SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

How to document roles and responsibilities according to ISO 9001

Advisera Mark Hammar Mark Hammar
February 26, 2018

When implementing ISO 9001:2015, you will want to find a way to document the roles and responsibilities for your Quality Management System (QMS), rather than just having this as verbal information, but what is the best way to do this in your company? There is not just one possible way, but several options that you can pick and choose from to make this work the best within your company.

What are the QMS roles that ISO 9001:2015 identifies as necessary?

As part of the leadership requirements, clause 5.3 is very specific on what QMS responsibilities and authorities need to be assigned by top management.

  • Responsibility for QMS conformance – Someone, or several people, need to ensure that the processes you put in place within your company comply with the requirements of ISO 9001:2015. This is extremely important in the beginning as you plan your processes and put them in place while implementing your QMS, but this responsibility also carries on as you improve and maintain your QMS processes over time. Over time, someone needs to ensure that when you make improvements and changes in your processes, you do not remove elements of the process that are essential to meet the requirements of ISO 9001:2015. For instance, it might be easier to close a corrective action without checking that it was effective, but this is an important requirement of ISO 9001:2015. You don’t need to choose just one person to be responsible for the QMS, but all the responsibilities need to be assigned.
  • Process conformance – Who is going to ensure that your processes give the outputs that they are intended to provide? This is very often done with the assignment of process owners who identify key performance indicators, often called KPIs, that will tell them if the process is working as expected. For more information on KPIs, see this article: How to define Key Performance Indicators for a QMS based on ISO 9001.
  • QMS performance reporting – It is a requirement of the management review to look at the performance of the QMS, but who will gather the information and report on it? This also includes reporting such as posting information for employees to know how well their processes are doing. For more information, see this article on How to implement the Check phase (performance evaluation) in the QMS according to ISO 9001:2015.
  • Promote customer focus – Customer focus is an important part of ISO 9001, and someone needs to be responsible for making sure that everyone understands this importance, as well as how they affect customer satisfaction.
  • QMS integrity during change – This is linked to items 1 and 2. Because you will be improving your processes, you need to make sure that when you make improvement changes, you do not make your QMS non-conformant to ISO 9001:2015 or the intended purpose of the processes. For instance, you might improve one process and in doing so, you might change the data that is needed for a report. However, if this report is critical for the performance of another process, then you have degraded the integrity of the QMS.


How can you document the QMS roles and responsibilities?

The above responsibilities for your QMS roles need not only to be assigned, but also communicated and understood in your company, so how do you make this happen?

One of the easiest ways to ensure this is to document the roles and responsibilities and ensure that everyone understands the information that is written. That way, they would know what responsibilities they have in the QMS. However, this still leaves the question on how to document. When you are making this decision, here are a few methods that you can consider when judging which way is best for your company:

ISO 9001 roles and responsibilities – How to document them

  1. Consolidated documentation – One way to satisfy the requirement is to have one document for roles and responsibilities, which includes all of the QMS roles, responsibilities, and authorities, as well as who is responsible for these within your organization. This way, when someone has a question about who to call for a specific piece of information, they only have one document to turn to. This method is very good for documenting the top-level roles and responsibilities within your organization, such as the process owners for each of your processes.
  2. Dispersed documentation – With this method, you put the roles and responsibilities into each document that you have for your processes. I believe that this is one of the best methods, because if someone is reading the procedure to find out what needs to be done, they can easily see what their role and responsibility is within the process, as well as who else has responsibilities that need to be met. For day-to-day process operation, this makes it easier for people to know what they need to do, and makes review of a process document easy.
  3. Documented training materials – Of course, not every process needs to be documented, so when this is the case you will often have documented training material that is used to instruct employees on how to do the job, and also provides a place to refresh their memories if they have a question. This is also a good place to record the QMS roles and responsibilities for a process.

One note on these methods – you may want to use more than one, or even all of them. For instance, you may want to have one document that records the main responsibilities for the QMS within your organization, so people have one place to go for QMS information when they have questions. You may also include the QMS responsibilities within your process documentation that pertain to that process. Finally, you may include these roles within your process training information where you do not have a process document. One important thing to remember if you are using multiple methods is that it’s a bad idea to duplicate information. When you do this, there is a fairly good chance that as documents are updated, they will not remain consistent, which becomes a problem.

Whom do people call? This is the key question

There is, of course, one reason that you want this information documented; if someone needs to know whom to call, it is helpful to have a place to look. You have identified the roles and responsibilities that are necessary for the successful running of your QMS, and in order for these decisions to be effective, the responsibilities need to be not only planned, but also communicated. By ensuring this adequate communication you can better ensure that the roles and responsibilities for your QMS will be successfully completed as planned.

To better understand all of the new requirements for ISO 9001:2015, check out this white paper: Clause-by-clause explanation of ISO 9001:2015.

Advisera Mark Hammar
Author
Mark Hammar
Mark Hammar is a Certified Manager of Quality / Organizational Excellence through the American Society for Quality and has been a Quality Professional since 1994. Mark has experience in auditing, improving processes, and writing procedures for Quality, Environmental, and Occupational Health & Safety Management Systems, and is certified as a Lead Auditor for ISO 9001, AS9100, and ISO 14001.
Tags: #ISO 9001, #QMS roles, #responsibilities
PREVIOUS POST How does ISO 9001 property clause 8.5.3 reflect on software?
NEXT POST 4 crucial techniques to convince your top management about ISO 9001 implementation

Upcoming free webinar

Advisera Carlos Pereira da Cruz
Presenter
Carlos Pereira da Cruz
How to Perform an ISO Internal Audit
Thursday – May 2, 2024
Register now

Suggested reading

First-, Second- & Third-Party Audits, what are the differences?
by Mark Hammar
How to define Key Performance Indicators for a QMS based on ISO 9001
by Mark Hammar
How can ISO 9001 help aerospace and defense companies?
by Mark Hammar