Evidence of Top Management involvement in meeting ISO 9001
ISO 9001 is the internationally recognized standard for Quality Management Systems (QMS). It provides a framework and set of principles that ensure a common-sense approach to the management of an organization to consistently satisfy customers and other stakeholders.
The previous version of the standard required Top Management (Leadership) to display evidence that demonstrated their commitment to the development and implementation of the quality management system. As the onus was not placed solely upon the involvement of Top Management, the responsibility was often delegated to a junior manager, such as the Quality Manager.
The new standard (ISO 9001:2015) requires Top Management demonstrate effective leadership through involvement and engagement with meeting the standard as opposed to just a commitment to developing a quality management system.
Criteria for meeting ISO 9001
While ISO 9001 provides a detailed set of requirements for meeting the standard, it effectively focuses on assessing three key components of a quality management system: the operations of the system itself, evidence of a customer focus and implementation of resources to support meeting the standard throughout the organization.
Auditing the quality management system
Clause 5.1 requires that Top Management demonstrate effective leadership and a commitment to continual improvement, which should be reviewed regularly accordingly.
Leadership and commitment
Top management shall demonstrate leadership and commitment with respect to the quality management system by:
taking accountability for the effectiveness of the quality management system;
ensuring that the quality policy and quality objectives are established for the quality management system and are compatible with the context and strategic direction of the organisation;
ensuring the integration of the quality management system requirements into the organisation’s business processes;
promoting the use of the process approach and risk-based thinking;
ensuring that the resources needed for the quality management system are available;
communicating the importance of effective quality management and of conforming to the quality management system requirements;
ensuring that the quality management system achieves its intended results;
engaging, directing and supporting persons to contribute to the effectiveness of the quality management system;
supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.
5.1.2 Customer focus
Clause 5.1.2 requires that Top Management demonstrate a customer focus, to ensure products consistently meet customer requirements.
Top management shall demonstrate leadership and commitment with respect to customer focus by ensuring that:
customer and applicable statutory and regulatory requirements are determined, understood and consistently met;
the risks and opportunities that can affect conformity of products and services and the ability to enhance customer satisfaction are determined and addressed;
the focus on enhancing customer satisfaction is maintained.
Effective delegation of roles
Clause 5.3 requires Top Management delegate, communicate and monitor implementation of the quality management system throughout the organization.
5.3 Organizational roles, responsibilities and authorities
Top management shall ensure that the responsibilities and authorities for relevant roles are assigned, communicated and understood within the organisation.
Top management shall assign the responsibility and authority for:
ensuring that the quality management system conforms to the requirements of this International Standard;
ensuring that the processes are delivering their intended outputs;
reporting on the performance of the quality management system and on opportunities for improvement, in particular to top management;
ensuring the promotion of customer focus throughout the organization;
ensuring that the integrity of the quality management system are planned and implemented.
Important terms for assessing system suitability
In order to understand whether a quality management system will meet the criteria an auditor is assessing a system against, it is important to understand how key terms are defined by ISO 9001:2015.
Top Management is defined as a person or group who directs and controls an organization at the highest level. They have the power to delegate authority and provide resources within the organization.
NB: If the scope of the management system covers only part of an organization (for example, health and safety), then top management refers to those who direct and control that part of the organization.
Involvement is defined as taking part in an activity, event or situation.
Engagement is defined as involvement in and contribution to activities to achieve shared objectives.
Management is defined as coordinated activities to direct and control an organization. This can include establishing policies and objectives, and processes to achieve these objectives.
NB: when the word “management” refers to people, it should always be used with some form of qualifier to avoid confusion with the concept of “management” defined above. For example, “management shall…” is unacceptable, whereas “top management shall…” is acceptable.
Policy is defined as intentions and direction of an organization as formally expressed by its top management.
Quality policy is defined as a policy related to quality. Generally this is consistent with the overall policy of the organization, aligned with its vision and provides a framework for the setting of the quality objectives.
Examples of suitable evidence
In order to provide suitable evidence of Top Management involvement and engagement, documented information must be provided, along with actions assigned as appropriate.
The tables below provide an indication of actions that could be considered as objective evidence to demonstrate Top Management are undertaking effective leadership, commitment and accountability.
5.1.1 General (systems)
1. Customer focus
Appropriate documented information to demonstrate the organization has identified the applicable customer, statutory and regulatory requirements, and evidence the organization has evaluated their compliance to these. If not identified as compliant, evidence is required to demonstrate appropriate and effective corrective action has been taken.
5. Organizational roles, responsibilities and authorities
Adequate resourcing of the organization’s processes / activities to support its scope and strategic direction, taking into consideration the identified risks, including people, infrastructure and equipment.
It is possible that not all elements will be applicable to an organization, as this is dependent on a number of factors including the size, locations and activities of the organization, the number of standards the organization is registered to and the maturity of its management system.
Further assistance in meeting ISO 9001
As the examples above demonstrate, when it comes to an audit, you can never have too much information.
While this is by no means an exhaustive list of examples of sufficient evidence of top management involvement in meeting ISO 9001, it should provide some indication as to the type of documents that demonstrate a commitment to meeting the standard.
If you are new to the ISO 9001 standard or believe you would benefit from further assistance, NQA can perform a gap analysis and support you with training for internal auditors. We also host regular webinars to address the requirements of each standard and share legal updates via InTouch, our monthly newsletter.