Management system guidance

5.0 Leadership

ISO Navigator Pro™ is a free tool that provides practical, expert guidance for businesses wishing to interpret and better implement the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018.

Our range of templates cover the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018, and offer an easy way to implement your next management system.

5.2 Quality policy

|

5.2.1 Establish the quality policy

ISO 9001:2015 requires your organization’s quaity policy to be appropriate to both its purpose and context. This means that once your organization has determined its context and the relevant requirements of its interested parties, Top management must review the quality policy in light of that information.

You should review your organization's existing quality policy to determine whether it is appropriate to the context of the organization and its purpose, that there is a commitment to continually improving the quality management system, and the quality objectives are consistent with the quality policy. Top management should demonstrate that the quality policy is compatible with the strategic direction and context of the organization, as required by Clause 5.1.1b.

Your organization will need to review its policies as necessary to ensure that any changes in context, interested parties or their requirements is reflected in the quality policy and whether your organization’s objectives are effected (6.2.1 a). The policy does not have to include objectives but should create a framework for establishing them.

The policy should be stated in such a way that it aims toward continual improvement. It should be reviewed and possibly revised to meet higher aspirations. Develop and implement a policy that is consistent with the company’s codes of conduct and business practices. The policy should be signed by senior management and commit to:

  1. Preventing process loss or quality impacts;
  2. Complying with obligations and legal requirements;
  3. Promoting continual improvement;
  4. Adopting best practice;
  5. Creation of measurable and achievable targets for performance improvement;
  6. Providing resources to achieve targets;
  7. Communicating and consulting with all stakeholders regarding the QMS;
  8. Meeting customer requirements.

Certification does not require that the quality policy includes the words ‘continual improvement’; however it must be ascertained that processes of continual improvement are implied and known throughout the organization. To meet the intent of this clause, the auditor would be looking for clearly defined management system quality policy that are sufficiently detailed to provide a framework for the subsequent objectives that can be monitored for continual improvement.

The auditor’s intent is not just conformance to the requirements but also to assist an organization in meeting their business objectives, better customer satisfaction and eventually more market share, which, in time, brings more profits for the organization.

When interviewing Top management, their input into, and commitment to, the management system quality policy should to be determined. For multi-site/corporate certifications, the policies must be applicable for all sites and be fully integrated with the objectives.

5.2.2 Communicating the quality policy

ISO 9001:2015 requires that the quality policy is maintained as documented information, refer to Clause 7.5.1a. You should check whether the policies have been communicated and understood throughout your organization. The policy must also be available to any relevant interested parties.

If the personnel interviewed do not know what their measurable objectives are and/or do not know what the organizational objectives are that they have a direct effect upon, the auditor would be further directed to evaluate top management’s communication of the policies and objectives.

Inferred awareness through knowledge of procedures is not considered sufficient; otherwise why have the requirement in the first place? A quick and convenient way to promote and communicate the quality policy might be to create a shortened version of main policy; try condensing it to five key words or even a couple of short sentences. This can be posted on bulletin boards in each department.

You could even add it to the reverse side of staff security passes or ID badges. If an auditor asks an employee whether they are aware of the quality policy; they can point to the bulletin board, or point to it on their badge. The employee can further elaborate to the auditor, what the policy means to them and how it influences their work.

Auditors will wish to determine if the quality policy meets the intent and are understood, by interviewing personnel at all levels. Although the exact content of the quality policy does not need to be recited by interviewees, the awareness of the policies and how their job affects the company objectives should be determined.

