Leadership in ISO 9001
The ISO standard Leadership section (Clause 5.0) is all about the specific ISO 9001 leadership principles and requirements that your organization’s top management or leadership must fulfill. Some of the requirements spell out very tangible tasks and activities while others are a little more intangible. These include:
- General Leadership and Commitment,
- Customer Focus,
- Establishing and Communicating the Quality Policy,
- Organizational Roles, Responsibilities, and Authorities.
While some of the Leadership requirements are satisfied through other ISO 9001 requirements and processes, top management must still be knowledgeable about these requirements and the actions they must take to satisfy them. Every member of the leadership team should be able to intimately discuss each clause and demonstrate how they influence, impact, and satisfy each requirement and the associated management system processes and results.
Leading from The Top
True ownership and accountability of the ISO 9001 management system resides at the top of the organization. If this ownership is authentic and visible throughout the organization at all levels, this will show through in every aspect of the management system and company performance. Unfortunately, the opposite is also true. The chief executive should not delegate these responsibilities unless it is the right thing to do and even then, they must maintain appropriate levels of oversight and involvement. Also, be sure to document key communication actions, especially in the absence of formal processes.
The chief executive along with top management (leadership team) should be intimately knowledgeable and directly engaged with the operation of the organization, the management system, and overall performance of both. This includes not only the tangible aspects of the company and management system, but maybe more importantly, the underlying culture that permeates and effects everything the company does. The ISO 9001 leadership principles and requirements ensure that the management team is focused on the important aspects of the management system and that they establish a culture that focuses and embraces the right things such as business and system processes, risk management, organizational performance, and customer satisfaction. Note that while we often refer to the leadership “team” throughout this article, it is the chief or top executive, or highest-ranking office of the organization or facility defined in the ISO 9001 certification scope, that ultimately bears full responsibility and accountability for the effectiveness and performance of the management system. This is the single person or position that auditors will look to and interview to ensure that the ISO 9001 leadership principles are being met and satisfied. This is also the person that they will target when the management system appears to be out of compliance or ineffective in achieving desired results.
ISO 9001 Leadership Principles and Requirements
ISO 9001 increased the number of requirements focused on leadership from four in the 2008 revision of the standard to eleven in the 2015 revision. The intent was to diminish the practice of top management delegating responsibility for the management system down to Quality and other functions. To further reinforce this change, they also eliminated the previous requirement to appoint the “Management Representative” position. This doesn’t mean that you can’t create some type of Quality function, in fact we recommend it, but it helps to enhance ISO’s desire to push accountability to the top of the organization. We would also recommend that any Quality function you create report directly to the Chief Executive to maintain a direct line of authority and minimize any potential conflicts of interest throughout the organization.
The spirit of the requirements in section 5 is that the highest-ranking applicable executive within the organization is fully responsible and accountable for the effectiveness, performance, maintenance, improvement, and suitability of the management system and corresponding processes. As such, it is critical that the Chief Executive and the supporting executive leadership team, which is generally comprised of all the top functional managers (VPs, Directors, XOOs, etc.), fully understand and carry out their responsibilities and duties as defined by the ISO 9001 standard.
Let’s take a closer look at the actual ISO 9001 leadership requirements:
5.1.1a – Accountability for the effectiveness of the management system: Top management must take an active role in the management system and is ultimately responsible for the management system effectiveness, compliance, and performance. Active participation in Management Reviews would be one way to demonstrate this. Top management should be knowledgeable about and capable of discussing all these topics in detail while explaining how their leadership facilitates and drives the organizational processes and associated results.
5.1.1b – Ensuring that the quality policy and quality objectives are established for the management system and are compatible with the business context, environment, and strategic direction: The Quality Policy and objectives must align with and support your organization’s strategic plans and direction (Context of the Organization). Ensure that the policy and objectives reflect key aspects of the strategic business plan. Again, top management should be capable of speaking to this in detail.
5.1.1c – Ensuring that the management system requirements are aligned and integrated with the business processes: Organizations are managed through processes and the management system processes must integrate with all business processes. Top management must be capable of showing that ISO 9001 processes are seamless with business processes. ISO 9001 should not appear to be just a “bolt-on accessory” to gain ISO certification.
5.1.1d – Communicating and promoting a culture which sees and operates the organization through processes rather than functions: This is all about the Process Approach which will be discussed in an upcoming article. Top management must demonstrate promotion and support for this principle and ensure that it is adopted throughout the organization. Consider ways to continuously communicate, demonstrate, and integrate the use of the process approach throughout the organization.
5.1.1d – Communicating and promoting a culture which approaches actions, decisions, and issues with a risk-based philosophy: This is another discipline that needs to be integrated into the organization’s culture. It is a new way of thinking about and approaching actions and decisions. Again, consider communication opportunities and ways that employees can use a risk-based approach in their daily work.
5.1.1e – Providing the resources necessary to effectively maintain the management system and execute the business strategies and plans (resource management): Top management must ensure that appropriate resources (facilities, equipment, materials, budgets, knowledge, personnel, etc.) are made available throughout the organization to effectively manage business processes. Resources are generally reviewed and allocated during strategic planning and management review activities.
