What Is A QMS Policy?
The quality policy is the general promise and commitment to quality control and customer focus of top management when it comes to quality. It’s usually a brief paper with less than 100 words. The policy is frequently left to gather dust sitting on a reception wall and never even communicated out.
What Is In A Quality Policy?
Though it’s often organized as a list of bulleted pledges, you could change the format to whatever format you feel is right for you. The intent of the quality policy is to inform everyone in the organization about what’s going on and what is absolutely crucial to the development of the company’s success.
You are not required to refer to your ‘quality policy’ by that name. It could also be referred to as a mission statement, vision, or charter a declaration of excellence, or a variety of other terms. However, the term ‘Quality Policy’ is almost universally used and will be readily understood by 99% of work staff. Please bear in mind that you might have foreign workers that may require consideration of applicable language.
What Do We Call Our Quality Policy?
That said, you might have good reasons to avoid using the term “quality.” This is because quality can have a fairly specific and quite narrow definition in some organizations. Some businesses are expanding their use of the quality policy by addressing issues such as culture, morals, ethics, and other topics. I think that this is a good idea and there’s nothing wrong with doing this. It’s important that your policy meets the minimum requirements of clause 5.2 but after that, you can add anything else you think is appropriate. Please bear in mind, talk is cheap and you must be able to demonstrate conformance to your policy during an audit.
How To Write A Quality Policy?
How To Write A Quality Policy?
The quality policy is still a documented part of your management system, despite the fact that it is a very high-level document and as a result, it establishes a set of auditable requirements. Be careful not to include no meaningless corporate double-speak and convoluted statements that you’ll never be able to deliver.
Here are some questions to consider when constructing a meaningful quality policy:
- Who are we and exactly what do we do (context)?
- What is our strategic direction?
- What type of quality culture are we striving to establish?
- How important is the customer?
- What is our management system trying to achieve?
Creating a quality policy is not the sole responsibility of the quality manager as is the common misconception I’ve found during audits. Authoring a meaningful policy that is bespoke to your organisation should be a collective exercise between a representative group of workers from your organisation.
Please don’t make the mistake of cut-and-pasting one off the internet and thinking that you can perform a few simple tweaks to make it represent you. As an auditor, I’ve come across this many times and have been awarded a major non-conformance for this on many occasions.
Let’s take a look at the requirements for clause 5.2.1 the quality policy:
(a) Describes the organisational context and strategy
Does your policy truly describe who you are, what you want to achieve and what your strategy for quality is? Could you replace the name of your organisation with “Pizza Hut” and would it still make sense (I hope not)? It’s a good idea to include a brief statement about who you are and what you do as part of your policy.
If you have received certification from a UKAS (UK) approved certification awarding body then take a look at your certificate. It should contain a short scope statement describing who you are and what you do. You can include something very similar to this as part of your policy statement.
(b) Provides a framework for objectives
Are the claims, promises and commitments in your policy measureable? If not, they should be as this is what is required by this clause section. As a 3rd party auditor, I’ve found that many people don’t really understand this very important part of the policy requirements.
The old saying that “Talk is cheap” comes to mind here. One can make any amount of impressive-sounding statements on the policy but unless they’re back up with measurable targets, then they are pretty meaningless.
(c) A commitment to satisfying applicable requirements
This refers back to the clause 4.3 requirements for the scope of your management system in relation to your organisation. There may be circumstances where you can claim an exclusion to certain clause requirements. A common example of this is where a business does not perform any design and chooses to outsource this function. In this case, certain clause 8 requirements will not apply. However, you are being asked to satisfy those clause requirements that are applicable to you, under your scope statement.
(d) You will be committed to the continual improvement of the QMS.
Continual improvement is at the heart of all modern management systems. Understanding this should be your biggest reason for adopting the management system in the first place. A management system consumes a huge amount of time and effort to implement and maintain and unless it’s driving continual improvement, what’s the point? Only those who fully embrace the management system will reap the rewards of continual improvement. Continual improvement can only happen if it is led by top management and in a management system that is properly resourced.