This does not require your employees to memorize the quality policy but it does mean they should be aware of it, know where it may be found and be able to paraphrase, or give an interpretation as it applies to them.

|

More information on PDCA

Planning

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
4.1 Organizational Context 4.1 Organizational Context 4.1 Organizational Context
4.2 Relevant Interested Parties 4.2 Relevant Interested Parties 4.2 Relevant Interested Parties
4.3 Management System Scope 4.3 Management System Scope 4.3 Management System Scope
4.4 QMS Processes 4.4 EMS Processes 4.4 OH&S Management System
 
ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
5.1 Leadership & Commitment 5.1 Leadership & Commitment 5.1 Leadership & Commitment
5.2 Quality Policy 5.2 Environmental Policy 5.2 OH&S Policy
5.3 Roles, Responsibilities/Authorities 5.3 Roles, Responsibilities/Authorities 5.3 Roles, Responsibilities/Authorities
    5.4 Consultation & Participation
 
ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
6.1.1 Address Risks & Opportunities 6.1.1 Address Risks & Opportunities 6.1.1 Address Risks & Opportunities
6.2.1 Quality Objectives 6.1.2 Environmental Aspects 6.1.2 Hazard Identifcation
6.2.2 Planning to Achieve Objectives 6.1.3 Compliance Obligations 6.1.3 Legal & Other Requirements
6.3 Planning for Change 6.1.4 Planning Action 6.1.4 Planning Action
  6.2.1 Environmental Objectives 6.2.1 OH&S Objectives
  6.2.2 Planning to Achieve Objectives 6.2.2 Planning to Achieve Objectives
 

Doing

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
7.1.1 Resources - General
7.1 Resources 7.1 Resources
7.1.2 People 7.2 Competence 7.2 Competence
7.1.3 Infrastructure
7.3 Awareness 7.3 Awareness
7.1.4 Operational Environment 7.4.1 Communcation - General 7.4.1 Communcation - General
7.1.5 Monitoring & Measuring 7.4.2 Internal Communcation 7.4.2 Internal Communcation
7.1.6 Organizational Knowledge 7.4.3 External Communcation 7.4.3 External Communcation
7.2 Competence 7.5 Documented Information 7.5 Documented Information
7.3 Awareness    
7.4 Communcation    
7.5 Documented Information    
 
ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
8.1 Operational Planning & Control
8.1 Operational Planning & Control 8.1.1 General
8.2.1 Customer Communication 8.2 Emergency Preparedness 8.1.2 Eliminating Hazards
8.2.2 Determining Requirements
  8.1.3 Management of Change
8.2.3 Reviewing Requirements   8.1.4 Outsourcing
8.2.4 Changes in Requirements
  8.2 Emergency Preparedness
8.3.1 Design Development - General    
8.3.2 Design Development - Planning
   
8.3.3 Design Development - Inputs    
8.3.4 Design Development - Controls    
8.3.5 Design Development - Outputs    
8.3.6 Design Development - Changes    
8.4.1 External Processes - General    
8.4.2 Purchasing Controls    
8.4.3 Purchasing Information    
8.5.1 Production & Service Provision    
8.5.2 Identification & Traceability    
8.5.3 3rd Party Property    
8.5.4 Preservation    
8.5.5 Post-delivery Activities    
8.5.6 Control of Changes    
8.6 Release of Products & Services    
8.7 Nonconforming Outputs    
 

Checking

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
9.1.1 Performance Evaluation 9.1.1 Performance Evaluation 9.1.1 Performance Evaluation
9.1.2 Customer Satisfaction 9.1.2 Evaluation of Compliance 9.1.2 Evaluation of Compliance
9.1.3 Analysis & Evaluation 9.2 Internal Audit 9.2 Internal Audit
9.2 Internal Audit 9.3 Management Review 9.3 Management Review
9.3 Management Review    
 

Acting

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
10.1 Improvement - General 10.1 Improvement - General 10.1 Improvement - General
10.2 Nonconformity & Corrective Action 10.2 Nonconformity & Corrective Action 10.2 Incident, Nonconformity & Corrective Action
10.3 Continual Improvement 10.3 Continual Improvement 10.3 Continual Improvement
 

Want to know more?

SSL certification

A certificate guarantees the information your internet browser is receiving now originates from the expected domain - https://www.iso9001help.co.uk. It guarantees that when you make a purchase, sensitive data is encrypted and sent to the right place, and not to a malicious third-party.

Free PDCA guidance

ISO Navigator™ is our FREE online training tool that shows you how to apply the principles of PDCA to your operations. We also offer many helpful templates that get you on the road to documenting your management system, please visit the download page.