When implementing an ISO management system, you should check whether your quality, environmental, health & safety and/or information security policies have been communicated and understood throughout your organisation. The policies must also be available to any relevant interested parties.
If the personnel interviewed do not know what their measurable objectives are and/or do not know what the organisational objectives are that they have a direct impact upon, then you might need to evaluate the communication of your policies and objectives.
Inferred awareness through knowledge of procedures is not considered sufficient - otherwise why have the requirement in the first place? A quick and convenient way to promote and communicate the policy might be to create a shortened version of the main policy - try condensing it to five key words or even a couple of short sentences. This can be posted on bulletin boards, for example.
You could even add it to the reverse side of staff security passes or ID badges. The point is that you need to determine if your policy meets the intent and are understood. The exact content of policies does not need to be recited by individuals, but an awareness of the policies and how their job affects the company objectives is what you’re aiming for.
Organisational roles, responsibilities and authorities
Each employee needs to know who is responsible for the various elements of your management system to ensure a successful implementation. Develop an organisation chart and create job descriptions in order to clearly define roles, responsibilities and authorities and communicate those responsibilities and authorities throughout your organisation.
You should develop and make available to all employees a list of key personnel and their job descriptions, responsibilities, along with an organisational chart of key employees as they relate to your management system. This should effectively define, document, and communicate the organisational structure of the management system.
There is a need to demonstrate that there are identified staff who are responsible for ensuring parts of your management system is being properly taken care of. The sort of actions to think about might include:
• Communication of roles, responsibilities and authority;
• Processes and procedures to fulfil requirements are adequately resourced;
• Awareness of expectations is demonstrated in all relevant levels of the organisation;
• Reporting on the operation (e.g. results of audits and inspections) and performance of the management system (e.g. in business meetings, KPI reviews, etc).
You should ensure that your organisation’s personnel have not only been advised of their management system responsibilities and authorities, but also that they understand these in the context of the overall purpose of the management system. You should also ensure that Top Management have assigned responsibility and authority for preserving the integrity of the organisation’s management system during changes (e.g. developing a new product or service line, moving premises, etc).
If you would like to look at how to implement an ISO 9001 quality management system, then simply contact us.
Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).
Here you'll find the latest blog articles on all things compliance, particularly focussed on quality, environment, health & safety and information security.
Get a completely free, no obligation, totally tailored ISO Gap Analysis for your business...