Determining your organization's Company Context

And how it can help to drive your decisions around ISO certification

May 8, 2024

Background

What is Company Context?

The term “company context” refers to the combination of internal and external factors and conditions that affect an organization’s approach to its operations, strategy, and objectives. It encompasses a wide range of influences that shape and define the environment in which an organization operates, including internal elements within the organization itself and the external forces in the broader environment.

Company Context is a critical component of ISO certification. Describing the organization’s company context is integral to satisfying several ISO standards. While the term is not exclusive to ISO (see ITIL and PMBOK for two examples), it is notably, for our purposes, called out explicitly in ISO 9001 and 27001 (Quality Management and Information Security, respectively).

Because the 9001 and 27001 standards focus on creating management systems, clarifying your organization’s business objectives is critical to proper alignment and ensuring the effectiveness and sustainability of the relevant management system. Without participating in the exercise to define your organization’s context, your efforts in preparing to certify may be inefficient and unfocused.

Driftpin Consultants specializes in evaluating your operations and generating a clear and reliable company context, which will significantly assist your efforts. We offer a free initial review during which we can develop a high level company contact statement, review your updated objectives for ISO certification, as well as a preparatory evaluation that will focus and prioritize all future gap analyses.

In conjunction with the initial gap analysis and a scope statement, a description of the company context will focus and streamline the certification process, no matter which standard you pursue.

Factors that Affect Your Company’s Context

Factors that impact your company’s context can reside inside or outside your company. The evaluation and assessment process may uncover factors that cut across this boundary. By identifying a factor’s primary origin, you can determine where it resides.

Internal Context

The internal context includes organizational elements that impact its performance and strategy. These elements typically encompass:

  • Organizational Culture: the set of shared values, beliefs, and norms that define how employees behave and interact within the organization.
  • Governance and Structure: This includes the company’s organization, hierarchical structure, decision-making processes, and reporting lines. An organization chart and a RACI are useful here.
  • Resources: The availability and distribution of financial, human, technological, and physical resources.
  • Capabilities: The competencies and skills of the organization, including knowledge, experience, and technologies.
  • Products or Services: The nature of the company’s products or services, including their complexity, lifecycle, and requirements.
  • Performance: The maturity and effectiveness of all in-place workflow processes and data flows, as well as Key Performance Indicators (KPI), with records of past performance.

External Context

The external context involves factors outside the organization that may impact its success. These factors include:

  • Market Conditions: The current and historical trends, competition, and demand within the company’s industry.
  • Economic Environment: The economic trends, such as inflation rates, exchange rates, and economic growth, that may affect operational costs and client spending.
  • Social and Cultural Factors: The Societal trends, demographic changes, customer behaviors, and cultural factors that could influence the organization’s operations or market positioning.
  • Technological Changes: The advances in technology that could affect product development, operations, competition, or market needs.
    • Legal and Regulatory Requirements: The domestic and international laws and regulations that impact how the company (and its clients) must operate, including safety, quality, data integrity, and compliance.
    • Environmental Factors: The physical or ecological environment that may affect the organization, including considerations for sustainable operations.

Importance of Understanding Company Context

Understanding your company’s context, which, as shown, includes both internal and external factors, is crucial for strategic planning and risk management. An accurate company context allows an organization to:

  • Align Strategic Objectives: Ensure that the organization’s strategy is aligned with its internal capabilities and external market conditions.
  • Risk Assessment and Management: Identify risks and opportunities related to external changes and internal capacities.
  • Resource Allocation: Optimize resource use by prioritizing critical areas under the current contextual conditions.
  • Adaptability and Resilience: Improve responsiveness to external pressures and internal changes, enhancing resilience and adaptability.
  • Stakeholder Relationships: Better manage relationships with stakeholders by understanding the broader environment in which the organization operates.

In summary, company context is about recognizing and responding to the full spectrum of internal and external factors that define how an organization can achieve its objectives. This understanding helps tailor strategies that are not only ambitious but also grounded in real-world possibilities and constraints. In the context of ISO 9001 and 27001 certification, the company context provides a framework for defining how to create systems to manage quality and information security.

With an accurate company context—comprising strategic goals, regulatory needs, risk profiles, resource availability, competitive landscape, and technological maturity—Driftpin can provide a comprehensive framework you can use to decide the order of pursuing ISO 9001 and ISO 27001 certifications. Aligning the certification strategy with these contextual factors ensures that the company achieves compliance efficiently and effectively enhances its operational capabilities and market position.