Quality Blog


Roles, Responsibilities, Authorities
John Mason - Thursday, August 24, 2017

This sub clause is trying to be all inclusive. It is trying to leverage the quality management system away from the quality manager and or the ‘management representative’ and forcing stuff up the corporate food chain. There are no real changes from the previous version of the standard, other than the use of the words…. top management. The requirements are therefore; The company's top management ensures that the responsibilities and authorities for relevant roles are assigned, communicated and understood within the company. The company's top management has assigned the responsibility and the authority for: ensuring that the Quality Management System conforms to the requirements of the standard; ensuring that the processes are delivering their intended output; reporting on the performance of the Quality Management System and on opportunities for improvement (see 10.1), to the company top management; ensuring the promotion of customer focus throughout organization and; ensuring that the integrity of the Quality Management System is maintained when changes to the Quality Management System are planned and implemented. It is all a bit of a yawn. Whilst trying to ensure that there is senior, top, upper management involvement enshrined in the various processes of roles, responsibilities and authorities, the standard again falls short of meaningful prescription or direction. Why set a rule or guideline that therefore lacks retained or maintained documented information? Quite simply, it is an auditor’s nightmare, a consultant’s dream and a misinterpreted postulation of what is needed by a company to fulfil the perceived requirement of the standard. But wait, I won’t leave you in the lurch. Here is what you need to do.  

So, the very first thing you can do is assign, communicate, understand the RAVs. How? Well in a small company, you can hold a meeting and tell people. Then you can walk the talk and demonstrate that what you said is ‘gospel’. Other ways are through management reviews, management meetings, performance reviews, employment contracts, job descriptions (or any of the 10’s or derivatives or them). Understanding is through similar mechanisms or through training or tests, or feedback loops or observation or quality control. Hell, how long is a piece of string. There is no right or wrong here. Just consistent documented information that enables your staff to get it right and enables your certification auditor to judge the company’s effectiveness of this clause.

And now to the specifics…the company's top management has assigned the responsibility and the authority for: ensuring that the Quality Management System conforms to the requirements of the standard – OK who signed that pesky quality policy?? Next, ensuring that the processes are delivering their intended output – smells like supervisor / manager functions of each process. Next, reporting on the performance of the Quality Management System and on opportunities for improvement (see 10.1) – again, same, same. Next to ensuring the promotion of customer focus throughout organization – policy, CEO talks, etc and finally; ensuring that the integrity of the Quality Management System is maintained when changes to the Quality Management System are planned and implemented – Oh please, what company doesn’t practice the rudiments of change management practices?

Next, you can decide on what format the RRAs are described. Retained, maintained or any other means….You decide.

Roles, Responsibilities, Authorities

Quality Policy
John Mason - Tuesday, June 20, 2017

So, the new standard is shaking things up a bit. First of there is now some prescription on establishment and then some around communication. The biggest change is that customer satisfaction is no longer explicitly referenced. Sure, there is plenty of inference, but nothing specific. The requirements are therefore; The company's top management will establish, implement and maintain a Quality Policy that: is appropriate to the purpose and context of the company and supports its strategic directions; provides a framework for setting Quality Objectives; includes a commitment to satisfy applicable requirements and; includes a commitment to continual improvement of the Quality Management System. Simple. This is a standard folks. A set of requirements. So, to make a quality policy compliant, include each of the above in the policy. Do not leave anything out. The good news, is you get to determine the detail to suit. So, make it appropriate, make fit your context enable it to support your strategic directions whether through explicit detail or reference to. The linkage to strategic directions is so important here as it screams legitimacy and demonstrates the importance of quality. Whilst it wants a provision for quality objectives, it doesn’t mean you must describe the framework within the policy (unless of course you want to). More on that a little later. State you are committed to satisfy applicable requirements and if desired, state some of these (not recommended) and always include the final commitment of continual improvement, which is the essence of quality assurance.  

But let’s look at the actual structure and intent of a quality policy or in fact, any policy document. Here are the Mason rules for any policy…1) signed, yes actually signed by the MD, CEO and as desired, signed by the functional head as well. 2) One page only. If you cannot get you point, rule, intent across in one page, then no one will read it and the point of any policy is to get people to read and understand it at all levels of a company. 3) have structure concerning the what, why, how and commit. But it isn’t just sufficient to have a policy. You must communicate it as well. The new standard has made a positive step in establishing some rules around communication. These being the quality policy is: available and be maintained as documented information; communicated, understood and applied within the company and; available to relevant interested parties, as appropriate.

So, let’s break this down. The first thing you need to be aware of is that the standard has deemed the quality policy as a maintained documented information. This means it must ‘written’ in a format of your choosing and it must be handled in a controlled manner. Next is availability. I really love hard copy, nicely framed policy documents. I like them in the foyer, on a communication board, in the lunchroom, boardroom, intranet, web site, product catalogue, literally anywhere you want to communicate the importance of the document.

Now that you have communicated the document, we need to apply it and make it understood. Application is easy. Walk the talk. With it linked to strategic direction and quality objectives, everyone can see the applicability. And once they see that, the understanding becomes apparent. But don’t just leave all of that to chance. Make sure the quality policy and the qms is embedded in the induction process, the refresher / update training process and that there is some form of revision, test, survey of the intents to demonstrate to themselves of what is trying to be achieved.

Quality Policy