5.2 Policies

ISO Navigator Pro

ISO Navigator Pro™ is a free tool that provides practical, expert guidance for businesses wishing to interpret the fundamentals of ISO 9000:2015 to help understand, and better implement, the requirements of ISO 9001:2015, ISO 14001:2015 and OHSAS 18001:2007. The ISO Navigator Pro™ database divides the requirements into four sequential stages; Plan, Do, Check and Act.

If you're looking for integrated ISO 9001:2015 and ISO 14001:2015 EQMS documentation, please click here.

Plan

Step 2Plan: Leadership. Assign roles responsibilities and authorities, define and communicate your policies. Provide positive commitment and direction. Top management must be commited to the Environmental, Health & Safety or Quality Management System (EHQMS) to demonstrate that they have a presence in your organization by providing direction, leading by example and making decisions using data generated by the Management System.

Leasdership and commitment

5.2.1 Establishing the Quality Policy

ISO 9001:2015 and ISO 14001:2015 now require your organization’s policies to be appropriate to both its purpose and context. This means that once your organization has determined its context and the relevant requirements of its interested parties, Top management must review the policies in light of that information.

You should review your organization's existing policy to determine whether it is appropriate to the context of the organization and its purpose, that there is a commitment to continually improving the quality management system, and the quality objectives are consistent with the quality policy. Top management should demonstrate that the quality policy is compatible with the strategic direction and context of the organization, as required by Clause 5.1.1b.

Your organization will need to review its policies as necessary to ensure that any changes in context, interested parties or their requirements is reflected in the policies and whether your organization’s objectives are effected (6.2.1 a). The policies do not have to include objectives but should create a framework for establishing them. The policies should be stated in such a way that it aims toward continual improvement. It should be reviewed and possibly revised to meet higher aspirations.

Certification does not require that the policies include the words ‘continual improvement’; however it must be ascertained that processes of continual improvement are implied and known throughout the organization. To meet the intent of this clause, the auditor would be looking for clearly defined management system policies that are sufficiently detailed to provide a framework for the subsequent objectives that can be monitored for continual improvement.

An auditor would not want to see a vague policy. The policies should real and the objectives consistent with the policies; meaning that, the policies are implemented and the objectives cascaded throughout all levels of the management system.

The auditor’s intent is not just conformance to the requirements but also to assist an organization in meeting their business objectives, better customer satisfaction and eventually more market share, which, in time, brings more profits for the organization. When interviewing Top management, their input into, and commitment to, the management system policies should to be determined. For multi-site/corporate certifications, the policies must be applicable for all sites and be fully integrated with the objectives.

5.2.2 Communicating the Quality Policy

ISO 9001:2015 and ISO 14001:2015 require that the policies are maintained as documented information, refer to Clause 7.5.1a. You should check whether the policies have been communicated and understood throughout your organization. The policies must also be available to any relevant interested parties.

If the personnel interviewed do not know what their measurable objectives are and/or do not know what the organizational objectives are that they have a direct effect upon, the auditor would be further directed to evaluate top management’s communication of the policies and objectives.

Inferred awareness through knowledge of procedures is not considered sufficient; otherwise why have the requirement in the first place? A quick and convenient way to promote and communicate the policy might be to create a shortened version of main policy; try condensing it to five key words or even a couple of short sentences. This can be posted on bulletin boards in each department.

You could even add it to the reverse side of staff security passes or ID badges. If an auditor asks an employee whether they are aware of the policy; they can point to the bulletin board, or point to it on their badge. The employee can further elaborate to the auditor, what the policy means to them and how it influences their work.

Demonstrating compliance

Auditors will wish to determine if the policies meet the intent and are understood, by interviewing personnel at all levels. Although the exact content of the policies does not need to be recited by interviewees, the awareness of the policies and how their job affects the company objectives should be determined. This does not require your employees to memorize the policies but it does mean they should be aware of it, know where it may be found and be able to paraphrase, or give an interpretation as it applies to them.

Management system templates

Our range of ISO 9001 quality manual templates and integrated manual templates offer an easy way to document and communicate your organization's policies and objectives.

More

5.1 Leadership & Commitment
5.3 Roles, Responsibility & Authority
 

Free internal audit checklists

Check out our free internal audit checklists. The audit checklist is just one of the many tools which are available from the auditor’s toolbox that help ensure your audits address the necessary requirements.

Client list

Over 8,000 companies and globally recognized brands have relied on our templates to provide a path to improve, collaborate, and to enhance their operations to achieve certification, please see our client list for more information.