ISO Auditing
What to Know ISO9001 Clause 5.3
Here is what to know about ISO9001 Clause 5.3, Organizational Roles and Responsibilities. This is one of the more interesting clauses of the ISO9001 standard, and one of the clauses we have the most fun with.
Here is a discussion on the nuances of ISO9001 Clause 5.3, Responsibility and Authority.
What to Know ISO9001 Clause 5.3 Organizational Roles and Responsibilities
Requirement: Top management shall ensure that relevant roles and responsibilities are communicated, and understood in the organization.
There is a list of five of these in 5.3 of the standard. Here’s another little table:
| Responsibility | Typical | Conform (Y/N) |
| Ensuring that the QMS meets the requirement of the standard | Top Management | |
| Ensuring that the processes deliver their intended results | Process Owners | |
| Reporting on the Performance of the QMS to Management | Quality Manager | |
| Ensure promotion of Customer Focus | Everybody | |
| Ensuring the integrity of the system if changes were made. | Whoever is in charge of MOC |
In a general way, the organization can capture this information in several places. One of these might be the job description. Another of these might be a memo or workplace posting. Another of these might be as part of indoctrination training.
All you really need to do is define these somewhere in your system.
How not to fail: Organizational Roles and Responsibilities
I usually have fun with the fourth one in the audit, namely who has responsibility to ensure the promotion of customer focus. Most worker-level employees don’t even know what that means.
The main failure mode on this is the idea that this list has to be communicated and understood in the organization.
When I ask for this during an audit, it is pretty typical for the guide to present an organizational chart or something similar, but that doesn’t satisfy the requirement for identifying the above organizational roles, so that launches a digging through of job descriptions to see who in the organization has these roles.
Part of the failure mode is not realizing the communication responsibility. Since this is a communication responsibility, it makes some sense for you to put this in your communication planning somehow.
Roles and Responsibilities
What to Know: ISO9001 Clause 5.3.
Most businesses, especially small ones, make it clear who is in charge of what. There is some tribal knowledge involved. Many times, it’s “the boss” who is in charge of everything.
The intent of this requirement is to take it out of the realm of tribal knowledge and document who is responsible for the requirement
PS: Here is my link to Udemy:
Here is my link to Udemy course, “How Not to Fail at ISO9001”
https://www.udemy.com/course/how-not-to-fail-at-iso9001/learn/lecture/34733460#content
Here’s the link to my Quality Systems Training. You can hire me to give this training in person, complete with questions and answers, and along with a few decades worth of horror stories about product quality, dangerous products, and why people don’t do their jobs.
www.jimshell.com/quality-systems-training/
