ISO 9001:2015 Clause 5.3 Organizational roles, responsibilities, and authorities

In this article, I’m going to cover clause 5.3 Organizational roles, responsibilities, and authorities. I’m going to break this clause down and turn it into something you can all understand.  You’ll then be able to apply this to your own organization's system and understand what the requirements will look like for you. 

No more guessing!  

Ok, let’s get started! The overarching or leading statement in this clause is that,

Top Management shall ensure that the responsibilities and authorities for relevant roles are assigned, communicated, and understood within the organization. 

There are those words again ‘Top Management’ – let me remind you who this is. The official definition for top management is the person or group of people who directs and controls an organization at the highest level. I always say that top management is the decision-maker. Depending on the structure and size of the business, top management could be the owners, shareholders, board of directors, general manager, or even a project manager if the scope of the system is down to a project level only. 

Now that we’re clear with who top management is again let’s look back at what this clause says – it says that the responsibilities and authorities for relevant roles are ASSIGNED – so delegated, given to someone who has responsibility for them – COMMUNICATED – so this could mean that these responsibilities and authorities are shared within the organization. Hence, everyone is aware of who is responsible for what. This communication could be part of induction and training, or it could simply be available to view within the business. Then finally this is all to be UNDERSTOOD, so part of this assigning and communicating needs to ensure that not only the person assigned the role but others as well, should understand who is responsible for what. So whatever communication form you use needs to ensure that it is clear and able to be understood. You might see this in position descriptions or organizational charts too. Remember though that this clause doesn’t say ‘you shall maintain position descriptions and organizational charts’ – it just says to assign, communicate and make sure people understand. I’ve just given you an idea of what I normally see out there that businesses put together to meet this requirement – and that is position descriptions and org charts.

Now on top of this general requirement, this clause has 5 specific responsibilities that top management is to assign and give authority to. These specific responsibilities and authorities all relate to the quality management system. They are:

1. a) ensuring that the quality management system conforms to the requirements of this International Standard. And 
   
2.  
3. b) ensuring that the processes are delivering their intended outputs.
   

Now, this just means that there is to be someone responsible and with authority to monitor and check that the system is being followed. This could be through internal audits or scheduled operational reviews. Whatever the business determines the monitoring and evaluation requirements are and how these will be performed.

Then following this point c) states that there should also be someone responsible and with authority for

reporting on the performance of the quality management system and on opportunities for improvement, in particular to top management.

This makes sense, based on the previous 2 points. If you are monitoring whether the quality management system conforms to the standard and that the processes are delivering intended outputs then there would have to be some objective reporting provided to top management to demonstrate the system's status – is it conforming? Is it not? Where are the areas that it can improve? And so on.

And then finally point e) states that someone also is to be responsible for

ensuring the integrity of the quality management system is maintained when changes to the quality management system are planned and implemented.

So when there are changes and improvements to the system the impact of these changes should be monitored to ensure no other areas have been impacted. Really these 5 points a) through to e) are just about having someone responsible for the quality management system itself. I say ‘someone’ like it’s just one person. It doesn’t say that. These responsibilities can be split up or shared across several people or a team. 

The other thing that stands out for me with this clause is the word ‘authority’ – yes, this is the word I mentioned was key to these requirements. You may have noted that the clause mentions responsibilities but in each instance, it also mentions ‘authority’. You can have responsibility without the authority, however, when it comes to a management system and being responsible for conformance, maintenance, integrity, and reporting – without the authority to do this it becomes very difficult to gain traction and most importantly implement change and improvement. I have seen this so many times in businesses. They have given this responsibility to a team member however they do not have the responsibility to issue findings or put forward changes and reinforce these changes with other workers. They are just scoffed at and taken far too lightly. When this happens nothing changes and the system stagnates, or moreso declines.

When you are looking at delegating and giving others responsibilities, also look at the authority you are giving them. This is the important part to ensure is assigned, communicated, and understood within the organization as well as externally where it is relevant.

Learn even more by completing a qualification in one of our ISO 9001 courses.