Colors: Cyan Color

Clause 5.3 of the ISO 9001:2015 standard, titled "Organizational roles, responsibilities, and authorities," mandates that top management must ensure the organization's roles, responsibilities, and authorities are assigned, communicated, and understood. This is critical for the effective implementation, maintenance, and continual improvement of the quality management system (QMS). The proper implementation helps eliminate the following:

  • I am not responsible for that
  • No one's in charge of this
  • Nobody understands what they are supposed to do
  • I do a lot but have no authority
  • The ball seems to get dropped a lot
  • There are a lot of chiefs and no Indians.

Here's what this clause involves:

  • Assignment of Roles, Responsibilities, and Authorities: Top management must clearly define and document who is responsible for what within the organization about the QMS. This includes who is responsible for ensuring that the QMS conforms to the requirements of ISO 9001, reporting on the performance of the QMS and opportunities for improvement (including to top management), and ensuring the promotion of customer focus throughout the organization.
  • Communication and Understanding: It is not enough to merely assign these roles; the organization must also communicate these assignments throughout the organization. This ensures that everyone understands their specific responsibilities and authorities regarding quality management.
  • Documented Information: While ISO 9001:2015 has reduced the emphasis on documented procedures, this clause implies the need for documented information to support the understanding and communication of roles, responsibilities, and authorities within the organization.

Clause 5.3 ensures clear leadership and accountability within the organization regarding the QMS. By clearly defining and communicating the roles, responsibilities, and authorities, organizations can ensure that their QMS is effectively and efficiently managed, with clear lines of accountability and decision-making that support the achievement of quality objectives and improvement of processes. This structure supports the overall effectiveness and efficiency of the QMS, contributing to enhanced customer satisfaction and organizational performance.

Management Standards have commonality across specific ISO Standards. ISO 9001, ISO 14001, and ISO 45001 have a typical structure, terms, and text. For example, the elements or areas covered in the standard (i.e., clauses) are:

1. Scope
2. Normative references
3. Terms and definitions
4. Context of the organization
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance evaluation
10. Improvement
Read more: First in the 2023 Series - PDCA

Clause 5.2.2 of the ISO 9001:2015 standard, titled "Communicating the Quality Policy," focuses on the requirements related to communicating the organization's quality policy. Quality policy helps create norms and culture within an organization.  The clause mandates that the quality policy must be communicated, understood, and applied within the organization. Furthermore, this clause requires the quality policy to be available to relevant interested parties (who care about your company and what they want from you). Here are the key aspects:

  • Accessible and documented:  It is a formal document available to all employees.  Employees should be able to demonstrate how to access it.
  • Internal Communication: The organization must ensure that the quality policy is communicated and understood by all employees and individuals working for or on behalf of the organization. This includes ensuring that everyone knows how the policy applies to their specific roles and responsibilities within the quality management system (QMS).
  • Understanding the Quality Policy: Beyond merely communicating the policy, the organization must ensure it is understood. This might involve training, meetings, or other forms of communication to clarify the importance of the quality policy and how employees' activities contribute to achieving its objectives.
  • Application of the Quality Policy: The organization must ensure that the quality policy is communicated, understood, implemented, and maintained across all levels. This means the policy's principles are integrated into everyday processes and practices, guiding decision-making and actions.
  • Availability to Interested Parties: The quality policy should also be available to relevant interested parties outside the organization. This can include customers, suppliers, and other stakeholders who are interested in the organization's commitment to quality. Making the policy available can be achieved through various means, such as posting it on the organization's website or providing it upon request.

The emphasis on communicating the quality policy underscores its importance as a foundational element of the QMS. By ensuring the policy is widely understood and applied, the organization fosters a culture of quality that supports continuous improvement and aims to enhance customer satisfaction. This clause provides that the quality policy serves as a clear guide for all quality-related organizational activities.

Iso 9001 certified 245x222It happened.  As the leader of your organization, you receive that call from your customers.  The one you have been holding your breath on for years, hoping they wouldn't call.  As part of the supply chain, they require you to become certified to ISO 9001.

Now what? 

You were told by your competitors and leaders from local companies that it is a time sucker.  ISO 9001 requires hundreds of documents.  You have to write down everything!  In addition, you now have to hire an employee to get this done.  There goes our bottom line this year.  Don't our customers realize what is going on in the world?  There is a pandemic and finding employees is almost impossible!

So, you do what you are good at, you call HR, put out an ad, let's find someone.  Purchasing, get a quote on ISO 9001, and order plenty of notepads and binders.  Then, you talk to your leadership group, let them know what happened, and announce we going to get certified to ISO 9001, oh my.  Great, you are on your way, on the certification path.  But are you?

Read more: Lions & Tigers & Bears Oh My!

2nd GUY training ISO 9001

Reducing non-conformance in an ISO 9001 Quality Management System (QMS) ensures that an organization consistently meets customer and regulatory requirements. Non-conformance is a deviation from a specified process, standard, or customer requirement. Here are three practical ways to reduce non-conformance in an ISO 9001 management system:

1. Enhanced Training & Competence Development:


Regular Training: Conduct training sessions for employees to ensure they know the latest quality standards, processes, and best practices. Provide training on the importance of quality, the specifics of ISO 9001, and the details of internal processes and procedures. The ISO-related training can be completed in-person or online (see https://Ingentius.com for online training programs).

