You are on page 1of 12

5.

2 Quality policy (ISO 9001:2015)


The quality policy is the only true definition of quality that counts in your organisation. Provided
that you take into account the few important items the standard asks for, you can define and
measure quality any way you choose.

 Make sure the policy builds on current corporate objectives and values
 It must be fully integrated with those concepts
Part of the reason why you need a well written quality policy is to make your employees
understand that their job affects product quality, and therefore the success of the company.
Employees must be made aware that their individual contribution is important to the company’s
overall success

Quality policy sample 1


Company XYZ provides quality management, co-ordination, manufacture and installation services
throughout the UK and sometimes abroad. The Company has developed its expertise since its
establishment and its aim is to achieve a high standard of construction and service to its
customers.

It is the policy of Company XYZ to provide the customer with goods and services to the agreed
requirement in accordance with the details and price.

The Directors, Management and Staff are responsible for Quality Control through the Quality
Management System seeking improvement by constant review, with suppliers and sub-contractors
being encouraged to co-operate. The Company is committed to achieving customer satisfaction by
the use of quality procedures which will be operated to meet or exceed the requirements of ISO
9001.

5.2.1 Establishing the Quality Policy


This requirement is comparable to the requirements of ISO 9001:2008 Clause 5.3 – Quality Policy.
You should check that there is evidence that Top management have participated in the creation of
the quality policy, and are reviewing and maintaining it.

You should review the quality policy to determine whether the quality policy is appropriate to the
context of the organization and its purpose, that there is a commitment to continually improving
the QMS, and the quality objectives are consistent with the quality policy. Top management should
demonstrate that the quality policy is compatible with the strategic direction and context of the
organization, as required by Clause 5.1.1b.

Top management must ensure that the quality policy:

 Is appropriate to the organisation


 Includes a commitment to requirements and continual improvement
 Provides a basis for establishing and quality objectives
 Is communicated and understood within the organisation
 Is periodically reviewed for suitability
Go for something short, sweet and memorable.

If the quality policy is simply written to satisfy the requirements of ISO 9001:2015 then it might
be worthless. You should keep it simple and keep it relevant to your organisation. Make it
meaningful to the people in your organisation.

The quality policy should act as a driver for continual improvement. You will be required to ensure
that you continually improve the degree to which the organisation’s products and services meet
customer requirements and to measure effectiveness of the processes responsible. To this end the
continual improvement principle implies that you should adopt the attitude that improvement is
always possible and that organisations should develop the skills and tools necessary to drive
improvement.
Quality policy sample 2
Our Quality Policy is defined and strongly driven by the following management principles and
behaviors:
• Build a mutually profitable relationship with our customers, ensuring their long-term success,
through the understanding of their needs and the needs of their customers as well
• Achieve our commitments for quality, cost, and schedule
• Enhance the systematic research and use of best preventive practices at all levels and ensure
reliable risk management
• Drive continual improvement and innovation based upon efficient business processes, well-
defined measurements, best practices, and customer surveys
• Develop staff competencies, creativity, empowerment and accountability
through appropriate development programs and show strong management involvement and
commitment

Company XYZ strives to be the best provider of inspection services in the industry. Through the
use of these guiding principles, everyone in Company XYZ is accountable for fully satisfying our
customers by meeting or exceeding their needs and expectations with best-in- class solutions and
services. Our goal is 100% customer satisfaction 100% of the time.

5.2.2 Communicating the Quality Policy


This is a new requirement. ISO 9001:2015 requires the policy to be maintained as documented
information, refer to Clause 7.5.1a. You should check whether the quality policy has been applied
throughout the organization and that the quality policy is available to any relevant interested
parties.

Remember, Auditors will wish to test staff's understanding; so internal communication is vital.

Quality policy sample 3


The company believes that its market expects a continually improving service. We aim to
continually improve the service we provide to meet our clients requirements and to produce
finished work that we can justifiably be proud of.

