Compliance Conversations: How Often Should You Review Your Interested Parties?

Posted by Craig Thornton

We have gathered compliance consultants from around the world to give some insights into the ISO requirement, Interested Parties.

In this conversation, we discuss how often you should review your interested parties and what that review should include.

Check out the video here:


Video Transcription


How often should you review your interested parties and what should the review include?


John, Many Caps, New Zealand

You should review your interested parties, at least annually, but it will vary depending on the impact they have on your quality system.

The types of things you should be reviewing is

  • suppliers 
    • their performance,
  • customers
    • that you meet that expectations,

Same with your employees.

You can do that through management meetings, through supplier audits and feedback sessions into the management meetings, or just general reviews.


Chris, FQM, United Kingdom

Typically, to answer this question, I don't think there is any one specific defined answer. If I was to be put on the spot, I would maybe say annually.

However, in changing circumstances, which could be within your business, or possibly outside of your business, where you have little influence over it, then it means if any of these significant changes that occur, you really need to do a review.

It may not be a review of all your interested parties, but maybe those specific ones that may be impacted by some external influence.

Doing this review will allow you to identify the changes, the impacts, the expectations from them, or from you. Therefore, this review will allow you to document any changes which are specifically for them or for you.

Identifying this information of the interested party or parties will allow you to adjust your management system and the methods of how you communicate, report, monitor, measure, etc.


Mark, Business Basics, Australia

Ideally, you should at least review your interested parties on an annual basis. That's just good housekeeping, it's good to understand your business.

Additionally, you should probably look every few months as to how's the business changed, what markets have you moved into, what markets have you moved out of, and how those requirements from people have changed.

For example, your employees, in the middle part of the year, they will probably not want the same thing as they do towards the end of the year. At the end of the year they'll probably want more leave, whereas in the middle of the year they’ll probably want to work more.

What’s that review include?

Most importantly, include people from all the way through your organisation. You sitting in the ivory tower might go and sit down and say that these people aren't important the business but when you talk to people on the ground, they'll actually turn around and say, ‘Well, no, they have a huge impact on what we do and the decisions we make across the organisation.’


Michael, Momentum Safety and Ergonomics

In the perfect world, I think pretty often, but realistically, we're not going to get to them that often. There's a lot to discuss in these Management Review meetings and the other places that you might discuss interested parties.

I think, as long as you're covering them every 6 to 12 months, and just reviewing the list and what their interests are, then you’re probably on the right track.

We don't necessarily want to do this one all the time, at the risk of missing out on doing some other important management system functions, so about every six to 12 months.

The review should look at who they are, and what their interests are, and just making sure that they're still aligning to you and your company. There's going to be changes on both sides.

Your company will have shifts and changes in the environment that it's working in, and the way that it does things. And your interested parties may also have changes in the way that they do things.

We need to make sure that the way that we've worked through previously is still valid and that's what my review would look like.

It’s looking at the list, looking at what their needs and requirements are, and are they still in alignment?


Nicholas, SRM, South Africa

Our experience has been that interested parties and who they are don't change that often.

However, what we have found is that some of the needs and expectations of those interested parties can evolve.

If the interested party is a regulator, I don't think the regulator is ever going to change, however, their needs and expectations, particularly around legal requirements, etc. can evolve quite rapidly.

As an example, we review our interested parties annually, however, we might review their needs and expectations once every quarter, or bi-annually, depending on the type of interested party or their needs and expectations because some are relatively static and some will evolve quite regularly.


Andrew, IRM Systems, Australia

You really should review your interested parties and their expectations regularly; we would advocate at least quarterly.

In our previous response, do this at a level where you're involving management.

A couple of things to consider in the process.

  1. Your existing interested parties expectations can change over time.
    • If you're doing that quarterly or 6 monthly, you need to identify - whether we had a regulator as an interested party or staff or whoever the interested parties might be
    • We need to actually identify their new expectations.
  2. Also, we do you need to think about from time to time, are there any emerging or new interested parties?
    • Ones that we may not have identified initially, but are now quite pertinent to our safety system or food safety management system, for example.

There are two key things to consider.


Gary, QSM Group, Australia

It's important that an organisation periodically reviews the identified interested parties and their needs and expectations relevant to their management system, simply because things change.

How often this done really depends on the degree of risk involved.

For example, the expectations from regulators in respect to a legal requirement may change and the organisation should ensure it's able to meet this new law, or regulation from the time it comes into effect. An organisation must have a process in place to regularly monitor changes to legal requirements, so it can ensure its management system is amended in a timely manner.

For other identifying interested parties, the review could be done less frequently, again, depending on the level of risk.

That said, at the very least, I'd recommend that the identified interested parties be formally reviewed by stakeholders in the business at least once every 12 months.


Sean, Kaizen Consulting, New Zealand

In terms of reviewing interested parties, it wouldn't fall on the one frequency of review, because different interested parties have different review requirements.

As an example,

  • Your employees,
    • may have six monthly or annual performance evaluation or performance development plans with them.
  • Your management team,
    • you need to have different frequency of keeping them engaged and informed about your company updated objectives and strategic direction.
  • In terms of your supplier contractors,
    • you need to have different frequency depending on the risk they impose your company to, so you need to evaluate them on you know the cost quality, safety, information security,

Each one of those would have different review frequencies and also those reviews would depend on the impact that they have on your organisation.

  1. Review your interested parties at least 6-12 monthly
  2. Include a broad range of people throughout your organisation in the reviews 
  3. Not all interested parties are equal, some may need to be reviewed on a more regular basis depending on their needs and expectations

Tags: ISO, Compliance, ISO Certification, Compliance Conversations, Interested Parties