DraftInternalISO 9001ISO 14001ISO 27001

SW-IMS-MAN-004

IMS Manual - Context of the Organization (Clause 4)

Version

1.0

Owner

CEO

Effective Date

TBD

Review Date

TBD

IMS Manual - Context of the Organization (Clause 4)

Document Information

Document ID: SW-IMS-MAN-004
Version: 1.0
Status: Draft
Effective Date: [TBD]
Review Date: [TBD]
Owner: CEO
Approved by: [TBD]

This section of the IMS Manual describes how Swedwise AB understands its organizational context and determines the needs and expectations of interested parties (stakeholders). This understanding forms the foundation for designing and implementing an effective Integrated Management System.

Alignment with ISO Standards:

ISO 9001:2015, Clause 4: Context of the Organization
ISO 14001:2015, Clause 4: Context of the Organization
ISO 27001:2022, Clause 4: Context of the Organization

2. Understanding the Organization and its Context (Clause 4.1)

2.1 Overview

Swedwise systematically analyzes internal and external issues that affect our ability to achieve the intended outcomes of the IMS. This context analysis informs strategic planning, risk assessment, and objective setting.

Process Reference: SW-IMS-PRO-011 - Context and Interested Parties Procedure

2.2 Internal Context

2.2.1 Company Profile

Company Name: Swedwise AB
Founded: [TBD]
Headquarters: Karlstad, Sweden
Additional Offices: Stockholm, Uddevalla
Employees: Approximately 35 (as of [date])
Ownership: [TBD - Private company / Ownership structure]

Business Model:

Software licensing (OpenText, Salesforce, other platforms)
Consulting and implementation services
SaaS offerings (Swedwise Communications)
Support and maintenance services

Target Market:

Large public sector organizations (government, municipalities, healthcare)
Private sector enterprises (financial services, utilities, manufacturing)
Geographic focus: Nordic region (primarily Sweden, Norway, Denmark)

Brand Promise: "Make Time For The Good"

Helping customers automate and optimize business-critical processes
Freeing staff time for value-added activities
Delivering reliable, efficient, and secure solutions

2.2.2 Organizational Structure

Management Team:

CEO: Overall business leadership and IMS accountability
Management Team: Strategic direction and functional leadership

Organizational Units:

Unit	Function	Headcount
Customer Acquisition	New customer sales, business development, marketing	~[TBD]
Customer Development	Account management, customer relationship growth	~[TBD]
Customer Success	Service delivery, implementation, support, onboarding	~[TBD]
Resource Management	Staff allocation, capacity planning, training coordination	~[TBD]
Discipline Forums	Technical expertise (OpenText, Salesforce, etc.)	Cross-functional
PMO	Internal project governance and delivery	~[TBD]
Support Functions	Finance, HR, IT, administration	~[TBD]

Reporting Structure:

Relatively flat organizational structure
Emphasis on autonomy and empowerment
Cross-functional collaboration through Discipline Forums
Matrix structure for consultants (report to Resource Management, work in customer projects)

2.2.3 Organizational Culture

Philosophy: "The Machine" framework

Learning organization emphasizing continuous reflection and improvement
Agility and adaptability over rigid hierarchy
Autonomy and trust over command-and-control
Empowerment of teams and individuals to make decisions
Collaboration and knowledge sharing

Values:

Customer Focus: Customer success drives our success
Quality: Excellence in everything we do
Integrity: Honest, ethical, and transparent
Innovation: Continuous learning and improvement
Sustainability: Responsible stewardship of resources and environment
Teamwork: Collaboration, respect, and mutual support

Work Environment:

Mix of office-based, remote, and on-site (at customer locations)
Flexible working arrangements
Distributed workforce across three office locations
Consultants primarily working at customer sites

2.2.4 Strategic Objectives

Growth Strategy:

Expand SaaS service offerings to meet public procurement requirements
Grow existing customer accounts through deeper engagement
Acquire new customers in target verticals (public sector, financial services)
Increase recurring revenue through SaaS and support contracts
Maintain high customer retention through quality and service