The company aims to achieve the above by implementing a management system that complies
with the international standard of good practice BS EN ISO 9001. It also includes a commitment to
meet the requirements of our clients, as well as legal and regulatory requirements. Also to
continual development of the system and helping to ensure it remains effective.

Only by providing an outstanding service and product quality will we achieve our aims of long term
success and sustained improvements.

All personnel within the company are responsible for the quality of their work. The company
provides training and has established systems to assist all personnel to achieve the standards
required. While we endeavour to produce work and offer a service that we can be proud of, we
have to recognise that we don’t always achieve our own standards. When a customer complains,
we are committed to investigating the complaint and will do our best to put right all justified
complaints.

The policy, organisation and procedures necessary to achieve the required standards are described
in our Quality Management System.

The Quality Manager is responsible for monitoring the quality system and reports regularly to the
Managing Director on the system's implementation, status and effectiveness.

The objectives of this company are set out in the Business Plan. Objectives for individual jobs are
to carry out he works to the satisfaction of the client and in accordance with the contract as agreed
with the client.

Next?
Learn about quality objectives and how they effect the quality policy.

Quality Policy & Quality Objectives Template

Control of records is a mandatory procedure. The control of records procedure is required to


specify :

 Which records are kept


 By whom
 For how long
 and how they are disposed of
21 records required by ISO 9001:2008
The following clauses of ISO 9001 contain the instruction "...see 4.2.4" which means that you
must retain these 21 records:

5.6.1 Management review minutes


6.2.2 Records of education, training, skills and experience
7.1 Evidence that the realization processes and product fulfil requirements
7.2.2 Records of sales activities

7.3.2 Design and development inputs


7.3.4 Design and development reviews and any related actions
7.3.5 Design and development verification and any related actions
7.3.6 Design and development validation and any related actions
7.3.7 Design and development changes and any related actions

7.4.1 Results of supplier evaluations and any actions arising


7.5.2 Records to demonstrate the validation of special processes
7.5.3 Where traceability is required, the unique identification of the product is recorded
7.5.4 Customer property that is lost, damaged or otherwise found to be unsuitable
7.6 Basis used for calibration of measuring equipment where no international or national standards
exist
7.6 Validity of the previous measuring results when measuring equipment is found to be out of
calibration
7.6 Results of calibration and verification of measuring equipment

8.2.2 Internal audit results and follow-up actions


8.2.4 Indication of the person(s) authorizing release of product.
8.3 Records of the product nonconformities and any subsequent actions
8.5.2 Results of corrective action
8.5.3 Results of preventive action

4.2.4 Control of Records


Clause 4.2.4 demands that an organisation must implement a documented procedure to define the
controls needed for the identification, storage, protection, retrieval, retention and disposition of
records and that these records must remain legible and identifiable throughout their retention
period.

This is because records are an important organisational asset; they provide the primary route for
evidence based verification and traceability, and are able to demonstrate compliance with
customer requirements. Records also prove the efficacy of the quality management system.

Records Required By ISO 9001

Implementing a compliant document management system could mean keeping certain records that
your organisation might not be already keeping. Some of these records may seem a little
confusing until you become more familiar with the quality standard.
Of course, you might decide to keep more records than those listed below, if you feel your
organisation needs them, but as we always preach; keep your system simple. The fewer
documents and records you keep, the fewer things that will be audited, and the more time you will
have to actually run your business.

Keep in mind that you are free to combine some of these records where it makes sense, for
example, you could combine the corrective action request and preventive action request records
with a simple checkbox to note which one it is. You could also combine both corrective action and
preventive action requests onto one form, again with a check box to designate if it is a corrective
or preventive action request.

Please note this is a list of the records you will be required to keep. This does not deal with the
mandatory documents, comprising of the quality manual, policy and procedures.

Why perform Internal Audits?


The purpose of an internal audit is to assess the effectiveness of your organization’s quality
management system and your organization's overall performance.

