Thoughts and musings all things people and process
At the heart of the ISO9001 quality management system sits the quality policy statement.
The aim of the quality policy is to set out, in concise terms, the way in which the company will ensure the quality of its deliverable -- whether that's a product or a service -- and to set out the company's commitment to ongoing improvement of the effectiveness of the QMS.
It's a really important document, not only because it should be highly visible, but also since it needs to be worded in such a way that it is possible use as a framework for your quality objectives and to set measurable performance indicators against the key commitments within it.
The key to a good quality policy is simplicity. That is not to say that the quality policy is easy to define - it is perhaps one of the most difficult ISO9001 policies to craft. It should be relevant and realistic. It should not make any commitments that you cannot realize.
Aim for one page of A4. Make every word count -- no waffling! And although this will be read by employees, since this is also an external facing document, avoid terminology that may not be understood outside of the company.
Your starting point could be to describe in relatively brief terms, what the company does. That part shouldn't be too difficult.
Your ending can be a commitment to periodic ongoing reviews of the quality policy itself for effectiveness and suitability.
It is the middle section that requires the most thought. Ultimately, your quality policy should reflect the goals of your organization as a whole. What are they? You need to state management commitment to complying with requirements and to continually improving effectiveness of the quality management system -- so this middle section needs to describe what and how. So have a think about how the company operates and what is in place. For example, consider:
Look at the answers to the above and use it to form the main body of your policy. So for example, you might make a commitment to ensuring that quality procedures are upheld throughout the business via an internal audit programme, and then later when creating metrics around this objective, you may choose to measure it via the number of internal audit actions raised and subsequently closed within a specific timeframe.
It is best to ensure that the policy statement is signed (and dated) by the person with whom overall responsibility for quality across the organization lies, though there is no specific requirement in the standard for a signature, despite common misconceptions. However, if quality truly sits at the heart of the organization, it seems only fitting that the policy is signed off by the most relevant individual.
Once you have completed your quality policy statement and it has been reviewed and approved by all relevant stakeholders, then ISO9001 requires that it is communicated and understood within the organization. There are many ways in which you can do this, so for example via ongoing staff awareness training, as part of your new employee induction process, within the employee handbook, posting on the intranet and on display on notice boards.
Since the quality policy must be reviewed 'periodically' to ensure it remains suitable, diarise an annual review with key stakeholders. This frequency should suffice unless there are any significant changes within the organization which would warrant it in which case, you need to review it sooner. There is no need to change the quality policy statement for the sake of changing it, but ensure that you have a last reviewed /approved date included within the document as evidence of the review, and of course that it is appropriately versioned in line with your document control policy.
And by the way, regardless of whether you are aiming to meet the requirements of ISO9001 or not, it's still best practice to have a quality policy. So, give it a go -- it's a good way to focus the mind and think about how the organization really does work to ensure that quality is achieved.