SGRII Insights · ISO 9001:2015 · 2026
Leadership — Why Signing the Quality Policy Isn’t Leading
ISO 9001 removed “management representative” for a reason. If leadership is still delegating the QMS to the quality department, the system has a governance failure at its core.
SGRII Performance & Digital Solutions
QMS Practice · April 2026 · 9 min read
SGRII Pillar Lens
Governance
Clause 5 is where the management system intersects with organisational authority. Governance means roles, controls, and accountability are built directly into workflows — not delegated to a quality department operating in isolation. A system governed by one person is a system vulnerable to that person’s absence.
The Deliberate Removal of the Management Representative
The 2008 edition of ISO 9001 included a specific requirement for a “management representative” — a designated individual responsible for the QMS. The 2015 revision deliberately removed this role. The intent was unambiguous: top management cannot outsource accountability for the quality management system to a single appointee.
In practice, most organisations still operate as if the role exists. The quality manager writes the policies, maintains the documents, coordinates audits, manages nonconformities, and reports to a leadership team that treats the QMS as a departmental function rather than an organisational system. This structural delegation is the single most common root cause of systemic QMS failure.
Clause 5.1.1 doesn’t ask leadership to “support” the quality system. It requires top management to demonstrate leadership and commitment by ensuring quality objectives are established and compatible with strategic direction, ensuring the integration of QMS requirements into business processes, promoting the process approach and risk-based thinking, and ensuring the QMS achieves its intended results. That’s operational accountability, not endorsement.
Clause 5.1.2 — Customer Focus as a Leadership Function
Customer focus is routinely treated as a sales or service function. Clause 5.1.2 locates it as a leadership responsibility. Top management must ensure that customer requirements and applicable statutory and regulatory requirements are determined, understood, and consistently met. They must also ensure that risks and opportunities that can affect product and service conformity are determined and addressed.
In audit, this surfaces in a specific way: when an auditor asks the managing director how customer satisfaction trends inform strategic decisions, and the answer is “the quality manager handles complaints,” that’s a conformance gap. The standard requires top management to demonstrate that customer data flows upward into decision-making — not that it’s captured somewhere in the system.
The SGRII framework addresses this by building customer feedback directly into the management review input structure. Customer satisfaction data, complaint trends, and requirement changes aren’t siloed in a customer log — they’re structured as standing agenda items in the Clause 9.3 management review, with required outputs that demonstrate leadership response.
Clause 5.2 — The Quality Policy That Actually Governs
A quality policy that reads “We are committed to quality, customer satisfaction, and continual improvement” is not a policy. It’s a statement of intent so generic it applies to any organisation in any industry. The standard requires the quality policy to be appropriate to the purpose and context of the organisation, provide a framework for setting quality objectives, and include a commitment to satisfy applicable requirements and to continual improvement.
The critical phrase is “provide a framework for setting quality objectives.” The policy must be specific enough that quality objectives (Clause 6.2) can be derived directly from it. If the policy says “we are committed to on-time delivery” then there must be a measurable objective for delivery performance. If the policy says “we will meet regulatory requirements” then there must be a mechanism for identifying and tracking those requirements.
A quality policy audit trail should run: Policy commitment → Quality objective → KPI → Monitoring method → Management review input → Improvement action. If any link in that chain is broken, the policy is decorative.
Clause 5.3 — Roles, Responsibilities, and the Authority Gap
Clause 5.3 requires top management to ensure that responsibilities and authorities for relevant roles are assigned, communicated, and understood. In SMEs, the most frequent failure mode isn’t that roles are undefined — it’s that authority isn’t matched to responsibility. A production supervisor may be responsible for release decisions but lack the authority to halt a line when acceptance criteria aren’t met. A procurement officer may be responsible for supplier evaluation but lack the authority to reject a supplier the commercial team has already committed to.
This authority gap produces a specific kind of nonconformity: the system says one thing, operational behaviour says another, and the gap is tolerated because the person nominally responsible cannot enforce the requirement. The root cause isn’t individual — it’s structural. The system has assigned responsibility without the corresponding authority, and leadership hasn’t resolved the conflict.
The SGRII framework addresses this through process ownership architecture. Each core procedure assigns not just the responsible role but the decision authority level — who can approve, who can override, who escalates. This eliminates the ambiguity that creates audit findings and, more importantly, the operational workarounds that erode system integrity.
The Governance Pillar in Practice
Clause 5 maps directly to the Governance pillar of the SGRII methodology. Governance isn’t a quality concept — it’s an organisational concept. The question isn’t whether the quality system is documented; it’s whether roles, controls, and accountability are built directly into workflows and systems so that the organisation operates with structural integrity, not personal heroism.
In integrated management systems, this matters exponentially. ISO 45001 adds worker participation requirements to leadership obligations. ISO 37001 adds the anti-bribery function — and the 2025 edition introduces anti-bribery culture as a specific leadership responsibility under Clause 5.1.3. ISO 27001 requires information security to be integrated into organisational processes. Each standard reinforces the same principle: leadership means the system runs because leadership designed it to run, not because a quality manager is holding it together.
THE SGRII ISO 9001:2015 QMS FRAMEWORK
Process ownership architecture with defined authority levels. Quality policy audit trails linking commitments to objectives to KPIs. Governance built into procedures, not bolted on afterward.
EXPLORE THE QMS FRAMEWORK ›Join the Conversation
Does your quality policy provide a traceable framework for setting objectives — or does it read like a motivational poster? Has your leadership team ever been challenged on Clause 5.1.1 during a Stage 2 audit?
Practitioner perspectives that challenge or extend this analysis are particularly welcome. Leave your comment below — the SGRII team responds to every substantive contribution.
Build it, don’t just read about it
SGRII ISO 9001:2015 QMS Framework
Six-module QMS with clause-referenced procedures, registers and an audit pack for SMEs.
View the Framework → Get the newsletterCoverage is not compliance. SGRII frameworks provide structured coverage, templates and guidance. They are designed for audit defensibility and structured for certification readiness; they do not certify you, do not guarantee a successful audit, and are not legal advice. The official ISO standard remains the only authoritative source of requirements.