Your internal audits demonstrate compliance with your ‘planned arrangements’, e.g. the QMS and
how its processes are implemented and maintained.

Your organization will likely conduct internal audits for one or more of the following reasons:
1. Ensuring compliance to the requirements of internal, international and industry standards &
regulations, and customer requirements
2. To determine the effectiveness of the implemented system in meeting specified objectives
(quality, environmental, financial)
3. To explore opportunities for improvement
4. To meet statutory and regulatory requirements
5. To provide feedback to Top management

Principles of Internal Auditing


Auditing relies on a number of principles whose intent is to make the audit become an effective
and reliable tool that supports your company’s management policies and policies whilst providing
suitable objective information that your company can act upon to continually improve its
performance.

Adherence to the following principles are considered to be a prerequisite for ensuring that the
conclusions derived from the audit are accurate, objective and sufficient. It also allows auditors
working independently from one another to reach similar conclusions when auditing in similar
circumstances.

The following principles relate to auditors.


1. Ethical conduct: Trust, integrity, confidentiality and discretion are essential to auditing
2. Fair presentation: Audit findings, conclusions and reports reflect truthfully and accurately
the audit activities
3. Professional care: Auditors must exercise care in accordance with the importance of the
task they perform;
4. Independence: Auditors must be independent of the activity being audited and be objective
5. Evidence-based approach: Evidence must be verifiable and be based on samples of the
information available.

Selection of Auditors

Competence level may be measured by training, participation in previous audits and experience in
conducting audits. Auditors may be external or internal personnel; however, they should be in a
position to be impartial and objective.
When internal personnel are selected to perform an audit, a mechanism needs to be established to
ensure objectivity, for instance, a representative from another department may be selected to do
the audit.
Audits are demanding and require various forms of expertise. The size of the audit team will vary
pending the size of the organization, size and type of operations and the scope of the audit.

Preparing for the Audit

Before the audit, prepare thoroughly! Spending time in preparation will make you much more
effective during the audit - you will become a better auditor. Auditors should not skip this step as
it provides much needed value to the audit. Taking the time to prepare and organize actually saves
time during the audit.

You should have an up-to-date audit schedule and a well defined audit plan for each process. Be
sure to communicate the audit schedule to all parties involved as well as to top management as
this will help reinforce your mandate.

Gather together all the relevant documented information that relates to the process you will be
auditing. Look at process metrics, work instructions, turtle diagrams, process maps and flowcharts,
etc. If applicable, collect and review any control plans and failure mode effects analysis work
sheets too. Review these thoroughly and highlight the aspects that you plan to audit. Using the
documented information in this way ensures they become audit records.

Your organization’s documented information may not cover all of the requirements that may be
relevant to the process. If certain information is not available, it may become your first audit
finding, not bad for the pre-audit review!

Certain information and linkages should be audited. Some are required and some are simply good
audit practice. Putting these sections into a worksheet format gives auditors a guide to follow, to
ensure the relevant links are audited.

The Human Aspect of Auditing

Good auditors realise very early on that they are dealing with personalities as much as processes
and systems. Whilst the intent of the audit a serious one, often light humour, politeness and
diplomacy are the best ways to build rapport. It is vital every effort is made to reassure those
being audited that the audit’s primary function is to drive improvement, not to name and shame.

If you are new to auditing, acknowledge this fact, be open and honest. It is also important to
explain to the auditees that they are free to express their views during the audit. Remember that
you, the auditor, are also there to learn.

Always discuss the issues you have identified with the auditees and always provide guidance on
what is expected in terms rectifying any non-conformances or closing out observations you raised.
Let the auditees know they are welcome to read your notes and findings; the audit is not a secret.

Try not to be drawn into arguments concerning your observations. It is never appropriate to
directly name people in the audit report as this may lead to defensiveness which is ultimately
counter productive.

