The latest clause to come under the spotlight in this series of How to Guides for ISO 9001 is: ISO 9001 Clause 5.3 – Organisational Roles, Responsibilities and Authorities.
We take a look at what it is, and where it fits in the greater scheme of the ISO family. But first, let’s briefly set the scene with regards to the ISO 9001 standard.
In December 2021, the International Organisation for Standardisation (the main ISO body) reported “over one million companies and organizations in over 170 countries certified to ISO 9001:2015. This number continues to increase year on year, for many and varied good reasons.
Yet there’s one not-so-small catch…
ISO 9001 might just be the most confusing document in business history!
The good news is this series of articles and accompanying free factsheets are purpose designed to:
- Cut through the jargon
- Debunk the myths
- Make smoother sailing of your journey to certification
Without further delay, let’s examine ISO 9001 Clause 5.3 – Roles, Responsibilities and Authorities, in closer detail.
What does the Standard require?
Clause 5.3 of ISO 9001:2015 requires top management to ensure that roles, responsibilities and authorities for your Quality Management System (QMS) are assigned, communicated, and understood. But what exactly are these roles and responsibilities? And what’s the most effective way to define these for your organisation?
Let’s start with some definitions: responsibility is what personnel must do, and authority is what they are empowered to do.
When roles, responsibilities and authorities are clear there is less confusion and more efficiency, and fewer statements like “that’s not part of my job”, “nobody is in charge of that” or “we have confusion around who does what”.
Defining the roles, responsibilities and authorities is a characteristic of a Quality Management System (QMS), and the intent of this clause is for top management to assign the relevant roles in relation to the QMS, in order to ensure the effectiveness and the achievement of the business’ intended results.
Whilst not necessarily required, job descriptions are a common way of meeting this requirement, as long as they are kept up to date. If you choose to go down this route, the job descriptions will need to be version controlled as they will be within the scope of the management system.
Procedures are another way where you may choose to identify a position’s responsibility and authority, as long as they effectively communicate this.
I prefer a different way, which is to identify the various job titles in the business in a table format, and to document the responsibilities and authorities applicable to the QMS for each role.
Can top management assign authorities?
Responsibilities and authorities can be assigned to more than one person. They should be able to make decisions and effect change to the area and/or processes to which they have been assigned. But it is essential to emphasise that the overall responsibility and authority of the QMS remains with top management.
In the previous version of the Standard, there was a management representative, and whilst the 2015 version does not mention this role, an organisation can opt to continue to have a management representative.
The purpose of this change was to ensure that top management are actively involved and accountable for the management system rather than delegating all the responsibility to one person. Whilst the term “management representative” is not included in ISO 9001:2015, the responsibilities and authorities are included.
The Five Requirements Explained
Under clause 5.3, top management are required to assign the responsibility and authority to five elements, let’s take a look at each of these and how they might be performed.
1. Ensure that the management system meets the requirements of ISO 9001:2015
Quality is not a one (wo)man show! Everyone will contribute to the QMS but someone needs to ensure that the business is adhering to the requirements of the standard. In large organisations, this could be the Quality Manager but in smaller businesses, this position often does not exist, and is incorporated into someone’s role.
Anyone with an understanding of the ISO 9001 can fill this role, and some of their duties will include: receiving training on the practical application of the requirements of ISO 9001; passing this knowledge onto others; conducting internal audits; facilitating the management review; and keeping the business informed of the QMS.
2. Ensure that the processes are delivering their intended outputs
In other words, is the business monitoring and obtaining the right results. This action can be assigned to more than one person who would each have different responsibilities, such as monitoring the quality objectives, determining if the processes are achieving their intended results, or conducting internal audits. This role is one of measurement, analysis and reporting so that top management can review and draw conclusions from the data.
3. Report on the performance of the QMS and on improvement opportunities to top management
One person might be assigned the responsibility for co-ordinating the reporting, with other persons being responsible for reporting on specific processes of the QMS to top management. The important part of this role is reporting. It should be fulfilled by someone who can analyse data and present it to top management so that decisions can be made to continually improve the QMS.
4. Ensure the promotion of customer focus at all levels
Customer focus should be at the forefront of every business, it is the reason for the business’ existence. This responsibility can be assigned to the person who is primarily communicating with customers and ensuring that any issues are resolved. There are a number of tasks that this person / department can be assigned, such as: collating and analysing customer feedback; communicating this feedback to the business; and ensuring the business acts on and learns from customers complaints.
5. Ensure that the integrity of the management system is maintained when changes to the system are planned and implemented
Basically, this role means the QMS does not become stagnant and is not allowed to slide. People love to make changes to processes and often the last thing on their mind is how does it impact the QMS? This role ensures that the business considers the QMS whenever a change is made.
Examples of changes could be the restructuring of the business, a decision to outsource a department, growth opportunities in a new market or even just a change to a process. The person assigned with this responsibility needs to ensure the overall QMS is maintained and has the authority to ensure that changes are not actioned without considering the potential impact on the QMS.
Keeping Your QMS Compliant
The effectiveness of the QMS is directly relative to how well the roles, responsibilities and authorities are integrated into the daily operations of the business. A well-defined structure nurtures a sense of ownership and drives the collective effort towards achieving the quality objectives. Clause 5.3 is not just a set of requirements; it is a strategic tool that can transform your QMS.