Professional Documents
Culture Documents
Generic_MS-DOC-04-1 MS Context, Requirements and Scope_ENG_v1 (2)
Generic_MS-DOC-04-1 MS Context, Requirements and Scope_ENG_v1 (2)
Management System
Context, Requirements and Scope
Revision History
Distribution
Name Title
Approval
Contents
1 INTRODUCTION........................................................................................................................... 5
2 ORGANISATIONAL CONTEXT................................................................................................... 6
2.1 ACTIVITIES............................................................................................................................. 6
2.2 FUNCTIONS............................................................................................................................ 6
2.3 SERVICES.............................................................................................................................. 7
2.4 PRODUCTS............................................................................................................................. 7
2.5 PARTNERSHIPS....................................................................................................................... 8
2.6 SUPPLY CHAINS..................................................................................................................... 8
2.7 RELATIONSHIPS WITH INTERESTED PARTIES.............................................................................8
3 OBJECTIVES AND POLICIES................................................................................................... 10
3.1 BUSINESS OBJECTIVES......................................................................................................... 10
3.2 BUSINESS POLICIES.............................................................................................................. 10
3.3 QUALITY OBJECTIVES........................................................................................................... 10
4 RISK AND OPPORTUNITY MANAGEMENT.............................................................................12
4.1 RISK AND OPPORTUNITY MANAGEMENT STRATEGY................................................................12
4.2 RISK APPETITE..................................................................................................................... 12
4.3 INTERNAL UNCERTAINTY FACTORS........................................................................................13
4.4 EXTERNAL UNCERTAINTY FACTORS.......................................................................................13
4.5 RISK CRITERIA..................................................................................................................... 13
5 REQUIREMENTS....................................................................................................................... 14
6 PURPOSE AND SCOPE OF THE [XXXX] MS...........................................................................16
6.1 PURPOSE............................................................................................................................. 16
6.2 SCOPE OF THE [XXXX] MS.................................................................................................... 16
6.2.1 Organizational................................................................................................................ 16
6.2.2 Services......................................................................................................................... 16
6.2.3 Geographical location..................................................................................................... 17
6.2.4 Customers...................................................................................................................... 17
6.2.5 Technology..................................................................................................................... 17
6.2.6 Exclusions...................................................................................................................... 17
List of Figures
FIGURE 1 - ORGANIZATION CHART............................................................................................................ 9
List of Tables
TABLE 1 – REQUIREMENTS SUMMARY OF INTERESTED PARTIES / LEGAL AND REGULATORY BODIES..........17
1 Introduction
[Organization Name] is committed to ensuring the quality of its products and services
and to enhancing customer satisfaction and has implemented a [Information Security
/ IT Service / Quality / Business Continuity / xxxx] Management System (xxMS) that
is compliant with [ISO xxxxx], the international standard for [xxxx] management
systems.
The purpose of this document is to describe the way the business operates, internal
and external factors influencing it and to highlight in general terms the direction of
the organization. This will allow the scope of the [xxxx] MS to be appropriately
defined and high-level objectives to be set.
2 Organisational Context
2.1 Activities
[Organization Name] undertakes a wide range of business activities within its target
sectors and is constantly developing new products and services to bring to market.
Describe:
2.2 Functions
[Describe where the various functions are based e.g. HR, Finance and Marketing are
in a corporate headquarters whilst Operations is in a regional structure spread
across x offices nationwide/internationally.]
2.3 Services
Specify:
2.4 Products
Specify:
2.5 Partnerships
Organization name
Location(s)
Nature of partnership
Which products or services are affected by the partnership
Which/how many customers are involved
How long the partnership has been in place
Any other relevant information
In addition to our partners and suppliers, [Organization Name] has many other
interested parties it deals with. These include:
Citizens
Customers
Distributors
Shareholders
Investors
Owners
Insurers
Government
Regulators
Recovery service suppliers
Competitors
Media
Commentators
Trade groups
Neighbours
Pressure groups
Emergency services
Other response agencies
Transport services
Dependents of staff
Name of organization
The nature of the interest
Degree of influence over the organization
Value of the interest (if appropriate)
Any other relevant information
For the financial year 20xx/20yy [Organization Name] has set the following major
business objectives:
Policies have been set by the organization in a variety of areas and these must be
taken account of during the business continuity planning process to ensure that they
are met.
