Context and stakeholder analysis per ISO clause 4 - the foundation of your management system

Clause 4 is the foundation of your entire management system under ISO 9001, ISO 14001, or ISO 45001. Without proper context analysis and stakeholder analysis, the rest of the system is useless - you build processes and routines without understanding what your organization actually needs.

This guide shows you how to implement clause 4 in practice: from context analysis with PESTEL and SWOT, through stakeholder analysis, to scope definition and process landscape.

Why clause 4 matters

ISO 9001, ISO 14001, ISO 45001, and ISO 27001 share the same basic structure (Annex SL). They all start with clause 4: Context of the organization. This is not a coincidence.

Clause 4 forces you to answer fundamental questions:

• What external factors affect our organization? (Clause 4.1)
• What internal capabilities and limitations do we have? (Clause 4.1)
• Who cares about what we do, and what do they want? (Clause 4.2)
• What exactly should the management system cover? (Clause 4.3)
• What processes do we need to meet all of this? (Clause 4.4)

Once you have answered these questions, you know exactly what your risk analysis (clause 6.1) needs to address, which objectives (clause 6.2) are relevant, and what management should review (clause 9.3).

Clause 4 is the map. The rest of the standard is the journey.

Clause 4.1 - Understand the organization’s context

Clause 4.1 requires you to identify external and internal issues that affect your organization’s purpose and strategic direction.

External issues are the outside world: legislation, market trends, competition, technological development, climate change.

Internal issues are your own organization: competence, processes, resources, culture, strengths and weaknesses.

Two analysis tools help you meet clause 4.1:

1. PESTEL analysis for external issues
2. SWOT analysis for internal issues (and how they relate to external opportunities and threats)

PESTEL analysis: Map the outside world

PESTEL analysis structures external factors into six categories: Political, Economic, Social, Technological, Environmental, Legal.

Political factors

Political factors deal with how governments and authorities affect your business.

Questions to ask:

• How stable is the government and the political situation?
• Is there political support for our industry?
• Are we affected by trade agreements or tariffs?
• How do EU directives affect our operations?

Examples:

• New EU sustainability directives that favor or complicate products
• Changed trade policy after Brexit or geopolitical tensions
• Government support for certain types of innovation or product development

Economic factors

Economic factors include business cycles, exchange rates, inflation, interest rates.

Questions to ask:

• How are our customers affected by the economic cycle?
• Are we exposed to currency risks?
• How does inflation affect our costs and pricing?
• How do interest rates affect investment decisions?

Examples:

• Recession reduces customers’ ability to pay
• Rising interest rates increase capital costs for expansion
• Currency fluctuations affect import costs or export revenue

Social factors

Social factors deal with societal trends, demographics, attitudes, consumer behavior.

Questions to ask:

• How are customer expectations and needs changing?
• What demographic changes affect the labor market?
• What are society’s attitudes toward our industry?
• Is the right competence available in the labor market?

Examples:

• Increased environmental awareness drives demand for sustainable products
• Aging population creates skill shortages in certain professions
• Changed work practices after covid (remote work, digital communication)

Technological factors

Technological factors include automation, digitalization, R&D development, technological change.

Questions to ask:

• What new technologies could improve our processes?
• How fast is technology developing in our industry?
• Do existing products risk becoming obsolete?
• Are there automation opportunities that increase efficiency?

Examples:

• AI tools that can automate administrative tasks
• New production technology that competitors are adopting
• Digital transformation changing customer buying behavior

Environmental factors

Environmental factors deal with climate, weather, sustainability requirements, resource changes.

Questions to ask:

• How does climate change affect our operations?
• Are there requirements to reduce environmental impact from customers or authorities?
• Do we risk resource shortages (raw materials, energy, water)?
• How do weather and seasonal variations affect operations?

Examples:

• Drought affecting access to raw materials or production capacity
• Carbon neutrality requirements from major customers
• New environmental laws requiring investment in cleaner technology

Legal factors

Legal factors include laws, regulations, industry rules, compliance requirements.