Definition of Internal Auditing


"Internal auditing is an independent, objective assurance and consulting activity designed to add
value and improve an organization’s operations. It helps an organization accomplish its objectives
by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk
management, control and governance processes."
Source: International Professional Practices Framework (IPPF), The Institute of Internal Auditors
Research Foundation. Florida, USA, January 2011

Types of Internal Audit


Internal audits are commonly referred to as ‘first-party audits’ and are conducted by an
organization to determine compliance to a set of requirements which might arise from standards
like ISO 9001:2015, as well as customer or regulatory requirements.

There are four common methods of internal auditing that may be used to determine compliance:
1. System Audits
2. Process Audits
3. Product Audits
System Audits

The system audits are best undertaken using the internal audit checklist. This type of audit focuses
on the organization’s quality management system as a whole, and compares the planning activities
and broad system requirements to ensure that each clause or requirement has been implemented.

Process Audits

The process audit is an in-depth analysis which verifies that the processes comprising the
management system are performing and producing in accordance with desired outcomes. The
process audit also identifies any opportunities for improvement and possible corrective actions.
Process audits are used to concentrate on any special, vulnerable, new or high-risk processes.

Product Audits

The product audit may be a series of audits, at appropriate stages of design, production and
delivery to verify conformity to any specified product requirements, such as dimensions,
functionality, packaging and labelling, at a defined frequency.

Step 1. Perform an Internal Audit Checklist


The internal audit checklist will help you to determine the extent to which your organization’s
quality management system conforms to the requirements by determining whether those
requirements have been effectively implemented and maintained. The templates will help you to
assess the status of your existing management system and identify process weakness to allow a
targeted approach to prioritizing corrective action to drive improvement.

The internal audit checklist is just one of the many tools which are available from the auditor’s
toolbox that helps to ensure each internal audit addresses the necessary requirements. It stands
as a reference point before, during and after the audit process and if developed for a specific audit
and used correctly will provide the following benefits:

1. Checklists can be used as a reference for planning future audits


2. Checklists can be provided to the auditee prior to the audit
3. Checklists can provide a means of communication
4. A completed checklist provides evidence the audit was performed
5. Ensures the audit is conducted systematically and consistently
6. Ensures a consistent audit approach
7. Actively supports the organization’s audit process
8. Provides a repository for notes collected during the audit process
9. Ensures uniformity in the performance of different auditors
10. . Provides reference to objective evidence
11. . Audit checklists provide assistance to the audit process
The internal audit checklist comprises tables of the certifiable (‘shall’) requirements, from Section
4.0 to Section 10.0 of ISO 9001:2015, each requirement is phrased as a question. This audit
checklist may be used for element compliance audits and for process audits. If you wish to create
separate process audit checklists, select the clauses from the tables below that are relevant to the
process and copy and paste the audit questions into a new audit checklist. We suggest that you
retain this audit checklist as your ‘master copy’.

Step 2 - the Gap Analysis


The gap analysis will likely be your first ISO 9001:2015 audit. The gap analysis checklist highlights
the new requirements contained in ISO 9001:2015 but it not intended to cover all of the
requirements from ISO 9001:2015 comprehensively.

The unique knowledge obtained about the status your existing quality management system will be
a key driver of the subsequent implementation approach. Armed with this knowledge, it allows you
to establish accurate budgets, timelines and expectations which are proportional to the state of
your current management system when directly compared to the requirements of the standards.

Your organization may already have in place an ISO 9001:2008 compliant quality management
system or you might be running an uncertified system. If this is the case, you will want to
determine how closely your system conforms to the requirements ISO 9001:2015.

The results of a gap analysis exercise will help to determine the differences, or gaps, between your
existing management system and the new requirements. Not only will the analysis template help
you to identify the gaps, it will also allow you to recommend how those gaps should be filled.

The gap analysis output also provides a valuable baseline for the implementation process as a
whole and for measuring progress. Try to understand each business process in the context of each
of the requirements by comparing different activities and processes with what the standard
requires. At the end of this activity you will have a list of activities and processes that comply and
ones that do not comply. The latter list now becomes the target of your implementation plan.