Based on the requirements and factors set out in this document, the following major
objectives are set for quality:
Define the main priorities that the [xxxx] MS must address, particularly in terms of the
internal and external uncertainty factors described in sections 4.3 and 4.4 of this
document.
For example:
The success of the [xxxx] MS will be judged on its ability to meet these overall
objectives.
[Organization Name]’s strategy with respect to the high level management of risk
and opportunity is to broadly adopt the principles of the ISO31000 standard (Risk
management – principles and guidelines) so that risk and opportunity management:
These principles will also be applied to the management of risk and opportunity with
respect to the business objectives of the organization.
The [xxxx] MS is designed to address the major risks that are identified to
[Organization Name]. In identifying, assessing and managing these risks there are a
number of options open to the organisation according to its appetite for risk.
In general terms the organizations appetite for risk may be said to be Low / Moderate
/ High (delete as appropriate).
[Low] The strategy of the organization is to avoid risk where possible and to invest
resources in mitigating residual risk through effective measures.
This level of risk appetite will be applied to the risk assessments that are carried out
as part of the [xxxx] MS and will determine the actions that need to be taken to
mitigate risk to an acceptable degree.
With regard to the [Organization Name] business itself, there are a number of
internal factors that create uncertainty that gives rise to risk and opportunity. These
include:
These general internal uncertainty factors will be considered in more detail as part of
the risk and opportunity assessment process.
These include:
These general external uncertainty factors will be considered in more detail as part
of the risk and opportunity assessment process.
The criteria for assessing risk in the context of the organization’s appetite are defined
in a separate document Risk Assessment and Treatment Process.
5 Requirements
This section of the document sets out the interested parties that are relevant to the
[xxxx] MS and their requirements. It also summarises the applicable legal and
regulatory requirements to which the organization subscribes.
The following are defined as interested parties that are relevant to the [xxxx] MS:
Shareholders
Board of Directors
Suppliers
Customers
Regulatory bodies
Customer user groups
Employees of the organisation
Contractors providing services to the organization
National or local government organizations
Emergency services
Trade associations and industry bodies
Trade unions
The applicable requirements of interested parties and legal and regulatory bodies
are summarised in the table on the following page.
6.1 Purpose
For the purposes of certification within [Organization Name], the boundaries of the
[xxxx] MS are defined as follows:
“The xx management system of [Service Provider] that delivers [All] xxx services to
[all] business units within [Organization Name] at [all] locations”
Details of the xxxx services provided can be found within the [Service Provider]
Service Catalogue and a list of business units/stakeholders within the Business
Relationship Management Plan.
The defined scope of [Organization Name]’s [xxxx] MS takes into account the
internal and external factors referred to in sections 4.3 and 4.4 of this document and
the requirements referred to in section 5. It also reflects the needs of interested
parties and the legal and regulatory requirements that are applicable to the
organization.
The scope is further clarified below in terms of the parts of the organization, services,
geographical location, customers and technology.
6.2.1 Organizational
The [xxxx] MS includes the following parts of the [Organization Name] organization:
[If required, specify the parts of the organization included in terms of business
function, or other organizational boundary e.g. individual companies within a group
structure]
6.2.2 Services
The following services are within the scope of the [xxxx] MS:
[If required, list the services at an appropriate level of detail. This may be in the form
of service types rather than specifics which are likely to change rapidly over time.
The services selected must be consistent with the organizational split given in the
previous section]
The following locations are within the scope of the [xxxx] MS:
[If required, specify the geographical locations in which the organization operates
that are included in the [xxxx] MS scope e.g. the Paris and Atlanta offices, or
Germany, or EMEA (Europe, Middle East and Africa)]
6.2.4 Customers
Services delivered to the following customers are included in the scope of the [xxxx]
MS:
6.2.5 Technology
The following technology components are within the scope of the [xxxx] MS:
6.2.6 Exclusions
The following areas are specifically excluded from the scope of the [xxxx] MS:
[If applicable, detail what is excluded and why, in terms of organizational parts,
services, locations, customers and technology. This must remain consistent with the
overall approach and not compromise the ability of the [xxxx] MS to produce the
desired results and meet its objectives.]