Capability Development:

Achieve ISO 9001, ISO 14001, ISO 27001 certifications
Build mature SaaS operations capability
Strengthen internal processes and documentation
Enhance staff competencies through training and certification
Develop thought leadership in key technology areas

Market Position:

Recognized leader in OpenText and Salesforce implementations in the Nordic region
Trusted partner for business-critical solutions
Differentiation through quality, security, and environmental certifications
"Make Time For The Good" positioning resonating with customer values

2.2.5 Resources and Capabilities

Human Resources:

Strengths:
- Deep technical expertise in OpenText, Salesforce, and business integration
- Experienced consultants with long customer relationships
- Learning culture fostering continuous improvement
- Nordic language capabilities (Swedish, Norwegian, Danish, English)
Limitations:
- Small workforce (~35) limits capacity and redundancy
- Resource conflicts between customer work and internal initiatives
- Externally-focused staff (limited availability for internal projects)
- Recruitment challenges in competitive Nordic IT market

Technical Resources:

Cloud infrastructure partnerships (AWS, Azure, Google Cloud)
Data center partnership (Entiros, Sweden) for SaaS hosting
Development tools and platforms
Monitoring and management tools

Financial Resources:

[TBD - Financial position, access to capital, constraints]

Knowledge and Intellectual Property:

Implementation methodologies and best practices
Customer solutions and templates
Integration patterns and code libraries
Industry and vertical expertise (public sector, financial services)

2.2.6 Process Maturity

Current State:

Process Area	Maturity Level	Notes
Quality Management	Level 2 (Repeatable)	Informal processes; not documented systematically; some repeatability through individual expertise
Environmental Management	Level 1 (Initial)	Ad-hoc; minimal formalization; reactive compliance
Information Security	Level 2 (Repeatable)	Some processes in place; not comprehensive or formalized for ISO 27001
SaaS Operations	Level 1-2 (Initial to Repeatable)	New service; building operational maturity; monitoring in place but processes evolving
Documentation	Level 1 (Initial)	Weak; historically limited documentation of processes and procedures
Training and Competence	Level 2 (Repeatable)	Training occurs but not systematically tracked or managed

Target State (Post-ISO Certification):

Process Area	Maturity Level	Timeframe
All IMS Areas	Level 3 (Defined)	12-18 months post-certification
SaaS Operations	Level 4 (Managed)	18-24 months (to achieve mature, measured SaaS operations)

2.3 External Context

2.3.1 PESTLE Analysis Summary

A comprehensive PESTLE analysis is conducted annually (see SW-IMS-PRO-011). Key factors:

Political:

Stable political environment in Sweden and Nordic region
Public procurement regulations driving ISO certification requirements
Government digitalization initiatives creating opportunities
EU regulations influencing Swedish law (GDPR, environmental directives)

Economic:

Strong Nordic economy supporting IT investment
Potential economic downturn risk reducing discretionary spending
Recurring revenue (SaaS, support) providing revenue stability
Currency fluctuations affecting cross-border business

Social:

Remote work normalization expanding talent pool
Work-life balance expectations aligning with "Make Time For The Good"
Increasing sustainability awareness among customers and employees
Digital literacy rising, driving demand for automation

Technological:

Rapid shift from on-premises to cloud and SaaS
AI and automation presenting opportunities and competitive threats
Cybersecurity threats increasing (ransomware, phishing, supply chain attacks)
Continuous technology evolution requiring ongoing learning
API economy and integration capabilities critical

Legal:

GDPR (General Data Protection Regulation): Mandatory compliance for personal data processing
Swedish Data Protection Act: Supplements GDPR with national provisions
Public Procurement Act: Requirements for quality, environmental, security in public tenders
Work Environment Act: Health and safety obligations
Environmental Code: Limited applicability (office-based operations)
Contractual obligations to customers (SLAs, data residency, security requirements)

Environmental:

Climate change driving carbon reduction expectations
Customers increasingly requiring suppliers to demonstrate environmental responsibility
Limited direct environmental impact (office-based, no manufacturing)
Indirect impacts: business travel, energy consumption, e-waste
Opportunity to help customers reduce environmental impact through digitalization

2.3.2 Market and Competitive Landscape

Market Trends:

Public sector digital transformation accelerating
High-volume communication needs (government notices, utility bills, financial statements) driving SaaS demand
Compliance and security requirements favoring certified suppliers
Sustainability as procurement criterion
Move toward managed services and outsourcing

Competitors:

Competitor Type	Examples	Competitive Position
Large Global Firms	Accenture, Deloitte, Capgemina, CGI	Stronger brand, broader resources; less specialized, higher cost
Boutique Nordic Consultancies	[Competitors in region]	Similar size, local focus; differentiation through certifications and SaaS offering
In-house IT Teams	Customer internal teams	Direct knowledge, lower cost; limited capacity and expertise
Offshore Providers	[India, Eastern Europe]	Lower cost; time zone, language, quality concerns

Swedwise Competitive Advantages:

Deep expertise in OpenText and Salesforce
Nordic presence and language capabilities
Customer-centric approach and long relationships
ISO certifications (in progress) demonstrating quality, security, environmental commitment
SaaS offering for high-volume communications (Swedwise Communications)
"Make Time For The Good" value proposition

Competitive Threats:

Larger firms' resources and brand recognition
Price competition from offshore and in-house teams
Customer insourcing of capabilities
New entrants with innovative SaaS offerings

2.3.3 Regulatory Environment

Key Regulations Affecting Swedwise:

Regulation	Impact	Compliance Approach
GDPR	High - All customer data processing	ISMS controls, Data Protection Policy, DPO, privacy by design
Public Procurement Act	High - Required for public sector tenders	ISO certifications, quality and environmental documentation
Work Environment Act	Medium - Employee health and safety	HR policies, work environment risk assessment
Environmental Code	Low - Limited direct applicability	Voluntary environmental management (ISO 14001)
Tax and Corporate Law	Medium - Corporate compliance	Finance and legal compliance processes

Industry Standards:

ISO 9001 (Quality): Required for public procurement, customer expectation
ISO 14001 (Environmental): Increasingly required or preferred in procurement
ISO 27001 (Information Security): Critical for SaaS, customer expectation, procurement requirement

2.3.4 Technology Landscape

Cloud Platforms:

AWS, Azure, Google Cloud: Hyperscaler partners for infrastructure
Kubernetes: Container orchestration for SaaS platform
Entiros (Sweden): Data center partner ensuring Swedish data residency

Software Vendors:

OpenText: Primary technology platform; strategic partnership
Salesforce: CRM and platform; strategic partnership
Other platforms: Microsoft, SAP, Adobe, etc.

Cybersecurity Threats:

Ransomware and malware targeting businesses
Phishing and social engineering attacks
Supply chain and third-party risks
Insider threats (unintentional and malicious)
Cloud misconfigurations and vulnerabilities
Data breaches and privacy violations

Technology Evolution:

AI and machine learning for automation and personalization
Low-code/no-code platforms
API-first architectures
Microservices and containerization
DevSecOps and continuous deployment

2.4 Context Analysis Process

Frequency:

Comprehensive analysis: Annually (Q4, before strategic planning)
Quarterly updates: Part of management review
Triggered reviews: Significant changes (merger, major market shift, new regulation)

Method:

Facilitated workshop with Management Team, IMS Owner, department heads
SWOT analysis (Strengths, Weaknesses, Opportunities, Threats)
PESTLE analysis (Political, Economic, Social, Technological, Legal, Environmental)
Competitive analysis
Regulatory scan

Documentation:

Context Analysis Report (annual)
Summary in Management Review minutes (quarterly)
Stored in IMS Repository

Approval: Management Team

Process Reference: SW-IMS-PRO-011 - Context and Interested Parties Procedure

3. Understanding Needs and Expectations of Interested Parties (Clause 4.2)

3.1 Interested Parties Identification

Swedwise systematically identifies interested parties (stakeholders) who can affect or be affected by our decisions and activities. These interested parties have requirements and expectations relevant to the IMS.