Lastly - Prepare the Report


A good summary report is the output which is the value of the audit. It deserves an appropriate
amount of attention and effort. As you moved through the audit, you should have noted the issues
and improvements you saw. These should have been marked clearly so you are now able to
quickly review and capture them as you write the report.

These findings and conclusions should be formally documented as part of the summary report. Too
often, the audit report only recites back facts and data the managers already know. The value is in
identifying issues and opportunities they do not know! This summary should be reviewed first with
the lead auditor, then the Process Owner and Management Team. Make final revisions and file the
audit report and all supporting audit materials and notes.

Gather the whole audit package together, in an organized manner. The rest of the work
instructions, flowcharts, notes and relevant papers should be gathered into the audit package as
supporting records. All findings should also be documented on your corrective action forms. The
audit summary and the corrective action forms should be attached to the audit package, which
now becomes the audit record. Only the summary report and corrective actions need be given to
the process owner.

Elementary Audit Questions

These basic audit questions will help guide the audit in the right direction since the answers they
provide often unlock the doors to information the auditor requires in order to accurately assess the
particulars of a process.

Consider these common audit questions:


1. What are your responsibilities?
2. How do you know how to carry them out?
3. What kind of training is given to new employees?
4. How is the effectiveness of training evaluated?
5. Are training records maintained?
6. What are the objectives of your processes?
7. What is the quality policy and where is it found?
8. Which documents do you use and are they correct?
9. What outputs does your process create?
10. How are your records maintained?
11. How do you ensure that products meet the stated requirements?
12. Is customer satisfaction data analyzed?
13. How do you ensure that products meet the stated requirements?
14. What happens when changes are made to product requirements?
15. What are the responsibilities/authorities for dealing with non-conformances
16. Are there trends in non-conforming products and what's being done about it?
17. Is the non-conformance procedure linked to the corrective action process?
18. Are employees made aware of the quality policy and objectives?
19. Are policies and objectives available and relevant?
20. How are quality objectives determined?
21. Is there a clear link between the policies and objectives?
22. How is progress towards objectives measured and communicated?
23. Has the number of customer complaints changed over time?
24. What tools are used to identify the causes of complaints?
25. How are improvement efforts and successes communicated to employees?
Getting the Most from the Audit Schedule
The audit schedule is divided up to reflect each section of ISO 9001 You should determine which of
these sections are of greatest relevance to your business; in other words, which processes, should
there be problems, will affect your customers the most. These are the processes that your
company must make certain remain stable and consistent. You might wish to schedule these key
processes for additional audits, perhaps two or even three times per year.

The audit schedule provides the following benefits:


1. Provides a visual plan of the audit programme
2. Demonstrates coverage of the whole standard
3. Provide current status of the audit programme
4. Promotes awareness
Your non-conformance procedure must address how you deal with problems:

 Actions to stop the use of reject or suspect items


 How your concession system works
 Actions to correct the problem
 How an item is checked following rework
 How you will do a product recall or retro-fit
8.3 Control of Non-conforming Products
No matter how you resolve the non-conformance, you must keep records of each non-
conformance and how you resolved it. Records of product non-conformity should be periodically
reviewed to determine if a chronic problem exists with the production process. ISO 9001:2008, it
is about continuous improvement.

By keeping records of your non-conformities it is easier to spot negative trends and examine the
root cause, and eliminate the cause of your problems. This, in turn, should result in fewer
defective products and more satisfied customers.

Few other processes require as rigid adherence to procedures as controlling non-conforming


products. There can be no room for deviation.

Controlling non-conformances applies to services just as much as it does to tangible goods.


Reports, data, test results and intellectual property, to name just a few service outputs, can all be
potentially non-conforming, in which case all the disciplines of this process apply.
Need help with Control of non-conformance?
Control of non-conformance is documented and explained in our Quality Manual Template and
guidance document.

