ISO 9001 Clause: 4.3 Determining the Scope of the Quality Management System

 ISO 9001 scope is essentially a snapshot of what your business does and what’s covered by your Quality Management System (QMS). It outlines your products and services, any regulatory requirements, and the activities, facilities, and even remote locations that are supported by your QMS. In short, the scope identifies exactly what your business is all about.

When crafting your scope, make sure it’s fully documented in your QMS, but keep it short and straightforward. The goal is for your customers – and anyone else reading it – to understand it easily. The scope should naturally reflect the kind of controls and processes your business already has in place.

While the scope typically covers the entire organization, there can be exceptions, especially for companies with multiple locations (like national or international branches) or businesses with distinct sides where the QMS only applies to one part. Defining your scope clearly not only helps meet ISO 9001 compliance but also makes sure your operations align with quality standards in a way that everyone can understand.

ISO 9000 Quality management systems — Fundamentals and vocabulary

3.5.3 management system

set of interrelated or interacting elements of an organization (3.2.1) to establish policies (3.5.8) and objectives (3.7.1), and processes (3.4.1) to achieve those objectives
Note 1 to entry: A management system can address a single discipline or several disciplines, e.g. quality management (3.3.4), financial management or environmental management.
Note 2 to entry: The management system elements establish the organization’s structure, roles and responsibilities, planning, operation, policies, practices, rules, beliefs, objectives and processes to achieve those objectives.
Note 3 to entry: The scope of a management system can include the whole of the organization, specific and identified functions of the organization, specific and identified sections of the organization, or one or more functions across a group of organizations.
Note 4 to entry: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1. The original definition has been modified by modifying Notes 1 to 3 to entry.

3.5.4 quality management system

part of a management system (3.5.3) with regard to quality (3.6.2)

When you’re defining the scope of your ISO 9001 compliance, there are a few key elements you need to nail down. First, your scope should cover your entire organization – what you do, where you do it, and how it’s supported by centralized functions like HR or IT. Make sure to include any site-specific processes and instructions, as well as specific departments or functions that play a key role. If your business operates across multiple locations or entities, those functions should be noted too.

When establishing your scope, focus on three main factors:

1. The needs of relevant parties—this includes your directors, investors, suppliers, and employees.
2. Internal and external factors—what’s happening inside and outside your organization that impacts how you operate.
3. Your products and services—these define what your business delivers to customers.

Your scope should also reference which ISO 9001 requirements apply to your business. If certain standards don’t apply, you’ll need to provide a clear justification for those exclusions. Lastly, be sure to mention your organization’s physical locations, the products and services you offer, and the industries you’re working in. Keep it clear and precise – this is your company’s snapshot for how ISO 9001 applies to you.

When setting up your ISO 9001 scope, you may wonder what parts of your business you can exclude. The good news is that some exclusions are allowed, but they come with limits. You can only exclude processes or functions that don’t impact your ability to meet customer and regulatory requirements. For example, if a specific location or department isn’t involved in producing or delivering your products and services, you might be able to leave it out of the scope. However, you can’t exclude anything that affects the quality of your products or services.

It’s also crucial to provide a solid justification for any exclusions, especially when certain ISO 9001 requirements don’t apply to your business. Your scope should still reflect the essential elements of your organization’s operations, including key processes, locations, and services that contribute to meeting customer expectations. Bottom line: you can’t exclude something just to make life easier; it needs to be justified and aligned with the core purpose of your QMS.

A typical exclusion is the ‘Design & Development’ clause, which applies to businesses which don’t create their own designs – they just work off the blueprints their clients give them.

Creating an ISO 9001 scope doesn’t have to be complicated – just follow these steps to keep it clear and on point. First, start by describing what your business actually does. Include your products, services, and any relevant locations, like different offices or manufacturing sites. Next, identify key processes that impact quality, and be sure to include any centralized functions like HR or IT that support your operations. If you’re excluding something (like the design process), make sure you’ve got a legit reason and explain why it doesn’t apply to your business. Keep the language simple and easy to understand, so anyone reading it (like customers or auditors) can get the gist of your operations fast. Lastly, make sure your scope covers all the necessary ISO requirements that apply to your company. And remember – short, clear, and specific is the way to go!

When writing your ISO 9001 scope statement, the key is to:

• Keep it clear, concise, and specific.
• Start by outlining exactly what your company does, including the products or services you provide, the locations where work happens, and the key processes involved.
• Avoid industry jargon – use simple language so it’s easy for anyone to understand.
• If you’re excluding anything (like a department or design process), be sure to justify those exclusions and explain why they don’t apply.
• Make sure the scope reflects your entire business, but don’t overcomplicate it.
• Review and update your scope regularly to ensure it stays aligned with any changes in your operations or business structure.
• Keep it short, but detailed enough to show you’re covering the essential parts of your QMS.

When drafting your ISO 9001 scope, there are a few common mistakes to watch out for:

• Don’t make it too vague or generic – your scope should be specific to what your business does.
• Avoid cramming in too much detail, though; it doesn’t need to be a full business plan, just the essentials. Don’t excluding processes without proper justification – if you leave out something important, it could affect your compliance.
• Be sure to check that all key processes, locations, and services are included and that any exclusions are clearly explained.
• Don’t forget to review and update your scope as your business evolves – what worked last year might not cover everything now.