Questions to ask:

• Which laws and regulations govern our operations?
• Are new regulations coming that affect us?
• Are there industry-specific requirements we must meet?
• What liability do we face for product defects or workplace incidents?

Examples:

• GDPR requires systematic handling of personal data
• Work environment legislation demands protective measures
• Product liability laws regulate responsibility for defects or damages
• New chemical regulations restrict permitted substances

PESTEL process: How to run the analysis

Run the PESTEL analysis together with management and key personnel. Gather 5-10 people. Bring supporting material: market analyses, industry reports, legislative overviews, trend analyses.

Workflow:

1. Go through each PESTEL category systematically
2. Identify factors that actually affect your business (not general trends)
3. Assess whether the factor is an opportunity or a threat
4. Prioritize: High, Medium, or Low impact
5. Note the knowledge source (who in the organization knows about this)
6. Document in the management system

Example PESTEL results:

• Legal factor: New EU legislation favors sustainable products. Assessment: Opportunity with high priority. Our products already meet the requirements, competitors need to adapt.

• Economic factor: Low-cost competitors from Asia are gaining market share. Assessment: Threat with high priority. Price pressure increasing, we can’t compete on price.

• Social factor: Increased demand for fast delivery within 24h. Assessment: Both opportunity and threat with medium priority. Opportunity if we can handle the logistics, threat if we fall behind.

• Technological factor: AI tools can automate customer service. Assessment: Opportunity with medium priority. Reduces costs and improves availability.

SWOT analysis: Map internal capabilities

SWOT analysis maps the organization’s Strengths, Weaknesses, Opportunities, and Threats.

Internal factors (strengths and weaknesses) are what you control. External factors (opportunities and threats) come from the PESTEL analysis.

SWOT meets ISO clause 4.1 by:

• Identifying internal factors (strengths and weaknesses)
• Connecting internal capabilities to external opportunities and threats
• Providing structure for strategic work
• Documenting context analysis per standard requirements

For a detailed SWOT guide with AmpliFlow implementation, see our comprehensive article on SWOT analysis for management systems.

Strengths: What works well?

Questions to ask:

• What works very well in the organization?
• Which resources or competencies are strong?
• What do customers appreciate most?
• What improvements have strengthened operations this past year?

Example strengths:

• ISO 9001 and 14001 certified since 2018 with well-established processes
• Strong customer loyalty - high rate of repeat customers
• High technical competence within the product area
• Short lead time compared to competitors

Weaknesses: What limits us?

Questions to ask:

• What works poorly or creates problems?
• Where do we lack resources or competence?
• What complaints or criticism do we get from customers?
• Which non-conformities recur in the management system?

Example weaknesses:

• Dependence on two large customers (65% of revenue)
• Low digitalization - manual processes in production create inefficiency
• Limited marketing capacity
• Difficulty recruiting the right competence

Connect SWOT to PESTEL: How it fits together

Once you have completed the PESTEL analysis (external factors) and identified strengths and weaknesses (internal factors), connect them:

Strengths + Opportunities: How do we use our strengths to seize opportunities?

• Opportunity: New EU legislation favors sustainable products
• Strength: ISO 14001 certification
• Strategy: Launch marketing campaign highlighting our environmental certification

Strengths + Threats: How do we use our strengths to reduce threats?

• Threat: Low-cost competition from Asia
• Strength: Strong customer loyalty and ISO certification
• Strategy: Focus on premium segment with quality and personal service

Weaknesses + Opportunities: What must we fix to seize opportunities?

• Opportunity: Digital transformation opens new business models
• Weakness: Low digitalization level
• Strategy: Invest in digital infrastructure and competence development

Weaknesses + Threats: Which combinations create the greatest risk? (This becomes input to risk analysis clause 6.1)

• Threat: Low-cost competition from Asia
• Weakness: Dependence on two large customers
• Risk: If these customers are attracted by low prices, we lose 65% of revenue
• Action: Urgent customer diversification - contact 15 potential new customers by Q2

Document the context analysis

Document PESTEL and SWOT in the management system. This meets the clause 4.1 requirement to determine external and internal issues.