Your corrective action procedure must explain how you:

 Review non-conformance and customer complaints


 Decide the cause of the problem
 Decide an appropriate course of action to stop the problem recurring
 Put the plan into action
 Ensure that the action has solved the problem
Corrective action is re-active i.e. dealing with the problem AFTER the event.

8.5.2 Corrective Action


A corrective action should be considered as a reactive response since it is taken upon detection of
a non-conformance. An organisation will first correct or contain the problem and then determine its
root cause so they can take corrective action to prevent its recurrence.

Develop a procedure to control corrective actions.

Your preventive action procedure must explain how you:

 Review potential problems


 Decide the potential cause of the problem
 Decide an appropriate course of action to stop the problem occurring
 Put the plan into action
 Ensure that the preventive action has solved the potential problem
Preventive action is a pro-active procedure i.e. dealing with the problem BEFORE it happens.

The preventive action procedure may include


 Analysing data (8.4) and setting objectives (5.4.1)
 Clarifying customer requirements (7.2 and 7.3)
 Applying a proven corrective action (8.5.2) to other areas of the business
 Being aware of changes (5.6)
 Disaster recovery plan – what will you do if your building burns down, you lose a major
customer, a raw material is no longer available, etc.?
8.5.3 Preventative Action
Preventive action should be considered as a proactive undertaking. For example, if we anticipate a
potential problem and take action to eliminate the causes and prevent the occurrence of that
problem, this is considered to be preventive action.

To understand what an auditor will look for, see the Auditing Preventive Action paper on ISO 9000
Auditing Practices Groups' website.

ISO 9001 quality system documentation requirements:

 Quality policy and quality objectives


 A quality manual
 The procedures specified by ISO 9001
 Other documents required for effective planning, operation and control
 The records specified by ISO 9001
There's an urban myth that procedures must spell out everything in minute detail “..in case
someone falls under a bus..”. This is a hangover from the Defence standards and has NEVER been
a requirement of ISO 9000.

If you are building nuclear reactors (or if you have a high staff turn-over) it’s a good idea to spell
out everything and back-up every decision with a series of checks and signatures.
If you are not in that type of business then do you really need that level of detail?

To paraphrase 4.2.1 Note 2:


 Are we doing simple or complex tasks?
 Are we a large or small company?
 Do you consider that staff are competen ?
The answers to these questions will influence the amount of documentation required.

The modern way of documenting a quality system this is to have lightweight procedures balanced
by heavy training records, which demonstrate competence.

Also, think about having flow-charts instead of text. You can draw adequate flow-charts using
Word‘s auto-shapes.

Whether you use text or flow-charts, generally aim (in artistic terms) for an impressionist painting,
rather than a detailed engineering blue-print.

4.2 Documentation Requirements


Define and document your quality management system (e.g. using a quality manual).

4.2.1 General

 Develop the quality policy document (5.3)


 Develop and establish the quality objectives (5.4.1)
 Develop and establish the quality manual (4.2.2)
 Develop procedures to implement your quality system (4.2.3. 4.2.4, 8.3, 8.2.2, 8.5.2, 8.5.3)
 Develop documents that reflect what your organisation does
Use this documentation hierarchy:

 Level 1: Policies - key system objectives


 Level 2: Quality Manual - approach and responsibility
 Level 3: Procedures - methods (Who, What, Where and When)
 Level 4: Work Instructions - description of processes (How)
 Level 5: Forms, Data and Records - evidence of conformance
Process planning is central to ISO 9001:2008. It is a general requirement (4.1).

Process planning requires the organisation to:

1. Identify the processes


2. Decide the order in which they are carried out
3. Document any interaction between different processes
4. Ensure that appropriate resources are provided
5. Establish appropriate methods needed to operate and control them.
Most organisations include a flow chart (process map) to show the sequence and interaction of
work (4.1b). To do this, walk a job through from start to finish and draw a process map of the core
processes.