Categories of Interested Parties:

3.1.1 Customers

Current Customers:

Public sector organizations (government agencies, municipalities, healthcare)
Private sector enterprises (financial services, utilities, manufacturing)
End users of customer solutions

Prospective Customers:

Organizations considering Swedwise services
Participants in procurement processes

Customer Requirements:

High-quality service delivery (on-time, on-budget, meeting specifications)
Expertise and responsiveness
Data security and privacy (GDPR compliance, confidentiality)
Service availability (≥99.9% for SaaS)
ISO certifications (quality, environmental, security)
Environmental responsibility
Clear communication and transparency

3.1.2 Employees

Employee Groups:

Full-time staff (~35 employees)
Consultants (on-site at customers, remote, office-based)
Management Team
New hires

Employee Requirements and Expectations:

Fair compensation and benefits
Career development and training opportunities
Work-life balance ("Make Time For The Good")
Safe and healthy work environment (physical and psychosocial)
Meaningful work and autonomy
Clear roles and expectations
Supportive culture and team environment
Job security and business stability

3.1.3 Suppliers and Partners

Key Suppliers:

OpenText: Software vendor, strategic partner
Salesforce: Platform vendor, strategic partner
Cloud Providers: AWS, Azure, Google Cloud (infrastructure)
Entiros AB: Data center partner (SaaS hosting, Swedish data residency)
Subcontractors and Freelancers: Supplemental consulting capacity

Supplier/Partner Requirements:

Timely payment and fair contracts
Clear communication and partnership approach
Compliance with vendor agreements
Mutual business growth
Professional conduct

Swedwise's Requirements of Suppliers:

Quality products and services
Reliability and availability
Security and compliance (especially for cloud and data center)
Competitive pricing
Responsive support

3.1.4 Regulators and Authorities

Regulatory Bodies:

Integritetsskyddsmyndigheten (IMY): Swedish Data Protection Authority
Arbetsmiljöverket: Swedish Work Environment Authority
Skatteverket: Swedish Tax Agency
Certification Bodies: ISO auditors (quality, environmental, security)

Regulatory Requirements:

GDPR and data protection compliance
Work environment health and safety compliance
Tax and financial reporting compliance
ISO standard conformance

3.1.5 Owners and Investors

Ownership:

[TBD - Shareholders, ownership structure]

Owner/Investor Requirements:

Profitable and sustainable business growth
Risk management and governance
Compliance with legal and contractual obligations
Return on investment
Strategic direction aligned with market opportunities

3.1.6 Community and Society

Local Communities:

Karlstad, Stockholm, Uddevalla communities

Society Expectations:

Employment opportunities and fair labor practices
Local economic contribution
Environmental responsibility
Ethical business conduct
Corporate social responsibility

3.1.7 Environment

Environmental Considerations:

Climate change mitigation (carbon footprint reduction)
Responsible resource use (energy, materials)
Waste reduction and recycling
Future generations (sustainability legacy)

3.2 Interested Parties Register

Swedwise maintains an Interested Parties Register documenting:

Interested party identification
Requirements and expectations
Relevance to IMS (QMS, EMS, ISMS)
Engagement approach
Monitoring method

Register Reference: SW-IMS-REG-006 - Interested Parties Register

Prioritization: Power-Interest Matrix

Manage Closely (High Power, High Interest): Customers, employees, management, regulators
Keep Satisfied (High Power, Low Interest): Key suppliers, owners
Keep Informed (Low Power, High Interest): Professional associations, community groups
Monitor (Low Power, Low Interest): General public, peripheral stakeholders

3.3 Requirements Relevant to IMS

Summary of IMS-Relevant Requirements:

Interested Party	Key Requirements	IMS Relevance
Customers	- Quality service delivery - 99.9% SaaS uptime - GDPR compliance - ISO certifications - Environmental responsibility	QMS, ISMS, EMS
Employees	- Career development - Safe work environment - Work-life balance - Clear processes	QMS, ISMS (HR security)
Regulators	- GDPR compliance - ISO conformance - Work environment safety	ISMS, QMS, EMS
Owners	- Business growth - Risk management - Compliance	All
Suppliers (Cloud, Data Center)	- Security, availability, compliance	ISMS, QMS
Environment	- Carbon reduction - Responsible resource use	EMS

How Requirements are Addressed:

Incorporated into IMS policies, procedures, and controls
Translated into objectives and targets
Monitored through KPIs and metrics
Reviewed in management reviews
Included in risk assessments

3.4 Monitoring Changes

Interested parties and their requirements evolve. Swedwise monitors through:

Ongoing Monitoring:

Customer feedback: Surveys, Quarterly Business Reviews (QBRs), support tickets
Employee feedback: Annual engagement surveys, 1-on-1s, team meetings
Regulatory updates: Legal monitoring, industry newsletters, certification body updates
Supplier reviews: Quarterly or annual reviews, SLA monitoring
Market intelligence: Industry reports, conferences, competitive analysis

Frequency: Quarterly review in management reviews; annual comprehensive update

Process: SW-IMS-PRO-011 - Context and Interested Parties Procedure

4. Determining the Scope of the IMS (Clause 4.3)

4.1 IMS Scope Statement

Based on the understanding of organizational context and interested party requirements, Swedwise has determined the scope of the Integrated Management System.

The IMS Scope:

4.1.1 Activities Covered

Software license sales and account management
Consulting and implementation services (OpenText, Salesforce, other platforms)
SaaS service delivery (Swedwise Communications: OpenText Exstream + Notifications)
Customer support and success (onboarding, technical support, account management)
Internal operations and management (finance, HR, IT, PMO, Resource Management)

4.1.2 Locations Covered

Karlstad (Head Office): [Address]
Stockholm Office: [Address]
Uddevalla Office: [Address]
Remote Work Locations: Employee homes and temporary remote work sites
Customer Sites: Where Swedwise consultants deliver services
Data Center: Entiros facility, Sweden (for SaaS platform hosting)

4.1.3 Organizational Units Covered

All departments and functions within Swedwise AB
- Customer Acquisition
- Customer Development
- Customer Success
- Resource Management
- Discipline Forums
- PMO
- Support Functions (Finance, HR, IT, Administration)
- Management Team

4.1.4 Products and Services Covered

Software licensing (all vendors and platforms)
Consulting and implementation services (all customer engagements)
SaaS services (Swedwise Communications)
Support and maintenance services (all support contracts)

4.1.5 Management System Standards Covered

ISO 9001:2015 - Quality Management System
ISO 14001:2015 - Environmental Management System
ISO 27001:2022 - Information Security Management System

4.2 Boundaries and Applicability

Included:

All Swedwise employees (full-time, contractors, temporary)
All business activities and processes
All information systems and data (corporate and customer-facing)
All physical locations controlled by Swedwise
SaaS infrastructure (hosted at Entiros data center)

Excluded:

None. No exclusions are claimed from ISO requirements.

Rationale for Scope:

Comprehensive coverage ensures consistent quality, environmental management, and security across all Swedwise activities
Scope aligns with customer expectations (ISO certifications for all services)
Scope supports public procurement requirements
Scope reflects operational reality (small company, integrated operations)

4.3 Exclusions and Justifications

Current Status: No exclusions claimed.

If exclusions are identified in future:

Must be justified based on organizational context (e.g., activity not applicable to office-based service company)
Cannot affect ability to deliver conforming products/services
Cannot absolve Swedwise from meeting customer, legal, or regulatory requirements
Must be approved by Management Team and documented here
Must be acceptable to certification body

Potential Future Considerations (none currently apply):

ISO 9001 Clause 8.3 (Design and Development of Products): Could be excluded if Swedwise offers only implementation of vendor products without custom development. Current Status: Not excluded; SaaS platform involves design and configuration.