In AmpliFlow, you create the context analysis directly in the system, where it is automatically linked to risk analysis and management review. When you identify a threat in the PESTEL analysis, you can create a risk with one click and follow up systematically.

What to document:

• External factors from PESTEL analysis (prioritized by impact)
• Internal strengths and weaknesses from SWOT analysis
• The connection between internal capabilities and external changes
• Responsible person for each identified factor
• Action plans for critical weaknesses and threats

Links to other parts of the management system:

• To risk analysis (clause 6.1): Threats and combinations of weaknesses + threats become risks
• To objectives (clause 6.2): Opportunities and strengths point to areas for goal setting
• To management review (clause 9.3): Context analysis is input to the annual management review

Clause 4.2 - Understand stakeholder needs and expectations

Clause 4.2 requires you to identify which stakeholders are relevant to the management system and understand their needs and expectations.

Stakeholders are anyone who affects or is affected by your operations. Many people think of customers first, but stakeholders are broader than that.

Who are your stakeholders?

Typical stakeholders for most organizations:

External stakeholders:

• Customers (end customers, distributors, retailers)
• Suppliers and subcontractors
• Authorities and regulatory bodies
• Society (local community, neighborhood)
• Industry associations
• Media
• Competitors (indirect influence)

Internal stakeholders:

• Owners and board of directors
• CEO and management team
• Employees
• Trade unions
• Safety representatives

Not all organizations have the same stakeholders. A public sector organization has different stakeholders than a privately owned company. A manufacturing company has different ones than a consulting firm.

Identify relevant stakeholders

Run the stakeholder analysis together with management and key personnel.

Questions to ask:

1. Who is affected by our operations?

   • Which groups are directly affected by our products, services, or decisions?
   • Who is indirectly affected (e.g., the neighborhood around a factory)?

2. Who has requirements for us?

   • Who places requirements through legislation or contracts?
   • Who has expectations based on market norms or industry practice?

3. Who affects our ability to deliver?

   • Which suppliers are critical to our operations?
   • Which stakeholders can stop or hinder operations?

4. Who do we need to involve?

   • Who should actively participate in business development?
   • Who needs to be informed about changes?

Understand stakeholder needs and expectations

For each identified stakeholder, you need to understand two things: what they expect from you, and how you find out.

Different stakeholders have different priorities. Customers care about quality, delivery precision, and price. Employees want a safe work environment, development opportunities, and fair compensation. Owners focus on profitability, growth, and controlled risks. Authorities demand regulatory compliance and safety. Suppliers seek long-term relationships with clear requirements and reliable payment.

But how do you know what stakeholders actually want? Don’t guess - collect information systematically. Use customer surveys and feedback from sales. Review contracts and specifications for explicit requirements. Monitor legislation and regulations for authority expectations. Conduct employee reviews and safety rounds for employee needs. Hold regular supplier dialogues. Attend industry meetings and network events to catch trends.

How important is the stakeholder?

Prioritize stakeholders by impact and relevance:

• High priority: Customers, authorities, critical suppliers, employees, owners
• Medium priority: Industry associations, media, local community
• Low priority: General societal groups without direct impact

Stakeholder matrix: Structure the analysis

A stakeholder matrix helps you visualize and prioritize stakeholders.

Example stakeholder analysis:

High priority (high impact):

• Customer A (major account): High impact, high interest. Responsible: Sales manager. Expectations: delivery precision, quality certification, sustainability.
• Swedish Work Environment Authority: High impact, medium interest. Responsible: Quality manager. Expectations: regulatory compliance, safe workplaces.
• Employees: High impact, high interest. Responsible: HR manager. Expectations: safe work environment, clear communication, development.
• Supplier X (critical): High impact, medium interest. Responsible: Procurement manager. Expectations: long-term relationship, clear forecasts.

