Identifying Interested Parties Under ISO 9001 Quality Management

ISO 9001 Clause 4.2

This clause requires the organisation to show that it has identified its interested parties relevant to the quality management system, as well as their needs and expectations

What Does ISO 9001 Clause 4.2 Require?

Clause 4.2 of ISO 9001:2015 requires organisations to identify the interested parties that are relevant to their quality management system, and to determine the requirements of those interested parties that are relevant to the system.

An interested party is any person, group or organisation that can affect, be affected by, or perceive themselves to be affected by your organisation's activities, products or services. The standard requires that you understand what these parties need and expect from you - not just your customers, but a broader range of stakeholders whose requirements may influence how your management system operates.

Clause 4.2 sits alongside Clause 4.1 (Understanding the organisation and its context) as part of the foundation of the ISO 9001 framework. Together they establish the context within which your quality management system is designed and operated. Getting these right means your system is built around the real requirements of the people and organisations that matter to your business, rather than being developed in isolation.

Who Are Interested Parties in ISO 9001?

Interested parties will vary depending on the nature and size of your organisation, but commonly include:

Customers - whose requirements for products and services are central to the management system
Employees and workers - who have expectations around safe and fair working conditions
Suppliers and contractors - who have their own requirements and whose performance affects your outputs
Regulatory and government bodies - whose legal and regulatory requirements must be met
Shareholders and owners - who have expectations around financial performance and governance
Certification bodies - whose requirements define what is needed for ISO certification
Local communities - who may be affected by your organisation's environmental or social impact

The standard does not require you to address every possible stakeholder - only those whose requirements are relevant to your quality management system. The key judgement is whether their needs or expectations could affect your ability to consistently deliver conforming products and services.

Determining Their Requirements

Once you have identified your relevant interested parties, Clause 4.2 requires you to determine their requirements - the needs and expectations they have of your organisation that are relevant to your management system. These may be legal obligations, contractual requirements, regulatory standards, or simply expectations that, if not met, could affect your ability to deliver.

For example, a government agency may require legal compliance, retention of relevant documentation, and monitoring of and response to changes in applicable legislation. A key customer may have specific product specifications, delivery requirements, or quality assurance expectations beyond what is contractually stated. A certification body will have requirements defined by the ISO 9001 standard itself.

Requirements that are legally binding or contractually committed are the most critical - these are non-negotiable. Requirements that are expectations rather than obligations should also be captured and considered, as failing to meet them can damage relationships and affect customer satisfaction.

How to Comply with ISO 9001 Clause 4.2

The most practical and widely used approach is to prepare an interested parties register - a simple document listing all relevant interested parties alongside their identified requirements. This does not need to be complex. A simple register with columns for the interested party, their requirements or expectations, and any associated actions or obligations will satisfy the requirement.

The register should be reviewed regularly - at a minimum during internal audits and management review. Interested parties and their requirements are not static; they change as your business evolves, as legislation changes, and as your customer and supplier relationships develop. The standard expects you to monitor this over time, not just complete it once at the point of certification.

The F-IMS22 register is worth filling in properly rather than rushing through it. The obvious parties - customers, regulatory bodies - are easy. It's the ones you might miss that cause problems at audit: certification bodies, significant suppliers, industry trade bodies, local authorities in some sectors. Take an hour, go through them methodically, and keep the register live. It's also one of the documents that feeds directly into your risk register and management review, so the quality of what goes in here has a knock-on effect across the whole system.

Most businesses already know who their customers are and broadly what they want - they wouldn't be trading otherwise. The register just asks you to write that down and think a bit wider. Customers, regulators, certification body, key suppliers. Done. Where organisations go wrong is either not doing it at all, or spending three days creating an enormous stakeholder map when a one-page register would do the job. Use F-IMS22, keep it proportionate, and move on.

When I'm auditing Clause 4.2, a register that hasn't been reviewed since the Stage 1 audit is a red flag. The interested parties relevant to a business change over time - new regulations, new customers, new supply chain relationships - and the register needs to reflect that. I'm not looking for an exhaustive list of every conceivable stakeholder. I'm looking for a considered one that covers the parties who genuinely matter to the QMS, with some evidence it's been revisited. The most common gap I see is regulatory bodies and certification bodies being missing, which tells me the organisation hasn't really thought about who has an interest in their conformity beyond their direct customers.

ISO 9001 Clause 4.2 and Climate Change

A NOTE was added to ISO 9001:2015 - and to other management system standards - in 2024 following a recommendation from the IAF (International Accreditation Forum) and ISO. The NOTE in Clause 4.2 states that relevant interested parties can have requirements related to climate change.

It is important to understand what this NOTE actually means. A NOTE in an ISO standard is not a requirement - it is informational. The standard does not require a separate climate change policy, a dedicated climate change section in your management system, or any specific new documentation. What it asks is that when you are identifying interested parties and their requirements, you consider whether any of them have climate-related requirements. If they do, those should be captured as part of your normal Clause 4.2 process.

In practice, the most proportionate response for most organisations is to consider climate change as an external issue within your existing SWOT and PESTLE analysis in your risks and opportunities register, and to check whether any of your interested parties - customers, regulators, investors or industry bodies - have climate-related requirements that should be captured in your interested parties register. Beyond that, the standard does not require anything further.

For further guidance on how to address the climate change update within an alphaZ integrated management system, including which specific documents to update, see our ISO Update - Climate Change guidance article.