Included next is a sample quality policy for a hypothetical manufacturing company. Use this as an example template to build your own quality policy. This is the sample policy creation that we teach on our ISO 9001 training course.
Clause 5.2 Quality Management System Policy Template (5 tips)
(obj = a possible objective)
Statement to explain the purpose of the organization
“Based in Birmingham UK since 1965, we are the ACME trading company who design and manufacture precision-made high tensile steel components for the aerospace and automotive industry. We also specialize in bespoke finishing processes including all types of anodizing finish”.
Intended Outcomes · Intended outcomes as stated by the management system text
- During the manufacturing process activity, we aim to: (Obj) ·
- Consistently provide products and services that meet customer and applicable statutory and regulatory requirements (Obj) ·
- Facilitating opportunities to enhance customer satisfaction (Obj)
- Addressing risks and opportunities associated with our activities and objectives;
- Demonstrate conformity to specified QMS requirements (Obj) ·
Intended outcomes as stated by the organization’s top management commitments
We will also concentrate our efforts on customer focus and customer satisfaction by: ·
- Implementing a robust customer communication processes (Obj) ·
- Engaging in face‐to‐face customer focus activities (Obj) ·
- Implementing a customer fast and responsive complaints process (Obj)
Commitments · As stated in section 5.2 of the management system
“To help us achieve this we shall ensure that we set appropriate objectives, satisfy all applicable requirements and be committed to continual improvement” (Obj) ·
Commitments that are specific to the organization as stated by the management
“We will ensure that all products produced using our bespoke XYZ process are checked for conformity according to the ABC specifications of our industry (Obj). We will maintain a monitored control of our anodizing processes (Obj) according to regulatory requirements and industry specification requirements(Obj). We will maintain strict testing procedures for our XYZ products according to EU Reg: ABC etc..” (Obj)
With particular respect to:
1. The significant risks as identified in 4.1 & 4.2 ‐ (the significant risks of your organization!) 2. From any legal and/or other requirements – (that affect your organization!)
As you can see in this example, I began by providing a very brief introduction to the business that describes who we are and what we do. Although this is not strictly required by the ISO 9001:2015 management system it does help bolster the requirements of clause 4.1 Establishing The Context Of The Organisation.
Next, I suggest you include your bullet point statements that describe the intended outcomes of the management system as found on p.vi in the printed standard. Let’s not forget the primary intended out of ISO 9001:2025 or any other iteration of a quality management system should be to ‘protect’ the customer. Protect them from what? I hear you ask. Well, quite simply put – to protect them from anything negative that might affect their product order or service provision.
Let’s not forget that old and well-known mantra “the customer is king” I’ve lost count at the number of times I’ve been stood at a shop counter waiting to be served whilst being totally ignored by the shop assistant performing a job orientated task instead of tending to my needs.
The consequences of upsetting your customers with product defects, poor delivery times, and broken promises with service providers can be catastrophic when considering the effects of social media on your business.
It’s advisable not to bash your customers over the head by adopting aggressive marketing campaigns. Treat your customers with respect in the way that you communicate with them and they will thank you for it. As a test. Think about and list all of the things that annoy you when you log onto a website when thinking of making a purchase. Do this exercise as a group effort and then meet to discuss the results. Your goal now is to be sure that your organization does not do any of the same things with your customers.
Today’s customers want the ease of service and the ability to make a purchase without having to sign their life away by being forced to complete unnecessary forms during a purchase. Can you not simply provide a quick checkout option in the form of a PayPal button? Do you really need a date of birth or your mother’s maiden name?
Never forget that your customers want great service and value for money. In today’s highly competitive markets, my best advice is to compete first and foremost on your customer service. Try and strive to make customer service your USP and you’ll not go far wrong.
Clause 5.2 of the management system is where you will find the specific minimum requirements of the management system. These are referred to above as the requirements as stated within the management system text.
Simply regurgitating the management system text is a cop-out in my opinion and is what most people tend to include. During an audit, I’ve asked a great many members from top management how they actually achieve these statements in real practical terms and they are often stuck for words. This is usually because the only 2 people who have ever met and discussed the policy are the Quality manager and the CEO when signing it.
