\n\n","wordCount":2244,"timeToRead":"PT6M","keywords":["iso 9001 clause 5","iso 9001 leadership","quality policy iso 9001","top management iso 9001","industria","blog","RAG","IA","inteligencia artificial"]}
Industry

ISO 9001 Clause 5: leadership and quality policy — what auditors check

IgeraIndustria Quality Team
July 7, 2026
6 min read
Senior leadership team in board meeting reviewing quality policy and ISO 9001 management responsibilities

IgeraIndustria Quality Team  ·  Updated 2026-07-07  ·  6 min read

Part 3 of the ISO 9001:2015 Step by Step series  ·  ← Article 2: Clause 4

What Clause 5 requires

ISO 9001:2015 Clause 5 places accountability for the QMS squarely on top management — defined as the person or group of people who direct and control an organisation at the highest level. It has three sub-clauses: 5.1 (leadership and commitment), 5.2 (policy), and 5.3 (organisational roles, responsibilities, and authorities). Unlike ISO 9001:2008, the 2015 version does not allow top management to fully delegate QMS responsibility to a quality manager or management representative.

The shift from delegation to direct accountability is the most significant cultural change in the 2015 revision. In practice, it means the CEO, Managing Director, or Board cannot simply sign a quality policy and walk away. Auditors now routinely interview top management directly and ask pointed questions about how quality is integrated into business strategy, how quality objectives are set, and how the leadership team personally reviews QMS performance.

5.1 What top management must do — 8 evidences with examples

Clause 5.1.1 lists specific actions that demonstrate top management leadership. Clause 5.1.2 focuses on customer focus — ensuring that customer requirements and applicable statutory/regulatory requirements are determined and met. Here are the 8 evidences auditors look for, with practical examples of what each looks like in a UK manufacturing context:

# Requirement (5.1.1) Practical evidence
1 Accountability for QMS effectiveness MD chairs management review meetings; signed management review minutes on file
2 Quality policy and objectives aligned to context and strategic direction Board agenda item showing quality objectives reviewed alongside financial KPIs quarterly
3 Process approach integrated into business processes QMS process map approved by top management; linked to business plan
4 Risk-based thinking promoted Risk register reviewed at management review; top management can explain the top 3 quality risks
5 Resources for the QMS available Budget sign-off for quality department, calibration, training, and audit programme
6 Importance of effective QMS and conformance communicated All-hands briefings with quality performance data; quality policy displayed at all sites including remote workers
7 Achievement of intended results Quality objectives with measurable targets; progress reviewed monthly at operations meetings
8 Continual improvement promoted Improvement ideas log; top management sponsor for at least one improvement project per year

UK Board-level accountability note: In UK companies limited by shares, the Board of Directors collectively constitutes "top management" under ISO 9001. In practice, audit interviews typically target the CEO or MD. If the CEO cannot articulate the quality policy, explain how objectives are reviewed, or describe recent management review outputs, this is strong evidence of insufficient leadership commitment and may generate a major nonconformity even if all documentation is in order.

5.2 Writing a quality policy that isn't just a wall poster

ISO 9001:2015 Clause 5.2 requires the quality policy to: be appropriate to the purpose and context of the organisation and support its strategic direction; provide a framework for setting quality objectives; include a commitment to satisfying applicable requirements; include a commitment to continual improvement of the QMS. It must be maintained as documented information, communicated within the organisation, and available to relevant interested parties.

The quality policy is one of the first documents an auditor reads. A generic policy that could belong to any company in any sector is a red flag. Compare these two examples:

Weak quality policy (fails on context and strategic alignment)

"We are committed to providing our customers with the highest quality products and services. We comply with all applicable requirements and continually improve our quality management system."

This policy could belong to a law firm, a car wash, or a satellite manufacturer. It says nothing about what the company does, who its customers are, or what quality means in their specific context.

Strong quality policy (context-specific, audit-ready)

"Meridian Precision Components Ltd manufactures safety-critical aluminium and titanium components for the UK defence and aerospace sector. Our quality commitment is to deliver zero-defect components on time, every time, by operating a QMS that satisfies ISO 9001:2015 and AS9100 Rev D requirements, meeting the customer-specific requirements of our prime contractor customers, and continually improving our processes through data-driven root cause analysis. Our Managing Director reviews quality objectives against business performance quarterly and is personally accountable for QMS effectiveness."

Communication to remote workers: Post-pandemic hybrid and remote working is now common in UK manufacturing support functions (quality engineers, procurement, design). The quality policy must be accessible and communicated to all employees, including remote workers. A shared intranet page, mandatory onboarding briefing confirmation, and annual awareness check are the standard evidence trail. Paper wall posters alone do not demonstrate awareness for a workforce that rarely visits a physical site.

