Leadership as a QMS Requirement, Not Just a Principle
ISO 9001:2015 made a significant shift in how it addresses leadership. Rather than treating leadership as a general principle, Clause 5 defines specific behaviors that top management must demonstrate. This clause makes leadership behaviors mandatory and auditable, not aspirational. Auditors will verify that top management is personally engaged in QMS governance, not delegating quality responsibility to a dedicated quality function.
Clause 5.1: Leadership and Commitment
Clause 5.1 requires top management to demonstrate commitment through specific behaviors. These behaviors include: taking accountability for QMS effectiveness, ensuring quality policy and objectives are clearly aligned with the strategic direction of the organization, promoting the process approach and risk-based thinking throughout the organization, ensuring that QMS resources are provided and maintained, communicating the importance of the QMS to the entire organization, promoting improvement as a continuous activity, and supporting other management roles in fulfilling their QMS responsibilities.
| Required Leadership Behavior | How Auditors Verify | Common Evidence |
|---|---|---|
| Accountability for QMS effectiveness | Interviews with top management about QMS performance | Management review attendance records, decisions made on QMS issues |
| QMS resources ensured | Budget and staffing allocation evidence | Approved QMS budget, staffing records, training investment |
| Promoting improvement | Evidence of improvement decisions at management review | Improvement register, action closure records, budget allocation to improvement |
| Customer focus maintained | Customer satisfaction data reviewed and acted upon | Satisfaction KPIs presented at management review, corrective actions for low scores |
| Process approach promoted | Evidence of process-based thinking in QMS documentation | Process maps, process performance monitoring, process improvement initiatives |
| Risk-based thinking promoted | Risk-based decisions in QMS planning and operations | Risk register, risk-based audit planning, risk mitigation actions |
Clause 5.1.2: Customer Focus
Clause 5.1.2 makes customer focus a leadership obligation. Top management must ensure that customer and applicable statutory and regulatory requirements are determined, understood, and met. Top management must ensure that risks and opportunities affecting the ability to meet customer and regulatory requirements are addressed. Top management must ensure that customer satisfaction is maintained. This is not a quality assurance function — it is a leadership responsibility that cannot be delegated.
Customer focus at the leadership level is verified through management review evidence. If the management review does not include customer satisfaction data, customer complaint trends, or customer feedback analysis, this is a Clause 5.1.2 finding.
Clause 5.2: The Quality Policy
The quality policy is a formal statement that describes the organization's commitment to quality and the framework for quality objectives. The policy must be appropriate to the organization's context, provide a framework for setting quality objectives, include commitment to conformity with applicable requirements, and include commitment to continual improvement. The policy must be communicated internally to everyone in the organization and made available to interested parties.
| Policy Element | Compliant Example | Non-Compliant Example |
|---|---|---|
| Context appropriate | Specifically references products/services and market served | Generic statement applicable to any organization |
| Objectives framework | Includes specific dimensions: customer satisfaction, delivery, defect rates, regulatory compliance | Vague reference to "quality improvement" with no framework |
| Commitment to requirements | Identifies applicable regulatory frameworks (LKPP, BPOM, OJK where relevant) and legal requirements | Generic "comply with applicable requirements" |
| Commitment to improvement | Links to continuous improvement program with specific objectives | Generic improvement statement with no connection to action |
The quality policy is the "North Star" of the QMS. Every objective, process control, and resource decision should be traceable back to the quality policy. A policy that is written but not used in decision-making is a compliance artifact, not a leadership tool.
Clause 5.3: Organizational Roles, Responsibilities, and Authorities
Clause 5.3 requires that roles, responsibilities, and authorities relevant to the QMS are assigned, communicated, and understood. This includes: who is responsible for ensuring the QMS meets requirements, who is responsible for customer focus, who has authority to initiate corrective actions, who is responsible for internal audits, and who reports quality performance to top management.
The key requirement is that these roles are documented and communicated. An organization chart or responsibility matrix showing QMS roles is the typical documented information for Clause 5.3. However, documenting roles is not sufficient — the people assigned to these roles must understand their responsibilities and have the authority to fulfill them.
The End of the Management Representative
The 2008 version of ISO 9001 required a Management Representative with explicit authority for quality management. ISO 9001:2015 removed this requirement. This was a deliberate decision by ISO/TC 176 because the Management Representative role had an unintended consequence: it allowed every other manager — including top management — to treat quality as the Management Representative's responsibility rather than as a business priority requiring leadership attention.
The 2015 standard distributes QMS accountability throughout the organization and makes top management directly accountable for QMS effectiveness. In practice, many organizations still appoint a Quality Manager or QMS Manager, but this is a management decision, not a compliance requirement. If appointed, this role should be described in the responsibility matrix but must not become a "quality silo" where everyone else assumes quality is not their concern.
Demonstrating Leadership in an Audit
Certification auditors verify Clause 5 through: interviews with CEO/Directors/Owner about quality policy and QMS performance, review of management review records showing that quality is discussed as a business topic, evidence that resource decisions about quality are made by top management, quality policy communication evidence (display in workplace, inclusion in induction, reference in performance management), and evidence that top management addresses significant quality issues discovered by audits or customer feedback.
Organizations preparing for audit should ensure that top management is prepared to discuss the quality policy, key quality objectives, significant nonconformities from the past year, and resource decisions made to support QMS improvement. If top management cannot meaningfully answer these questions, the auditor will raise findings against Clause 5.1.
| KEY IDEA | ISO 9001:2015 removed the Management Representative because assigning one person accountability for quality allowed everyone else — including top management — to treat quality as someone else's job. In the 2015 standard, quality is everyone's job, and top management cannot delegate away their personal accountability for QMS effectiveness. The certification auditor will verify this by speaking with the top management team directly. |
| IMPORTANT | Auditors will interview top management in every Stage 2 and surveillance audit. If top management cannot describe the quality policy, demonstrate knowledge of quality objectives, or explain significant nonconformities and their corrective actions, the auditor will raise a finding against Clause 5.1. Preparing top management for audit interviews is not optional — it is essential. Have the CEO or owner rehearse potential audit questions and review quality performance data before the audit. |
| BITLION INSIGHT | The most impactful thing a CEO or owner can do for an ISO 9001 QMS is to chair the management review personally, ask substantive questions about quality performance data, and make visible resource decisions based on QMS outputs. This single behavior change transforms the organizational signal about quality ownership from "the QA team's responsibility" to "a business priority that the CEO cares about." This is more effective than any documented procedure in driving quality culture. |