Your business quality policy should be a collaborative document that was discussed and designed by a representative group from top management and ideally also with general worker representation.
Next, your policy should include those promises and commitments that come from the meeting that I’ve just described. The one included leadership and worker representation. In that meeting, you will have discussed the global strategies and processes that affect everyone and in terms of an internal quality guarantee to the customer.
As mentioned earlier, be sure that you can meet these promises and statement guarantees otherwise they will be pointless and will surely fail during an audit. If you’ve read this far, then I suggest a good starting point with your current policy is to check that it at least meets the requirement of clause 5.2. And lastly, the policy will mean nothing unless it’s communicated and trained out properly.
Ask yourself: In my sample policy, could you remove the name “ACME Trading Company” and replace it with “OXFAM” and if you did, would the policy still be appropriate? Think about asking yourself the same question about your organization’s quality policy!
Clause 5.2 requirements for ISO 14001 & 45001
ISO 14001:2015 – the only difference listed here at clause 5.2
(c) Commitment to protecting the environment and preventing pollution
Are you dedicated to protecting the environment from adverse impacts caused by pollution and contamination? Pollution by your organisation could include air/water quality, noise, radiation and light pollution etc. Shielding the environment from the negative impacts of these issues is at the heart of an EMS and you should be fully committed to meeting this policy requirement through everything that you do.
ISO 45001:2018 – there are many differences here and so let’s take a look at each sub-clause individually:
(a) Provide safe and healthy working conditions and protect workers from injury.
This requirement encapsulates the intended outcomes of ISO 45001:2018. Protecting workers from injury and providing them with a safe working environment is at the heart of the standard. Everything that you do should be focused upon achieving this consistently and effectively. Although accidents can and will happen, you should adopt a ‘zero tolerance’ culture for the occurrence of accidents.
(b) Providing a framework for setting objectives
(this is the same requirement as for ISO 9001:2015)
(c) A commitment to fulfil legal and other requirements
I would imagine that the ‘legal’ aspect of this requirement is pretty easy for you to grasp. The Healthy and Safety At Work Act 1974 aside, there is a whole raft of European legislation that might apply to you depending on your organisational context.
The ‘other requirements’ part of the statement refers to things such as contractual agreements etc. You might be required to deliver ‘X’ amount during an agreed time period as part of the contract. Are you committed to fulfilling this contractual requirement? I hope so.
(d) A commitment to remove hazards and eliminate risk.
The standard provides a definition of the term hazard as:
- “Source with a potential to cause injury and ill health”
This refers to an object such as a machine tool and also to a hazardous environment. Let’s not forget that you first require a process for identifying a hazard or a hazardous situation. Once identified, have you done everything you can to eliminate the hazard and therefore reduce the risk?
(e) A commitment to continual improvement
(see the guidance for the ISO 9001 requirement as it is the same).
(f) A commitment to consultation and participation of workers or their representatives.
The word ‘consultation’, in this context, means to seek views before making a decision. The word ‘participation’, in this context, means involvement in a decision making process. In practical terms, you are about to purchase a new piece of machinery, have you consulted with those that will be affected and involved a representative in the purchasing decision?
Do you hold weekly/monthly safety meetings that are attended by a worker/s representative? Are you aware of The Health and Safety (Consultation with Employees) Regulations 1996?
When you consider the intended outcomes for a health and safety management system, I’m certain that workers will have very strong opinions on how they are to be kept free from accidents and provided with a safe working environment.
For auditors:
- Check the existence of an up-to-date policy
- Check when the policy is reviewed and by whom
- Check if top management were involved in authoring the policy
- Check how the policy drives continual improvement
These are some questions that I will be answering in more detail with future articles:
- What are the examples of quality policy?
- Why do you need a quality policy?
- How do you communicate quality policy?
- What is a quality policy and objectives?
- How do you develop quality objectives?
- What is an example of a quality objective?
- How do you monitor quality objectives?
- Does a quality policy need to be signed?
References: www.iso.org
ISO 9000:2015
ISO 9002:2015
Please be kind, share and create a link back to this article.
(c) All content is copyrighted to ISO Training UK – All rights reserved 2022.