5.3 Roles and responsibilities — the RACI matrix template

Clause 5.3 requires top management to ensure that responsibilities and authorities for QMS-relevant roles are assigned, communicated, and understood. There is no requirement for specific job titles — what matters is that someone owns each critical QMS function and that ownership is documented and known.

A RACI matrix (Responsible, Accountable, Consulted, Informed) is an effective way to document QMS role assignments. The minimum set of QMS functions that must be covered:

QMS function Accountable (A) Responsible (R) Clause ref.
QMS overall effectiveness Managing Director Quality Manager 5.1.1
Quality policy maintenance Managing Director Quality Manager 5.2
Customer requirements determination Sales Director Account Managers 5.1.2
Internal audit programme Quality Manager Lead Internal Auditor 9.2
Nonconformity and corrective action Quality Manager Process owners 10.2
Management review Managing Director Quality Manager (organises) 9.3

// IgeraIndustria RAG demo — Clause 5 audit prep query

Quality Manager: What evidence do we have of top management leadership commitment under Clause 5.1 for the upcoming Stage 2 audit?

IgeraIndustria: Your documented evidence for Clause 5.1 includes: (1) Management Review minutes for 3 meetings in 2026 (MR-2026-01, MR-2026-02, MR-2026-03) — all signed by MD Sarah Chen, covering quality performance, objectives status, and resource decisions; (2) MD signed quality policy QP-001 Rev 5 (2026-01-08); (3) Board meeting minutes from Q1 2026 showing quality KPIs on the agenda (BOD-2026-Q1); (4) Training records showing MD completed "Leadership in ISO 9001" module (TR-MGMT-2026-04); (5) Capital approval form for new CMM equipment signed by MD (CAPEX-2026-007). Gap identified: no evidence of MD communicating quality importance to workforce since the January policy update — recommend scheduling an all-hands briefing before the September audit.

Frequently asked questions

Does ISO 9001:2015 require a Management Representative (MR)?

No. The 2015 version removed the mandatory management representative role that existed in ISO 9001:2008. Top management must now personally demonstrate leadership accountability — they cannot fully delegate QMS responsibility to an MR. Many organisations still appoint a quality manager or head of quality to coordinate QMS activities, but this person reports to top management rather than acting as a proxy for leadership accountability.

Can the quality policy be confidential — or must it be public?

The quality policy must be available to relevant interested parties, which includes customers and certification bodies but does not require public publication. Most organisations make it available on their website and intranet. The more important requirement is internal communication — every employee must be aware of the quality policy and understand its relevance to their role, evidenced by training records or signed acknowledgements.

What happens if top management is unavailable during the certification audit?

The certification body will typically require at least one top management interview as part of the Stage 2 audit to verify Clause 5.1 commitment. If the MD or CEO is genuinely unavailable, a suitably authorised deputy (e.g., Operations Director) may be acceptable, but the auditor will want to confirm that this person has delegated authority and genuine knowledge of QMS performance. Scheduling the audit when top management is available is strongly advisable.

How often must the quality policy be reviewed?

There is no mandated review frequency. The policy must remain appropriate to the organisation's context and strategic direction, so it should be reviewed whenever there is a significant change in business direction, market, ownership, or regulatory environment. Management review (Clause 9.3) provides a natural trigger — reviewing the quality policy should be a standing agenda item.

What is the difference between "responsibility" and "authority" in Clause 5.3?

Responsibility is the obligation to perform a task. Authority is the power to make decisions and take action. For QMS roles, both must be assigned — it is insufficient to make someone responsible for nonconformity management if they do not have the authority to stop production or reject non-compliant parts. This distinction is particularly important for quality engineers in production environments where line managers may resist quality holds.

What should a top management interview with an ISO 9001 auditor cover?

Auditors typically ask top management: to explain the quality policy in their own words; to describe the top two or three quality objectives and current performance; to explain how quality risks are managed at a strategic level; to describe any significant quality issues in the past 12 months and how they were resolved; to confirm resources committed to the QMS in the current year. Preparation matters — IgeraIndustria can generate a personalised audit briefing document from your QMS records in minutes.

Preparing top management for their ISO 9001 audit interview? IgeraIndustria generates audit briefings from your QMS documentation automatically.

See IgeraIndustria in action

Article reviewed by IgeraIndustria Quality Team, updated 2026-07-07. References: ISO 9001:2015 Clause 5; ISO/TC 176/SC 2 guidance on leadership; UK Corporate Governance Code 2024.

#iso 9001 clause 5#iso 9001 leadership#quality policy iso 9001#top management iso 9001

COMPARTIR

Comparte el conocimiento con tu red