Quality policy

[Jen Kirley]

I think it is rare for a CB auditor to pick apart the Quality Policy. Why might that be? (suggestions - could be more than one)

• The auditor confirms the Policy has the required substance and is managed as required by the standard, and ends there out of deference to what the client wants to say in their Policy.
• The CB auditor chooses to focus on operational effectiveness, which is easier to audit than the organizational leadership's statement in the Policy.
• The standard does not specify the requirements of the Policy's contents with the perceived required granularity as per the view of the CB auditor.

I think that a discussion of the Policy's contents would be secondary to my regular review of QMS effectiveness. I would consider the Policy's wording to be a great discussion to have with the management, but as I mentally review my clients I think it would come far down stream from the efforts we made to make the QMS more conforming and effective in its execution.

 

[Jim Wynne]

The whole idea was that the quality policy would be established by "top management" and everything else would flow down from it. It wasn't long before people at comparatively low levels of organizations were writing the policy, perhaps without top management being significantly aware of it and what it said. This was largely ignored by CB auditors who only looked to see if there was one that complied with the vague requirements of the standard, and that people were aware of its existence.

The number of times that auditors have held top management's feet to the proverbial fire is vanishingly small. So small, in fact, that no one pays much attention to the poorly conceived and poorly written policy statements anymore. The horse is out of the barn and way down the road, and now we're talking about closing the barn door. It ain't gonna happen, and that particular horse is gone for good. Bringing it up now, at this very late date, brings Shakespeare and Macbeth to mind: "It is a tale told by an idiot, full of sound and fury, signifying nothing."

 

[Randy]

The whole idea was that the quality policy would be established by "top management" and everything else would flow down from it. It wasn't long before people at comparatively low levels of organizations were writing the policy, perhaps without top management being significantly aware of it and what it said. This was largely ignored by CB auditors who only looked to see if there was one that complied with the vague requirements of the standard, and that people were aware of its existence.

The number of times that auditors have held top management's feet to the proverbial fire is vanishingly small. So small, in fact, that no one pays much attention to the poorly conceived and poorly written policy statements anymore. The horse is out of the barn and way down the road, and now we're talking about closing the barn door. It ain't gonna happen, and that particular horse is gone for good. Bringing it up now, at this very late date, brings Shakespeare and Macbeth to mind: "It is a tale told by an idiot, full of sound and fury, signifying nothing."

You mean I wasted my time and theirs this week when I asked about the changes to their policy and why?

 

[Jim Wynne]

You mean I wasted my time and theirs this week when I asked about the changes to their policy and why?

You made these queries based on what requirements?

 

[Randy]

You made these queries based on what requirements?

Because they changed their policy and changes are required to be asked about and reviewed. Before you ask there are 2 relatively unimportant organizations that require this....... The ISO itself, and ANAB. Oh yeah, changes to the "System" are required to be reviewed and approved internally (I have to look at that) and the Internal Audit has to look at changes and I have to audit that was well. The Policy is also a system document and as such it needs to be reviewed for appropriateness and I have to look at that too. But one who's so experienced should know all this.

 

[Jim Wynne]

Because they changed their policy and changes are required to be asked about and reviewed. Before you ask there are 2 relatively unimportant organizations that require this....... The ISO itself, and ANAB. Oh yeah, changes to the "System" are required to be reviewed and approved internally (I have to look at that) and the Internal Audit has to look at changes and I have to audit that was well. The Policy is also a system document and as such it needs to be reviewed for appropriateness and I have to look at that too. But one who's so experienced should know all this.

All of that is obvious and says nothing about the substance of the policy. For example, how would you go about verifying that people are "striving" to do things? How can you verify that the organization is committed to providing quality products and delivering them on time? What happens when they don't? The vast majority of quality policies are just an amalgam of unverifiable motherhood statements.

 

[Randy]

All of that is obvious and says nothing about the substance of the policy. For example, how would you go about verifying that people are "striving" to do things? How can you verify that the organization is committed to providing quality products and delivering them on time? What happens when they don't? The vast majority of quality policies are just an amalgam of unverifiable motherhood statements.

If being an "expert" in the subject denies you understanding, then spending more time on it might be wasted because I'm obviously outclassed and lacking. Thanks

 

[Jim Wynne]

If being an "expert" in the subject denies you understanding, then spending more time on it might be wasted because I'm obviously outclassed and lacking. Thanks

Doesn't exactly answer the question, but thanks anyway.

 

[Kronos147]

Just out of curiosity, has anyone actually changed the quality policy once it is "Published"? If yes, why?

I used to audit ISO9001 for a registrar (up until 2022). In one audit, I had the company owner show me a new quality policy as I was starting the opening meeting. As it was an uncontrolled document, I cited a minor non-conformance before I concluded the opening meeting. It did put some context into the discussion of major vs. minor, though.

Also, I had more than one finding for control of documented info when I saw multiple revisions of a quality policy posted in the facility.

 

[Randy]

Also, I had more than one finding for control of documented info when I saw multiple revisions of a quality policy posted in the facility

But why, according to one of the resident experts the words don't really matter, they're just fluff and buzzwords anyway, so what if they're different? No big deal I guess.