Quality Policy for Effective Auditing in ISO 9001:2015
Andrew Holt examines how ISO 9001:2015 sets out the development and communication of the quality policy and what this means for auditors.
It is in sub-clause 5.2.1 of ISO 9001:2015 that sets out the requirements of top management in respect of the organisation’s quality policy.
Top management must establish a quality policy that is appropriate to the purpose and context of the organisation and critically, it must support its strategic direction.
It must also provide a framework for the setting and review of quality objectives, include commitments to satisfy any applicable requirements and to continually improve the quality management system.
It is the responsibility of top management to implement and maintain the quality policy.
Implications for audit professionals
Auditors should seek evidence that top management have created the quality policy, and are implementing and maintaining it.
Auditors should ensure that the policy is appropriate to the context of the organisation as well as its purpose and that there is a commitment to improve the organisation’s quality management system.
They should also seek evidence that the organisation’s quality objectives are consistent with the policy.
The requirement to determine that the quality policy is appropriate to the purpose and context of the organisation reinforces the need for auditors to establish their personal understanding of the context that the auditee is operating in.
However, from an audit perspective it is important that top management can demonstrate that the policy is compatible with the strategic direction and context of the organisation, as required by sub-clause 5.1.1 b).
5.2.2 Communicating the quality policy
Sub-clause 5.2.2 sets out specific requirements in respect of the organisation’s quality policy communication.
As in the 2008 edition the policy must be available as documented information.
It must be communicated, understood and applied inside the organisation and must be available to relevant interested parties as appropriate.
Implications for audit professionals
Auditors should note that the ISO 9001:2008 requirement for “documented statements of quality policy and quality objectives” has now been removed. Instead, ISO 9001:2015 requires the policy to be maintained as documented information.
Auditors should ensure that the quality policy is being applied throughout the organisation and that the organisation is making the policy available to relevant interested parties where it is appropriate to do so.
It is vital to remember that documented information can be in any medium; so a video clip on social media, a metal plaque or even a mosaic on the wall in the organisation’s entrance hall are all acceptable.
6.2 Quality objectives and planning to achieve them
Sub-clause 6.2.1 is an enhancement and extension of ISO 9001:2008 requirements. It requires an organisation to set quality objectives for relevant functions, levels and processes within its quality management system.
It is for the organisation itself to decide which functions, levels and processes are relevant.
The quality objectives must be consistent with the organisation’s quality policy and be relevant to the conformity of products and services, and the enhancement of customer satisfaction.
Quality objectives must be measurable, take into account applicable requirements, and be monitored in order to determine whether they are being met.
They must also be monitored, communicated across the organisation and be updated as and when the need arises.
An important change from 2008 is the deletion of the qualifier that quality objectives are “within the organization”.
This recognises that externally provided processes, products and services may also need quality objectives assigned.
Information on the quality objectives needs to be maintained by the organisation as documented information.
Implications for audit professionals
Additional requirements have been included in the standard as set out above. A new focus is on the quality objectives to be relevant to product and service conformity (and the enhancement of customer satisfaction).
This means that objectives which are not relevant to product and service conformity are not necessarily invalid, they are just not quality objectives. Auditors should ensure that the organisation is able to evidence that they are complying with these new requirements.
Attribute to original publisher/ publishing organization: Andrew Holt is technical content executive at the CQI and IRCA, quality.org/knowledge/iso-90012015-what-quality-policy-means-auditors