Guide to ISO 9001 Clause 5.3 Organisational Roles Responsibilities and Authorities

CertBetter

Team CertBetter

13 min read
Guide to ISO 9001 Clause 5.3 Organisational Roles Responsibilities and Authorities

What Is Clause 5.3 and Why Does It Matter?

If you have spent any time inside a quality management system, you will know that one of the most common reasons things go wrong is not a lack of intention. It is a lack of clarity. Nobody knows who owns what. Decisions get made by the wrong person, or not made at all. Auditors raise nonconformances not because the system is broken, but because the organisation cannot demonstrate who is responsible for keeping it working.

That is exactly what ISO 9001 Clause 5.3 is designed to prevent. Sitting within Section 5 on Leadership, Clause 5.3 requires top management to ensure that the responsibilities and authorities for relevant roles are assigned, communicated, and understood throughout the organisation. It sounds straightforward, but getting it right takes more thought than most businesses expect.

This guide walks through what the clause actually requires, what auditors look for, and how to implement it properly so your quality management system reflects how your organisation actually works, not just how it looks on paper.

The Full Text of Clause 5.3 Explained

Section 5 of ISO 9001 covers leadership in its entirety. Clause 5.3 specifically states that top management shall assign the responsibility and authority for ensuring that the quality management system conforms to the requirements of the standard, that the processes are delivering their intended outputs, reporting on the performance of the QMS and opportunities for improvement, ensuring the promotion of customer focus, and ensuring the integrity of the QMS is maintained when changes are planned and implemented.

That list covers a lot of ground. Let us break it down into plain language so you can see what each element actually means for your business.

Conformance to ISO 9001 Requirements

Someone in your organisation needs to be accountable for making sure your QMS meets the standard. This does not mean one person does all the work. It means one person, or a clearly defined group of people, can be held responsible if it does not. In a small business, this is often the owner or operations manager. In a larger organisation, it might be a dedicated quality manager or a quality team.

The key word here is assigned. It is not enough for someone to informally take on this role. Top management needs to make a deliberate decision about who holds this responsibility, and that decision needs to be documented and communicated.

Ensuring Processes Deliver Their Intended Outputs

Your QMS is built around processes. Clause 5.3 requires someone to be responsible for checking that those processes are actually working as intended. This connects directly to Clause 4.4 on the quality management system and its processes, which requires you to determine the inputs, outputs, and criteria for each process.

In practice, this means process owners need to be identified. A process owner is the person accountable for the performance of a specific process. They monitor it, identify problems, and drive improvements. Without clear process ownership, nobody notices when things start to drift.

Reporting on QMS Performance

Someone needs to be responsible for collecting information about how the QMS is performing and reporting that information to top management. This feeds directly into the management review process covered in Clause 9.3. The person in this role needs access to data, the ability to interpret it, and a direct line to leadership.

This is where many organisations fall short. They have data sitting in spreadsheets or reports that nobody ever looks at. Clause 5.3 requires someone to actively own this reporting function, not just produce documents that get filed away.

Promoting Customer Focus Throughout the Organisation

Customer focus is not just a leadership responsibility at the top level. It needs to be embedded throughout the organisation. Clause 5.3 assigns someone the responsibility for ensuring this happens. This connects to Clause 5.1 on leadership and commitment, which places a strong emphasis on customer focus as a leadership obligation.

In practical terms, this means someone is responsible for making sure that customer requirements are understood at all levels, that customer satisfaction is monitored, and that customer-related risks and opportunities are considered in decision making.

Maintaining QMS Integrity During Changes

When your business changes, your QMS needs to change with it. New services, new staff, restructures, new equipment, changes to processes. Someone needs to be responsible for ensuring those changes do not undermine the integrity of your quality management system. This is a common audit finding. Organisations make significant operational changes and forget to update their QMS documentation, retrain staff, or reassess risks.

What the Standard Does Not Require

One thing worth clarifying early is that Clause 5.3 does not require you to appoint a dedicated quality manager. The 2015 version of ISO 9001 deliberately removed the requirement for a “management representative” that existed in earlier versions of the standard. This was intentional. The intent was to embed quality responsibility more broadly across the organisation rather than siloing it in one role.

This is good news for small businesses. You do not need to hire someone specifically for quality. What you do need is clarity about who is responsible for what, regardless of their job title. A sole trader who is also the quality manager is perfectly compliant, as long as the responsibilities are clearly defined and the system actually works.

How to Implement Clause 5.3 in Practice

Start With a Responsibility Assignment Matrix

One of the most effective tools for meeting Clause 5.3 is a responsibility assignment matrix, often called a RACI chart. RACI stands for Responsible, Accountable, Consulted, and Informed. For each key QMS activity, you define who does the work, who owns the outcome, who provides input, and who needs to be kept in the loop.

You do not need a complex document. A simple table that maps QMS responsibilities to roles within your organisation will satisfy an auditor and, more importantly, will give your team clarity about who does what.

Document It Properly

The standard requires that roles, responsibilities, and authorities are communicated and understood. Documentation is the most reliable way to demonstrate this. Your options include an organisational chart with defined roles, job descriptions that include QMS responsibilities, a quality manual section on roles and responsibilities, or a standalone responsibilities matrix.

