested parties.

To meet the needs and expectations of all interested parties, the organization should:

• identify your stakeholders and maintain a balanced response to their needs and expectations;

• translate identified needs and expectations into requirements;

• communicate requirements throughout the organization; and

• focus on process improvement to ensure value creation for identified stakeholders;

• understand the needs and expectations of your customers, including those of potential customers;

• determine the key features of the product for customers and end users;

• identify and evaluate competitors in your market; and

• identify market opportunities, weaknesses and competitive advantages.

As examples of needs and expectations of customers and users, in relation to the organization's products, we can mention the following:

The organization should be able to demonstrate that it has identified its interested parties, as well as the needs and expectations of each of them.

From there, in accordance with the requirement of the standard, the organization must track information about these interested parties and their relevant requirements.

This means that the organization should establish a monitoring program, to confirm that interested parties are kept identified, as well as the needs and expectations of each one of them, that communication is maintained with each one of them, and if the performance is aligned to each one of their needs and expectations. The organization should maintain documented evidence of this monitoring.

As the last requirement of this subclause, the standard tells us that the organization shall review the information on these interested parties and their relevant requirements.

To do this, the organization should carry out a formal review of its information on a scheduled basis, to confirm if it is still valid in terms of their interested parties, as well as for their needs and expectations, or, if applicable, what adjustments should be made in this regard. The organization should maintain documented evidence of this review.

The ISO Auditing Practices Group indicates, with respect to this sub-clause, that auditors should understand and assess how an organization decides on interested parties requirements that are relevant to the quality management system, to consider:

• the range of stakeholders considered,

• criteria for selecting relevant stakeholders,

• aspects to select the relevant requirements.

Auditors should be able to conclude on the appropriateness of these practices and how this information is tracked and reviewed, for example through management reviews.

Examples of relevant interested parties are provided in ISO 9000:2015 standard, definition 3.2.3, and clarification related to these requirements is provided in ISO 9001:2015, Annex A, clause A.3.

The relevant requirements of those relevant stakeholders should be apparent as inputs to the planning process, such as potential risks and opportunities. Again, although there is no requirement to retain documented information, an organization would be expected to keep some record of its analysis for ongoing and future reference. This could be expressed, for example, as:

• Minutes of meetings

• Tables

• Spreadsheets

• Databases

• Hyperlinks

• External documentation

• Quality manual (if the organization decides to have one)

• Among others.

Auditors should conduct this review in an interview with top management and follow these issues throughout the audit. If documented information is not provided, auditors should collect objective evidence that the results of this activity are consistently reflected in the risk and opportunity review, external documentation, communication, and other relevant areas of their quality management system.

I hope that this information provides you with more complete information and helps you better understand and comply with this sub-clause.


Ernesto Palomares Hilton