4.1. Management Responsibility

4.1.1. Quality policy

Management must define and document its quality policy and objectives to ensure its commitment to quality and to the minimum requirements of ISO 9000. Management must see that this policy is understood and implemented throughout the organization and ensure that:

  • The quality policy is defined and documented
  • The quality policy is relevant to the customer's needs
  • The quality policy is known by everyone in your organization
  • The quality policy is maintained and implemented at all levels in your organization

4.1.2. Organization

This subsection requires you to be able to prove that the template for your organization's quality approach is effective and defines responsibility. The standard calls you to address problems systematically and solve them by attacking the root causes.

Specifically, you must be certain that:

  • You have defined and documented who has responsibility to stop the processing or delivery when a deficiency is detected
  • You have clearly defined who has the authority to identify and record deficiencies, recommend solutions, and verify their correction
  • You have allocated trained resources to conduct verification (audits) of your quality policy
  • A senior member of your organization has been assigned responsibility for the ISO 9000 standard and your organization's compliance, as well reporting its status to the organization

4.1.2.1. Responsibility and authority

An authority must be identified who can manage and verify that work affecting quality is performed as documented by your quality system. This person must have the freedom and authority to ensure the organization addresses and prevents nonconforming activities, maintains records of quality problems, and causes the organization to correct the nonconformities. This individual will later investigate and verify that the solution is succeeded. He or she must also be able to stop the operation or a shipment if required and report it appropriately. Most companies provide an organization chart, with a path from the president down through the line personnel, with designated individuals having specific responsibilities for quality control or quality assurance.

4.1.2.2. Resources

Management must maintain an in-house verification capacity for the primary purpose of conducting an internal audit. Audit personnel must be adequately trained for verification activities (see also 4.17 and 4.18).

Internal auditors will be required to verify that your entire operation conforms to your quality plan, as well as to all the elements of ISO 9000. These audits need to be carried out on a regular basis (at least one per year) to ensure compliance. "Regular" means that your organization should be prepared to be audited by a third party at any given time with a high probability of passing.

The dynamics of your process and common industry practice will dictate the interval of your audits. Audits as described in this section must be carried out by a trained, independent party that is not immediately responsible for the area being audited.

These audits need to carry the appropriate level of documentation. You must prove to the third-party auditors that they were carried out as part of an overall comprehensive plan for the audit of the organization and that they are rigorous in nature (i.e., you will be required to show comment and actions).

4.1.2.3. Management representative

A senior management representative must be designated to ensure that the requirements of ISO 9000 and all other defined standards are established and maintained.

People who are designated as the quality contacts can have multiple functions within your organization; therefore, it is not necessary that they have a strictly quality-related title. However, you need to be careful of the fox-in-the-hen-house syndrome. It is quite possible that your senior production manager within your organization is responsible for total quality in his organization, including the verification and inspection aspects. If so, there needs to be a very strong case made, supported by documented evidence, that this individual is acting impartially and meeting the full intent of the standard. An easy way to define the quality responsibility is to designate quality responsibilities from the president to the assembly line person on your corporate organization chart.

4.1.3. Management review

The management of your organization must regularly review the results of the quality system to determine that it is doing the intended job. This review should be based on measures that include the internal audit data and customer feedback, as well as appropriate incremental quality improvement data indicating the overall effectiveness of your system. You will need to document this review. These reviews should occur regularly or when an indicator reveals an undesirable result. If you have an active quality council, continually upgrading operations, recording these meetings and upgrades will effectively serve this requirement.