Writing and Implementing a Quality Policy for ISO 9001
ISO 9001 Clause 5.2
This clause requires top management to establish, implement and maintain a documented quality policy and communicate it within the organisation.
What Does ISO 9001 Clause 5.2 Require?
Clause 5.2 of ISO 9001:2015 requires top management to establish a quality policy that meets a set of requirements, and to ensure it is communicated and available. The clause is split into two parts: Clause 5.2.1 covers what the policy must contain, and Clause 5.2.2 covers how it must be communicated and made available.
ISO 9001 Clause 5.2.1 - What the Quality Policy Must Include
The quality policy must be appropriate to the purpose and context of the organisation, and must support its strategic direction. It must provide a framework for setting quality objectives, include a commitment to satisfying applicable requirements, and include a commitment to continually improving the quality management system.
The standard does not prescribe the exact wording or format - these four elements need to be present, but how they are expressed is up to the organisation. A short, clear policy that genuinely reflects how the business approaches quality is more useful than a lengthy document filled with generic statements.
ISO 9001 Clause 5.2.2 - Communicating the Quality Policy
Once established, the quality policy must be available as documented information, communicated and understood within the organisation, and available to relevant interested parties as appropriate. In practice this means staff should be aware of the policy and understand what it means for their work, and the policy should be accessible to customers or other stakeholders who need to see it.
Many organisations publish the quality policy on their website or include it in customer packs. Internally, it is commonly displayed in the workplace, included in induction materials, or made available on a shared drive or intranet. The standard does not specify how it is communicated - only that it is.
Does the Quality Policy Need to Be Signed?
The standard does not require the quality policy to be signed or formally approved by top management - the requirement is that top management establishes it and ensures it is implemented. That said, many auditors expect some form of approval to be visible, particularly from older interpretations of the standard. Where organisations use electronic documents, a formal signature is often not practical. Treating approval as good practice rather than a strict requirement is a reasonable approach, but it is worth checking what your certification body expects.
When I'm auditing against Clause 5.2, the first thing I check is that all four required elements are present in the policy - appropriate to context, framework for objectives, commitment to requirements, commitment to improvement. I'll also ask members of staff whether they are aware of the quality policy and what it means for their role. A policy that exists as a framed document in the reception area but that nobody has read doesn't satisfy the communication requirement. I also look for some indication that top management has approved the policy, though I'm aware the standard doesn't explicitly require a signature - particularly with electronic documents becoming the norm.
The most common issue I see with quality policies is that organisations use a generic template and don't adapt it to reflect their actual business. The policy needs to be appropriate to the context and strategic direction of the organisation - a two-person consultancy and a 500-person manufacturer should have very different policies. Using the alphaZ P-1 Quality Policy template as a starting point is sensible, but it needs to be reviewed and tailored to reflect what the business actually does and how it approaches quality. Once it is in place, an annual review to check it remains current is good practice.
Use a compliant template, adjust it to reflect your organisation's activities and how you approach quality, get it approved by whoever's in charge, and make sure your staff know it exists. Then review it once a year at your management review to check it still makes sense. That's it.
Practical Compliance Guidance
To comply with Clause 5.2, you need a documented quality policy that contains the four required elements, has been established by top management, is understood by staff, and is available to interested parties as appropriate.
The alphaZ P-1 Quality Policy template provides a compliant starting point that covers all required elements. It can be adapted to reflect the organisation's specific context and strategic direction, and should be reviewed at least annually to ensure it remains current.
| alphaZ document | How it supports Clause 5.2 |
|---|---|
| ISO 9001 Management System Toolkit | The complete toolkit for implementing an ISO 9001 compliant management system. Includes the quality policy template, IMS1 manual and all supporting documents. |
| P-1 Quality Policy | A compliant quality policy template covering all four required elements of Clause 5.2.1. Adapt to reflect your organisation's context and strategic direction. |
| IMS1 Integrated Management System Manual | Provides the framework within which the quality policy sits, linking it to objectives and the overall management system structure. |
Note - all the above files can be downloaded with an alphaZ subscription