Competence Assessment: Regularly assess the competence of employees to perform their designated tasks. Identify skill gaps and provide targeted training to address these gaps. The assessments must be documented and communicated during an audit or certification.

Awareness Programs: Develop programs to enhance awareness about the importance of quality and the implications of non-conformance. Awareness can help in creating a quality-centric culture within the organization.

Read more: Three ways to reduce non-conformance...

It is critical for an organization's Quality Management System to have trained Internal Auditors.  One of the ISO 9001 Standard's clause (i.e. 7.2 Competence) requires that the organization prove with Objective Evidence that the auditors are trained.

Ingentius and ASR have been working together to provide training courses for ISO 9001 Internal Auditors and other ISO standards.
Read more: ISO 9001 Internal Auditor Training

shipping terminal 1In ISO 9001:2015, the standard provides guidelines for controlling externally provided processes, products, and services in Section 8.4, titled "Control of Externally Provided Processes, Products, and Services." Here are some issues and suggestions to effectively control external resources and stay in compliance with ISO 9001:

  1. Define Requirements:

Identify and document the specific requirements for externally provided resources. These requirements can come from customers, regulatory authorities, or your organization's internal standards and procedures.

  1. Supplier Evaluation and Selection:

Evaluate and select suppliers and service providers based on their ability to meet your requirements. You should communicate the requirements to the supplier before acquisition. Consider their track record, capabilities, financial stability, conduct, failure to follow statutory or regulatory requirements, over-billing, and reputation (negative news reports).

  1. Establish Supplier Controls:

Implement controls to ensure that suppliers and service providers meet your requirements. This can include contractual agreements, service level agreements (SLAs), and quality specifications.

  1. Document Procedures:

Document your procedures for controlling these external resources. These procedures should outline how you will monitor and manage your suppliers and service providers.

  1. Communication:

Communicate your requirements clearly to your suppliers and service providers. Ensure that they understand your expectations and any relevant quality standards.

  1. Monitoring and Measurement:

Regularly monitor and measure the performance of your suppliers and service providers against the established criteria. This may include conducting audits, inspections, or performance reviews. Again, communication is critical.

  1. Corrective Actions:

Take corrective actions if suppliers or service providers do not meet your requirements. This may involve addressing non-conformities, implementing preventive actions, or changing suppliers.

  1. Records:

Maintain records of supplier evaluations, performance reviews, and any actions taken to address non-conformities or improve performance. These records are essential for demonstrating compliance with ISO 9001.

  1. Continual Improvement:

Continually review and improve your processes for controlling external resources. Use feedback from performance monitoring and customer feedback to drive improvements.

  1. Risk Management:

Consider the risks associated with externally provided processes, products, and services. Develop strategies to mitigate these risks and ensure your supply chain remains resilient.

  1. Auditing:

Include the control of external resources as part of your internal audit program, verifying compliance with ISO 9001.

  1. Training and Awareness:

Ensure that your employees are aware of their roles with Clause. Provide training as needed.

  1. Customer Satisfaction:

Monitor customer satisfaction related to externally provided processes, products, and services. Use this feedback to drive improvements and address any issues promptly.

By following these steps and integrating them into your organization's quality management system, you can effectively control external per ISO 9001 and consistently deliver quality products and services to your customers.

By Rand Winters, ASR Senior Auditor

Last year, ASR focused a newsletter article on audit effectiveness and reducing potential risk. This month we address effectiveness of the audit checklist.

In the old QMS days, internal auditors planned their audit around a list of standard questions used again and again. That all changed when standard writers created the process-based quality management system.

Organizations adapted to process-based audits developing relevant questions for each internal audit. Recently, I am beginning to see a slow move away from specific internal audit questions and a return to generic questions.
Read more: Effective Checklists

quality manager

Monitoring and measuring resources is critical to the ISO 9001 Quality Management System (QMS) standard. When organizations seek to implement ISO 9001 requirements related to these resources, they ensure the necessary equipment and systems are in place to produce consistent, high-quality products and services.

To implement ISO 9001 requirements for monitoring and measuring resources, follow these steps:

  1. Determine What Needs to be Monitored and Measured:
    1. Identify processes, products, and services that need Monitoring and measurement to ensure conformity and effective performance.
    2. Look at past performance data, customer feedback, and the nature of the processes to make these determinations.
  2. Select Appropriate Equipment/Tools:
    1. Depending on what's being monitored or measured, determine if you need tools like calipers, gauges, software, etc.
    2. Ensure the selected equipment/tools are appropriate for the precision and accuracy required.
  1. Calibrate Equipment:
    1. Calibration ensures that measurement equipment provides accurate and consistent results.
    2. Maintain calibration records, including calibration dates, results, and next calibration due dates.
    3. Use recognized calibration standards where applicable.
  1. Train Staff:
    1. Ensure that individuals using the Monitoring and measuring equipment are trained adequately. They should understand the importance of their actions and know how to operate the equipment correctly.
  1. Maintain Equipment:
    1. Regular maintenance helps prevent inaccuracies or malfunctions.
    2. Develop and adhere to a maintenance schedule and keep records of any maintenance activities.
  1. Establish Monitoring and Measuring Procedures:
    1. Document the methods or procedures used for monitoring and measuring activities.
    2. Procedures should cover frequency, methods, when and how data is analyzed, who is responsible, and how results are reported.
  1. Analyze and Use the Data:
    1. Regularly review the data from monitoring and measurement activities.
    2. Determine if processes are effective and if products/services meet requirements.
    3. Look for trends or anomalies that could indicate potential issues.
  1. Take Corrective Action:
    1. If Monitoring and measuring activities reveal non-conformities or potential problems, take corrective action.
    2. Ensure the effectiveness of the corrective actions by re-monitoring and re-measuring.
  1. Continuous Improvement:
    1. Use Monitoring and measuring data as input for the management review process and for identifying opportunities for continual improvement.
  1. Document and Record:
    1. Maintain records of Monitoring and measuring activities, equipment calibration, and maintenance. This provides traceability and evidence for internal and external audits.
  1. Review and Update:
    1. Periodically review and revise your Monitoring and measuring processes to ensure they remain effective, especially if there are changes in products, services, or processes.
  1. Engage Top Management:
    1. Top management should be informed about the importance of monitoring and measuring resources. Their support can ensure that sufficient resources (like budget and personnel) are allocated to these activities.

Implementing these requirements will help ensure consistent product/service quality, improve processes, and increase customer satisfaction. Remember, the goal isn't just to comply with the standard but to use it to improve organizational performance.

ASR is continuing its practice of sharing with clients the most frequent sections of the following standards found to be nonconforming by ASR auditors.

ISO 9001:2015 - Most Frequent Nonconformance’s:

9.2 Internal Auditing

- process not fully effective
- all sections (processes) not audited
- some records of audits missing
- not all auditors competent nor had proper training
- no records audit program met requirements of standard
- internal audit procedure not followed
Read more: ISO 9001 First Quarter 2019...

ISO 9001 Building LeadershipImplementing good leadership and commitment is a crucial aspect of the ISO 9001 standard. As per the 2015 version, the leadership and commitment clause emphasizes the role of top management in demonstrating leadership, commitment, and direct involvement in the quality management system (QMS). Here is a guide to implementing these principles effectively:

1. Define Quality Policy and Objectives

  • Align with Business Strategy: Ensure the quality policy and objectives align with the organization's business strategy, mission, and vision.
  • Communicate: Ensure the quality policy is communicated and understood at all levels of the organization.

2. Engage and Empower Employees

  • Inclusive Culture: Foster a culture where employees at all levels feel their input is valued and considered.
  • Training and Development: Provide ongoing training to ensure everyone understands their role in the QMS.
Read more: How best to implement good leadership...

Rand E. Winters - Senior ASR Auditor

As ASR clients begin their surveillance or recertification audit to the 2015 version of ISO 9001, top management and quality leaders may find it helpful to know what 2015 NC's have been written by ASR auditors during May and June 2017.

What is interesting - of the NC's found, only 1% were written against risk – a new topic for 2015. Remaining NC's were old issues including training, document control, management review, and internal audits.

Below is a list of NC findings. Highlighted findings are requirements that organizations that did not include in their revised 2015 quality management system.
Read more: Heads-up - ISO 9001:2015...

The goal of Risk Based Thinking is to reduce or eliminate nonconformities.  To meet this goal, an organization must address each process in terms of risks.  The organization must take into account risks during every planning activity.  The risks should be documented, and actions should be taken to prevent or prevent them.

On a positive note, planning for risks may be viewed as “looking for opportunities.”

Under clause 6.1 (Planning)

Clause 4.4.1 f) explicitly states, “address the risks and opportunities as determined in accordance with the requirements 6.1”  While 6.1 states,

6.1 Actions to address risks and opportunities
Read more: 2nd in the series - Risk Based Thinking

Because the new ISO 9001:2015 standard has major additions and changes to the clauses, ASR has put together a 33 page document on a clause by clause basis.

This document is a matrix showing the ISO 9001:2015 clause, the related ISO 9001:2008 clause and a commentary section.

This is a very useful document to help you prepare your organization for the transition to the new standard.

Download the pdfCorrelation Matrix Here.

ASR Swoop Training

Sign Up for Our Newsletter

Client Testimonials

We look forward to ASR audits - Really

It is always a pleasure having Jim audit our system. We look forward to his audits and want to show him improvement. He handles situations in a way that is very positive, even when we need to correct or improve something.

Overall a very good experience. 


Ted Gehan
Warmington Industries Inc.

Teamwork & our clients

I would like to express our appreciation for the efforts ASR staff made to assist us in achieving our upgrade. You are a great team to work with. 

Gregg DeVaux
Aeroacoustic Corp.