4.4 Scope Review

The IMS scope is reviewed:

Annually: During context analysis (Q4)
When significant changes occur: New services, new locations, organizational restructuring, mergers/acquisitions
During management review: Quarterly assessment of scope appropriateness
Before certification/surveillance audits: Verification of scope accuracy

Approval: Management Team
Documentation: This section of IMS Manual (updated as needed)
Communication: Scope communicated to all staff and made available to certification body and interested parties

5. IMS and its Processes (Clause 4.4)

5.1 Process Approach

Swedwise manages the IMS as a network of interconnected processes. Each process has:

Inputs: Resources, information, or materials entering the process
Activities: Work performed to transform inputs
Outputs: Results delivered by the process
Controls: Policies, procedures, metrics governing the process
Ownership: Designated process owner accountable for performance
Interactions: Links to other processes (upstream inputs, downstream outputs)

5.2 IMS Process Model

The IMS processes are organized into categories:

5.2.1 Management Processes

Processes that provide direction, governance, and oversight:

Process	Owner	Description	Reference
Strategic Planning	CEO	Define vision, strategy, objectives	Management review
Management Review	CEO	Review IMS performance, make decisions	SW-IMS-PRO-004
Risk Management	CISO, Quality Lead, Environmental Lead	Identify, assess, treat risks	SW-IMS-PRO-002
Context and Stakeholder Analysis	IMS Owner	Understand context, interested parties	SW-IMS-PRO-011
Communication	Management Team	Internal and external communication	SW-IMS-PRO-XXX

5.2.2 Operational Processes

Core processes that deliver value to customers:

Process	Owner	Description	Reference
Sales and Business Development	Customer Acquisition Lead	Identify opportunities, win customers	[TBD]
Account Management	Customer Development Lead	Grow existing customer relationships	[TBD]
Project Delivery	Customer Success Lead	Implement customer solutions	[TBD]
SaaS Service Delivery	Service Delivery Manager	Operate Swedwise Communications platform	SW-IMS-PRO-XXX
Support and Incident Management	Customer Success Lead	Provide technical support, resolve incidents	SW-IMS-PRO-XXX
Customer Onboarding	Customer Success Lead	Onboard new customers to SaaS platform	[TBD]

5.2.3 Support Processes

Processes that enable operational effectiveness:

Process	Owner	Description	Reference
Document Control	IMS Owner	Manage IMS documentation	SW-IMS-PRO-001
Competence and Training	Resource Management Lead	Ensure staff competence, provide training	SW-IMS-PRO-XXX
Resource Allocation	Resource Management Lead	Assign staff to projects and activities	[TBD]
Procurement and Supplier Management	[TBD]	Select, manage suppliers	SW-IMS-PRO-XXX
IT Infrastructure Management	IT Manager	Manage corporate IT systems	[TBD]
HR Management	HR Lead	Recruit, onboard, manage employees	SW-ISMS-POL-006 (HR Security)

5.2.4 Monitoring and Improvement Processes

Processes that measure performance and drive improvement:

Process	Owner	Description	Reference
Monitoring and Measurement	Quality Lead, CISO, Environmental Lead	Track KPIs, collect performance data	SW-IMS-PRO-006
Internal Audit	IMS Owner	Verify IMS conformance and effectiveness	SW-IMS-PRO-003
Nonconformity and Corrective Action	IMS Owner	Address nonconformities, prevent recurrence	SW-IMS-PRO-005
Continual Improvement	IMS Owner	Identify and implement improvements	SW-IMS-PRO-XXX
Customer Feedback	Quality Lead	Gather, analyze customer satisfaction	SW-IMS-PRO-XXX

5.3 Process Interactions

Processes are interdependent. Key interactions:

Example: Customer Project Delivery Process

Interaction Point	Upstream Process	Downstream Process
Input	Sales: Customer requirements, contract	Project Delivery: Implementation plan
Resource	Resource Management: Consultants assigned	Project Delivery: Staff working on project
Control	Risk Management: Project risks assessed	Project Delivery: Risk mitigation in plan
Support	Document Control: Templates, procedures	Project Delivery: Use of procedures
Output	Project Delivery: Completed solution	Customer Support: Ongoing support begins
Measurement	Monitoring: Project KPIs tracked	Improvement: Lessons learned captured

Process Interaction Map: Visual representation of process interactions maintained in IMS Repository.