The climate change NOTE is a NOTE, not a requirement. It's reminding you to think about whether any of your interested parties have climate-related requirements worth capturing. If you're a manufacturer whose customers are asking about your carbon footprint, yes, add it. If you're a two-person consultancy, the answer is probably no and that's fine to document. What you don't need to do is add a climate change column to every line of your risk register - especially where the risk is something like password security, where climate change has absolutely no bearing. Consider it where it's relevant, document that you've considered it, and don't be pushed into theatre.

Practical Compliance Guidance

You can formally document all interested parties on a register, with their needs and expectations defined. The register may consist of entries such as; management, staff, customers, suppliers etc. More specific interested parties may also be added such as industry regulators, frequent customers and certification bodies, who have specific needs and expectations from the company. The interested parties register can then be reviewed and updated as required, and assessed during the internal audit, to ensure they have all been accounted for.

The alphaZ IMS1 Integrated Management System Manual addresses Clause 4.2 directly - the context, company profile and scope of operations section documents how internal and external stakeholders are identified and how their requirements have been considered. Implementing IMS1 as part of your management system provides the procedural framework to meet this clause effectively.

The documents listed below are included in any alphaZ toolkit that covers ISO 9001. If you are implementing or maintaining a quality management system, the relevant toolkit will include all the resources you need to meet the requirements of Clause 4.2.

alphaZ document	How to use it
ISO 9001/14001/45001 IMS Toolkit	The complete toolkit for implementing an ISO compliant integrated management system. Includes the IMS1 manual, all policies, procedures, registers and audit checklists - including all the documents listed below.
F-IMS22 Interested Parties Register	The primary document for meeting Clause 4.2. Lists all relevant interested parties alongside their requirements and expectations. Should be reviewed at least annually during internal audit and management review. Included in all alphaZ toolkits.
IMS1 Integrated Management System Manual	Documents the organisational context including how interested parties and their requirements are identified and managed. Also references the review process for interested parties during management review and internal audits.
F-IMS38 Climate Change Review Register	An optional register for documenting a more detailed consideration of the relevance and impact of climate change on your organisation and management system. Useful where auditors or interested parties are expecting documented evidence of climate change consideration beyond what is captured in the risks and opportunities register.

Note - all the above files can be downloaded with an alphaZ subscription

Frequently Asked Questions

What is an interested party in ISO 9001?

An interested party is any person, group or organisation that can affect, or be affected by, your organisation's activities, products or services - where those effects are relevant to your quality management system. Common examples include customers, employees, suppliers, regulatory bodies, shareholders, certification bodies and local communities. The standard does not require you to identify every conceivable stakeholder - only those whose requirements could affect your ability to consistently deliver conforming products and services.

Is a customer the same as an interested party?

Customers are interested parties, but Clause 4.2 is broader than just customers. The clause requires you to consider all parties whose requirements are relevant to your quality management system - which typically includes employees, suppliers, regulatory bodies, certification bodies and others depending on the nature of your business. Customer requirements are addressed in more detail elsewhere in ISO 9001:2015, particularly in Clause 8.2. Clause 4.2 sets the wider context.

Do I need an interested parties register?

ISO 9001:2015 does not explicitly require a documented register of interested parties. The standard requires you to determine the relevant interested parties and their requirements - how you evidence that is up to you. In practice, a simple register is by far the easiest way to demonstrate compliance during an audit. Without something documented, an auditor has nothing to review and you have nothing to point to. It doesn't need to be complex - a basic list of interested parties with their key requirements noted alongside is enough.

How often should I review my interested parties register?

The standard requires you to monitor and review information about interested parties and their requirements - it does not specify a frequency. In practice, a review at least annually as part of your management review and internal audit programme is the accepted approach. Interested parties and their requirements change over time as your business evolves, legislation changes and relationships develop. A register that hasn't been reviewed since initial certification is unlikely to satisfy an auditor that this is being actively managed.

Does ISO 9001 require me to document the requirements of interested parties?

The standard requires you to determine the requirements of relevant interested parties - not necessarily to document them in any specific format. However, as with the register itself, having the requirements written down alongside each interested party is the practical way to demonstrate compliance. Requirements may be legal obligations, contractual commitments, regulatory standards or other expectations. Legal and contractual requirements are the most critical - these are non-negotiable and must be identified and met. Other expectations are worth capturing too, but the standard does not require you to treat all requirements equally.

Do I need to address climate change as part of Clause 4.2?

A NOTE was added to ISO 9001:2015 in 2024 stating that relevant interested parties can have requirements related to climate change. A NOTE is not a requirement - it is informational. You are not required to produce specific climate change documentation or add new sections to your management system.

In practice, the most proportionate response is to consider climate change as an external issue within your existing SWOT and PESTLE analysis, and to check whether any of your interested parties have climate-related requirements that should be captured in your interested parties register. For most organisations that is sufficient. If you want to document a more detailed consideration, the alphaZ F-IMS38 Climate Change Review Register provides a structured way to do this. See also our ISO Update - Climate Change guidance article for further detail.

An auditor has raised climate change as an issue - what should I do?

First, check what the auditor is actually asking for and whether it is supported by the standard. The ISO 9001:2015 climate change NOTE does not require specific documentation beyond considering it as part of your existing context and interested parties review. If you have considered climate change within your SWOT analysis and interested parties register, you have met the requirement.

If an auditor is asking for something beyond this - such as a climate change consideration against every item in your risk register - that goes beyond what the standard requires and you are entitled to ask them to point to the specific clause that supports their request. Auditors should audit against the requirements of the standard, not their own interpretation of what good looks like. If you want additional documented evidence, the F-IMS38 Climate Change Review Register provides a structured record that addresses the requirement proportionately.

Further Resources