A typical process may look like this:

Enquiry and Quotation › Order Receipt › Design › Sample approval › Specification › Purchasing ›
Goods Receipt › Goods-In Stores › Manufacture › Test › Goods-out Stores › Despatch

Around these core processes, there will be various support processes e.g. training, maintenance,
calibration, internal audit, etc.

These support processes enable the core processes to function.


Is a production process different from a business process?
No. Production processes (or as ISO 9001:2008 calls it, "product realization processes") are just a
subset of your normal business processes.

Think of "production" as "creation". If your organisation designs training courses or provides


cleaning services, your production processes are how you develop a course or how you plan and
deliver your service – all just part of "running the business".

What is the best way to define a business process?


There is more to a process than just the tasks and decisions which define the flow of information
or material. You also need to define the materials, hardware and skills required and the
environmental influences (e.g. light, hygiene, humidity) which could affect the operation of the
process.

What is the "correct" level of detail to use when defining a business


process?
As little as you need in order to demonstrate consistency and control. Be clear about why are you
doing it and who will use the resultant definitions. But do it for yourself and your staff – a QMS is
not solely for your external auditor.

Two pages of a flowchart should be sufficient for a process. Assume your people are competent –
or train them if they're not.

4.1 General Requirements


Your organisation’s quality management system is that part of your overall management system
which establishes, documents and implements your quality policy, and related processes for
providing products and services which meet or exceed customer requirements, and which satisfies
quality management system requirements of ISO 9001:2008.

Your organisation should adopt the process approach advocated by ISO 9000:2005, by defining
and managing:
 Process inputs, controls, and outputs to ensure desired results are achieved, and
 Interfaces between interrelated processes to ensure system effectiveness is achieved
If your organisation outsources processes, you must be able to demonstrate sufficient control over
each outsourced process. This is to ensure that those processes are performed according to the
relevant requirements of ISO 9001:2008.

Outsourced processes may be controlled in any number of ways; either by providing suppliers or
subcontractors with product specifications or by requesting inspection and test results or
certificates of compliance or by conducting product and quality management system audits of your
supplier/subcontractor.

The expectation here is that your quality management system flows down to your
supplier/subcontractor, the relevant ISO 9001 requirements that you would have to implement
had the process been performed in-house under your quality management system control.

The adoption of a Quality Management System should be a strategic decision made by the
organisation's top management.

Top management must provide evidence and demonstrate their commitment to the QMS and
continual improvement by:

 Communicating the importance of meeting customer and any regulatory requirements


 Publishing the quality policy
 Ensuring that quality objectives are established
 Performing management review
 Providing appropriate resources
There is considerable emphasis on top management being seen to be on-board and playing the
game. Top management is defined as the person(s) who direct an organisation at the highest
level.

The principal message that management must get across is that the objective of this business is to
keep the customer happy.

Specifically, management must communicate these ideas (5.1, 5.2, 5.3, 5.5.1, 5.5.2, 5.5.3) to the
employees who should be aware of their own roles and responsibilities (6.2.2).

Notice that none of these clauses specify a procedure or a record – you are simply required to do
it.

As a result, the Certification Body auditor will want to speak to the Managing Director/Chief
Executive and the staff. This something your internal auditors must also do.

5. Management Responsibilities
Top management must:

 Communicate to the organisation the importance of meeting customer requirements


 Communicate to the organisation the importance of meeting regulatory requirements
 Ensure that quality objectives are created
 Ensure that quality measurements are taken and recorded
 Ensure that quality measurements are compared against quality objectives
 Conduct periodic management reviews
 Review the quality system and make changes where necessary
 Provide evidence of management reviews
5.1 Management Commitment
It’s clear that without solid management commitment, you will not have a successful quality
management system. This is not a commitment in words; it is the continuous and active
demonstration to everyone in the organisation that the need to meet customers' expectations is
vital.