5.1.1f – Communicating and promoting the importance of effective quality management and the need to conform to the management system requirements: This is all about employee communication and must come from the top of the organization. Don’t delegate this activity to lower level managers, however managers and supervisors can and should reinforce and demonstrate this message. The message must be that “We at the top of the organization believe in ISO 9001 and the associated management system”. This can be demonstrated by:
- Participating in corrective action activities
- Active participation with management review
- Communicating management review & quality objective results
- Active interest in quality objectives, metrics & results
- Positive participation in audits & addressing findings
- Active support to address customer complaints
- Participation with any other management system activity
5.1.1g – Ensuring the management system achieves its intended results: Consider monitoring and tracking of quality objectives, performance metrics, and other key measurables. Also, participation in and evaluation of management review measures and metrics.
5.1.1h – Engaging, directing, and supporting managers and employees to contribute towards the effectiveness of the management system: Define the value and benefits to be realized by your ISO 9001 management system and determine how you will demonstrate that your management system is actually meeting these priorities. This is often accomplished through evaluation of performance against objectives and metrics, and participation in management reviews.
5.1.1i – Communicating and promoting the need for continuous improvement of the management system and the business as a whole: Top management should be aware of and demonstrate support for improvement initiatives within the organization. Even better would be occasional participation and/or leadership with an improvement project or team.
5.1.1j – Encouraging and supporting the executive team and other management personnel to demonstrate leadership where applicable throughout the organization: Top management must show leadership and direct involvement with all persons associated with the ISO 9001 management system. Top management doesn’t have to do all the work, but they must provide oversight, support and direction where appropriate throughout the organization. We recommend that the Quality function report directly to the top of the organization to reflect this and to also eliminate conflicts of interest.
5.1.2a – Ensuring customer and applicable statutory and regulatory requirements are consistently determined, understood, and fulfilled: Consider the various ways your organization touches the customer and/or determines all the different customer needs and expectations associated with your products and services. Satisfying this clause is usually about providing adequate resources for sales order review and management, customer service, customer communication, translating customer orders into production activities, and verifying requirements are properly met. Also ensure that any regulatory or statutory requirements are understood and satisfied (safety, performance, labeling, waste, warranty, financial, etc.).
5.1.2b – Ensuring risk and opportunities that can affect conformity of products and services, along with the ability to enhance customer satisfaction are determined and addressed: Verify that mitigation activities for identified risks are properly resourced and completed. This can be done during strategic planning and/or management review meetings. Ensure that appropriate methods have been established to verify products and services meet requirements along with processes to address any customer feedback or complaints.
5.1.2c – Ensuring a focus on enhancing customer satisfaction is maintained: Establish effective communication channels with customers to obtain performance feedback associated with products and services. Consider how top management will be involved with these activities and disseminating results throughout the organization. Consider how you, as top management, can better instill a customer focus and satisfaction orientation into the company culture.
5.3 – Ensuring responsibilities and authorities for relevant roles are assigned, communicated, and understood: Responsibility is what people do and authority is what they are empowered to do. The requirements in this clause are generally satisfied through human resource activities and documentation such as job descriptions and org charts. Also defining roles and responsibilities within procedures is another great way to satisfy these requirements.
5.3a – Responsibility and authority for ensuring the management system conforms to the ISO standard: This role encompasses quality management activities and is usually someone like the Quality Manager, Director or Quality, etc. but doesn’t need to be. Anyone with the appropriate knowledge and understanding of ISO 9001 and its requirements will do. This person oversees the system performance through measures and metrics, internal audits, and facilitating management reviews.
5.3b – Responsibility and authority for ensuring processes are delivering their intended outputs: Fulfilled by someone who can track, manage, and report measures, metrics, and other management system performance data. Again, this is often filled by the Quality function.
5.3c – Responsibility and authority for reporting management system performance and opportunities for improvement to leadership: A continuation of 5.3b with additional performance data analysis, evaluation, and reporting. Usually the person leading and facilitating management review meetings.
5.3d – Responsibility and authority for ensuring promotion of customer focus: This could be several different functions including Quality, Customer Service, Sales, and other customer facing function. Could also be a member of the leadership team. Duties are usually aligned with customer feedback and complaints, customer-oriented improvements, customer relationships, etc.
5.3e – Responsibility and authority for ensuring the integrity of the management system when changes are implemented: Again, consider a Quality role to ensure that appropriate change management processes are followed when changes are made.
Again, note that we did not cover section 5.2 of the ISO 9001 standard (Quality Policy) as this will be covered in depth in a future article.
How the ISO leadership requirements are interpreted and implement throughout the organization will often directly correlate and align with factors such as the organization’s size and complexity, management style, type of products and services provided, applicable interested parties (stakeholders), and the organizational culture.
The main takeaway here is that top management, and specifically, the chief executive must be engaged with the ISO 9001 management system and take action to fulfill the ISO 9001 Leadership requirements. Since the ISO management system is seamlessly integrated with the business processes and activities, this should be easily accomplished and evident through the organization and to any external stakeholders.