Medium and low priority (lower impact):

• Local community: Low impact, low interest. Responsible: CEO. Expectations: limited environmental impact, job opportunities.
• Industry association: Low impact, medium interest. Responsible: CEO. Expectations: participation in industry development.

Manage stakeholder expectations

Stakeholder analysis is not a one-time activity. Expectations change.

Examples of changing expectations:

• Digital healthcare services (Kry, Doktor.se) changed expectations for traditional healthcare centers - patients now expect digital booking and video consultations
• Environmental awareness is increasing - customers expect sustainability information that was not relevant 10 years ago
• Covid changed work practices - employees now expect flexibility for remote work

Establish processes to:

1. Regularly collect stakeholder input (customer surveys, employee reviews, supplier dialogues)
2. Evaluate changing expectations and assess impact
3. Update stakeholder analysis at least annually (at management review)
4. Involve stakeholders in decisions that affect them

Document the stakeholder analysis

AmpliFlow has a ready-made stakeholder register where you document each stakeholder with their requirements, priority, and responsible person. The register connects to the customer requirements matrix, so customer requirements automatically appear in relevant processes and at management review.

What to document:

• List of relevant stakeholders
• Stakeholder requirements and expectations
• Priority (high/medium/low)
• Responsible person for each stakeholder relationship
• How you collect and evaluate stakeholder input

Links to other parts of the management system:

• To risk analysis (clause 6.1): Risk of not meeting stakeholder expectations
• To objectives (clause 6.2): Objectives based on stakeholder needs
• To processes (clause 4.4): Processes must deliver what stakeholders expect
• To management review (clause 9.3): Stakeholder analysis is input to annual review

For more on stakeholder analysis, see our articles:

• Stakeholder Analysis: The Core of ISO 9001 and Successful Business
• What is stakeholder analysis in ISO 9001?

Clause 4.3 - Determine the scope of the management system

Clause 4.3 requires you to define exactly what the management system covers - and what it does not cover.

The scope is determined based on:

• Results of context analysis (clause 4.1)
• Stakeholder requirements (clause 4.2)
• The organization’s products and services
• Organizational and physical boundaries

What should the scope include?

Consider:

• Which products and services are covered?
• Which operational areas are covered?
• Which physical locations are covered (head office, production units, warehouses)?
• Which processes are covered?

Scope examples:

Example 1 - Manufacturing company: “This quality management system per ISO 9001:2015 covers design, manufacturing, and sales of welding equipment at the production facility in Gothenburg. The system covers the entire operation from customer order to delivery, including purchasing, production, quality control, and aftermarket support.”

Example 2 - Consulting firm: “This quality management system per ISO 9001:2015 covers project management and business development services delivered from the head office in Stockholm. The system covers sales, project planning, execution, and follow-up of consulting assignments.”

Example 3 - Company with multiple operations: “This environmental management system per ISO 14001:2015 covers manufacturing and distribution of food products at the production facilities in Malmo and Helsingborg. The system includes raw material handling, production, packaging, storage, and distribution. The system does NOT cover the retail operations of the company’s store chain.”

Applicability and exceptions

If you determine that parts of the standard are not applicable, you must justify why. ISO 9001:2015 does not use the concept of “exclusions” as previous editions did. Instead, this is handled through applicability in clause 4.3.

Applicability rules (ISO 9001:2015):

• The organization can decide a requirement is not applicable if the decision does not affect the ability to deliver conforming products and services or enhance customer satisfaction
• The decision must be justified in the scope description
• Requirements that are applicable within the scope must be met

Example of justified non-applicability: “Clause 8.3 (Design and development of products and services) is not applicable because the company only manufactures products according to customer-provided specifications and drawings. The company does not perform any product development.”

Document the scope

The scope must be documented and available. It should be part of the management system documentation.