5.4 Process Ownership and Accountability

Each critical process has a designated Process Owner who:

Ensures the process is documented and understood
Monitors process performance against objectives
Identifies and implements improvements
Ensures resources are available
Reports performance to management

Process Ownership Matrix: Maintained in IMS Repository, reviewed annually.

5.5 Process Performance

Processes are measured using relevant KPIs. Performance is:

Monitored regularly (monthly, quarterly, or real-time depending on process)
Reported in management reviews
Analyzed for trends and improvement opportunities
Compared to objectives and targets

Process Performance Dashboard: Maintained by Quality Lead, reviewed in management reviews.

5.6 Documented Information for Processes

Each critical process is supported by documented information:

Documentation Level	Examples
Policies	High-level direction (e.g., Quality Policy, Information Security Policy)
Procedures	Step-by-step "what" and "who" (e.g., SW-IMS-PRO-003 Internal Audit Procedure)
Work Instructions	Detailed "how" (e.g., checklists, templates)
Records	Evidence of execution (e.g., audit reports, training records)

Documentation is controlled according to SW-IMS-PRO-001 - Document Control Procedure.

6. Integration Across Management Systems

6.1 Unified Approach

Swedwise's IMS integrates quality, environmental, and information security management systems into a single coherent framework:

Common Elements:

Single context and stakeholder analysis (this document)
Integrated risk management (SW-IMS-PRO-002)
Unified document control (SW-IMS-PRO-001)
Combined internal audit program (SW-IMS-PRO-003)
Integrated management review (SW-IMS-PRO-004)
Shared corrective action process (SW-IMS-PRO-005)

Discipline-Specific Elements:

Quality (QMS): Customer satisfaction, project delivery, SaaS performance
Environmental (EMS): Environmental aspects (travel, energy, waste), objectives
Information Security (ISMS): Risk assessment, controls, incident management

6.2 Alignment with Business Strategy

The IMS is not a separate "compliance system" but is integrated with business strategy:

IMS objectives align with strategic business objectives
IMS processes are the business processes (not parallel bureaucracy)
IMS supports business goals (customer satisfaction, growth, risk management)
IMS enables market access (public procurement, customer requirements)

7. Document Control

7.1 Document Information

Attribute	Value
Document ID	SW-IMS-MAN-004
Title	IMS Manual - Context of the Organization (Clause 4)
Owner	CEO
Approver	CEO
Classification	Internal
Review Frequency	Annual

7.2 Version History

Version	Date	Author	Changes	Approved By
1.0	[TBD]	[IMS Owner name]	Initial creation for ISO certification	[CEO name]

7.3 Approval

Next Review Date: [TBD - typically 12 months from effective date]

Role	Name	Signature	Date
CEO	[TBD]
IMS Owner	[TBD]

IMS Manual Sections:

SW-IMS-MAN-001: Introduction and Overview
SW-IMS-MAN-005: Leadership (Clause 5)
SW-IMS-MAN-006: Planning (Clause 6)

Policies:

SW-IMS-POL-001: Integrated Management System Policy
SW-QMS-POL-001: Quality Policy
SW-EMS-POL-001: Environmental Policy
SW-ISMS-POL-001: Information Security Policy

Procedures:

SW-IMS-PRO-011: Context and Interested Parties Procedure
SW-IMS-PRO-002: Risk Assessment Procedure
SW-IMS-PRO-001: Document Control Procedure
SW-IMS-PRO-004: Management Review Procedure

Registers:

SW-IMS-REG-006: Interested Parties Register
SW-IMS-REG-001: Risk Register

Supporting Documents:

Context Analysis Report (annual)
IMS Scope Statement (this document, Section 4)
Process Interaction Map
Process Ownership Matrix

This document is approved by Swedwise AB management and is effective from the date specified above.