Writing any type of policy can be difficult the first time. I bet a lot of people have googled "Quality Policy" and used somebody else's as "inspiration" (also known as copy, change company name, paste).
Writing a policy doesn't have to be difficult and ISO9001 at least gives you some fairly firm guidelines as to what the policy requires (see below).
Top management shall ensure that the quality policy
a) is appropriate to the purpose of the organization,
b) includes a commitment to comply with requirements and continually improve the effectiveness of the quality
management system,
c) provides a framework for establishing and reviewing quality objectives,
d) is communicated and understood within the organization, and
e) is reviewed for continuing suitability.
If we break it down into its individual parts it can actually be pretty easy. There are only 2 things that it has to have, a commitment to requirements and continual improvement and a framework for quality objectives. The rest is up to you to make it appropriate to your business and your goals.
Lets look at requirement A. What does your business do? what do you sell? Who is your target audience? What are your goals? A discussion with Top Management will uncover this information pretty quickly.
Requirement B is even more simple, you can literally copy that sentence word for word from the standard and include it in your policy. It is up to you if you want to elaborate on it further.
Requirement C is actually the most difficult part of the policy and many people do it poorly. What you are doing here is establishing a "framework" not just telling the reader what your objectives are. You want to say how you will establish your objectives, what you are basing those decisions on an how you will review them.
As an example, say we are writing a quality policy for an smash repair business. You could say that you have set objectives for customer satisfaction, paint faults in final inspection and turnaround time. You could then elaborate on why these are the chosen objectives, how they are benchmarked, how you have set KPI's and how often it will be reviewed (frequency and method).
Requirement D can be difficult if you have a large business with people spread far and wide, the important thing is demonstrating that you have communicated it and showing evidence that it is understood. Auditors will sometimes ask your staff questions about the policy to see if it has been effectively communicated.
Requirement E is fairly straightforward, you can set your own requirements for review of the policy as long as it shows that it has been reviewed for continuing suitability.
As a final side note, your CEO/MD etc DOES NOT HAVE TO SIGN THE POLICY. There is nowhere in the standard that says the policy has to be signed by top management. Some auditors will say that you have to because they think that you should, not because you're required to. If you don't want it signed, don't sign it.
Hope this is helpful.
No comments:
Post a Comment