What the documentation should include:

• Clear description of covered products/services
• Organizational and geographical boundaries
• References to context analysis and stakeholder analysis (showing the scope is based on clause 4.1 and 4.2)
• Any exclusions with justification
• Date of establishment and latest revision

Review the scope at management review and update it when organizational changes occur.

Clause 4.4 - Establish and maintain the management system and its processes

Clause 4.4 requires you to establish, implement, maintain, and continually improve the management system, including the processes needed and their interactions.

Process landscape: What processes do we need?

Based on context analysis (4.1), stakeholder requirements (4.2), and scope (4.3), you identify which processes are needed.

Typical processes in a management system:

Management processes:

• Strategic planning and management review
• Risk management
• Objective and performance management

Core processes (value-creating):

• Sales and marketing
• Design and development (if relevant)
• Production or service delivery
• Delivery and distribution

Support processes:

• Purchasing and supplier management
• HR management and competence development
• IT and system support
• Document management

Improvement processes:

• Non-conformity management
• Improvement suggestions
• Internal audit

Processes interact

Clause 4.4 requires you to understand how processes interact. No process lives in isolation.

Examples of process interactions:

• Risk analysis (management process) identifies risks in production (core process)
• Customer requirements from sales (core process) drives competence development (support process)
• Non-conformities from production (improvement process) become input to management review (management process)
• Stakeholder analysis (clause 4.2) drives requirements for supplier management (support process)

Document the process landscape

What to document for each process:

• Process purpose and intended outcome
• Input (what the process needs) and output (what the process delivers)
• Process owner (responsible person)
• Resources needed
• How the process is measured and evaluated (KPIs)
• Risks associated with the process
• Interactions with other processes

The process landscape is a living document that is updated when the business changes.

Summary: Clause 4 as the foundation of the entire management system

Clause 4 answers the questions:

• 4.1 Context: What external and internal issues affect us? (PESTEL + SWOT)
• 4.2 Stakeholders: Who cares, and what do they want?
• 4.3 Scope: Exactly what should the management system cover?
• 4.4 Processes: What processes are needed to meet all of this?

Once you have answered these questions, you know:

• Which risks to address (clause 6.1)
• Which objectives are relevant (clause 6.2)
• What resources and competences are needed (clause 7)
• Which processes to control (clause 8)
• What management should review (clause 9.3)
• What to improve (clause 10)

Clause 4 is not theoretical. It is the map that makes the rest of the management system relevant.

Practical tips for implementing clause 4

1. Do it with the management team

Context analysis and stakeholder analysis are strategic issues. Don’t do it alone as a quality manager - involve the CEO, management team, and key personnel.

2. Base the analysis on data, not guesses

Bring supporting material: customer surveys, complaint data, financial KPIs, competitor analyses, industry reports. Document where the information comes from.

3. Keep it alive

Update context analysis and stakeholder analysis at least annually at management review. Update when major changes occur (new legislation, market shift, organizational change).

4. Connect to risk analysis and objectives

Use the results from clause 4 directly in risk analysis (clause 6.1) and objective setting (clause 6.2). Threats and weaknesses become risks. Opportunities and strengths become objectives.

5. Document simply and accessibly

Use structured tools (tables, lists, matrices) instead of long prose documents. Make it easy to find and update information.

6. Link to other parts of the management system

Ensure that context analysis, stakeholder analysis, scope, and process landscape are referenced in:

• Risk analysis
• Objective setting
• Management review
• Strategic planning

When these parts connect, the management system is powerful. When they live in isolation, it is paperwork.

---

Next steps after clause 4:

Once you have completed clause 4, the foundation is laid. Use the context analysis and stakeholder analysis to:

1. Identify risks and opportunities (clause 6.1)
2. Set relevant objectives (clause 6.2)
3. Plan management review with the right input (clause 9.3)

Clause 4 is the starting point. Use it.

---

Need support with clause 4? AmpliFlow helps you keep context, stakeholders, risks, and management review in one structure, so the analysis becomes part of the way you work. Contact us to see how to get started.