Whatever format you choose, make sure it is current and accessible. An organisational chart that was last updated three years ago and does not reflect your current structure will create problems during an audit.

Communicate It to the Right People

Assigning responsibilities on paper is only half the job. The people in those roles need to know what is expected of them. This means induction training for new staff, regular reminders for existing staff, and clear communication whenever responsibilities change.

Auditors will often interview staff during a certification or surveillance audit. If your team cannot articulate their own quality responsibilities, that is a problem. It suggests that the assignment of responsibilities exists only on paper and has not been genuinely communicated or understood.

Review Responsibilities When Things Change

Clause 5.3 specifically calls out the need to maintain QMS integrity during changes. This means your responsibility assignment process cannot be a one-time exercise. Whenever your organisation changes in a meaningful way, you need to revisit who is responsible for what and update your documentation accordingly.

Common triggers for a review include staff turnover, particularly when a key quality role changes hands, restructures or changes to reporting lines, introduction of new products or services, significant changes to processes, and expansion into new sites or markets.

Real World Examples of Clause 5.3 in Action

Small Manufacturing Business

Consider a small manufacturing company with fifteen employees. The owner is also the operations manager. Under Clause 5.3, the owner assigns themselves as the person responsible for QMS conformance and reporting. They also assign the production supervisor as the process owner for the manufacturing process, and the customer service officer as responsible for monitoring customer satisfaction. These assignments are documented in job descriptions and communicated during the monthly team meeting. Simple, practical, and auditable.

Mid-Sized Professional Services Firm

A consulting firm with sixty staff has a quality manager who is responsible for QMS conformance and reporting. Each department head is assigned as the process owner for their team's processes. The business development manager is responsible for promoting customer focus in client-facing activities. Responsibilities are documented in a RACI matrix that is reviewed annually as part of the management review process.

Construction Company With Multiple Sites

A construction company operating across three states assigns a quality coordinator at each site, with a national quality manager overseeing the overall QMS. The national manager is responsible for reporting to the executive team and ensuring consistency across sites. Each site coordinator is responsible for local process performance and day-to-day QMS activities. This structure is reflected in the organisational chart and reinforced through quarterly quality meetings.

Common Audit Findings Related to Clause 5.3

Having audited quality management systems across a wide range of industries, the same issues come up repeatedly when it comes to Clause 5.3. Being aware of them now will save you a nonconformance later.

Responsibilities are assigned but not communicated. The quality manual lists who is responsible for what, but the people in those roles have no idea they hold those responsibilities. This is a genuine nonconformance because the clause requires responsibilities to be understood, not just documented.

The organisational chart is out of date. Staff have left, roles have changed, new positions have been created, but the chart still shows the old structure. Auditors check documents for currency, and an outdated chart signals poor document control.

Process owners cannot describe their processes. If you interview a process owner and they cannot tell you what the inputs and outputs of their process are, or how they monitor its performance, that is a problem. Process ownership needs to be meaningful, not just a label on a document.

QMS responsibilities are not included in job descriptions. If your job descriptions make no mention of quality responsibilities, it is harder to demonstrate that those responsibilities have been formally assigned and communicated.

No clear owner for customer focus. Many organisations can point to a customer satisfaction survey but cannot identify who is responsible for acting on the results. Clause 5.3 requires someone to be accountable for promoting customer focus, not just measuring it.

How Clause 5.3 Connects to the Rest of the Standard

Clause 5.3 does not sit in isolation. It connects to several other parts of the standard in ways that are worth understanding.

It links to Clause 5.2 on quality policy, because the people responsible for the QMS need to understand and communicate the policy. It connects to Clause 6 on planning, because the people responsible for QMS performance need to be involved in identifying risks and opportunities. It feeds into Clause 9 on performance evaluation, because someone needs to own the monitoring, measurement, and reporting functions. And it is foundational to Clause 10 on improvement, because you cannot drive improvement without clear accountability.

Understanding these connections helps you build a system where responsibilities are not just assigned in one clause but are woven through the entire QMS in a coherent way.

What Top Management Actually Needs to Do

The clause places the obligation on top management to assign, communicate, and ensure understanding of roles and responsibilities. This is not something that can be delegated entirely to a quality manager. Top management needs to be actively involved in making these assignments and ensuring they are genuinely understood.

In practice, this means top management should review the responsibility assignment during management reviews, sign off on significant changes to the responsibility structure, be visible in communicating the importance of quality roles to the broader team, and ensure that people in quality roles have the authority they need to do their job effectively.

The ISO 9001:2015 standard published by ISO is explicit that top management cannot simply hand off quality responsibility and walk away. The whole thrust of Section 5 is that leadership is accountable for the quality management system, and Clause 5.3 is where that accountability gets translated into specific assignments.

Tips for Getting Clause 5.3 Right the First Time

If you are implementing ISO 9001 for the first time or preparing for a certification audit, here are the practical steps that will help you get Clause 5.3 right without overcomplicating it.

  • Map your key QMS activities first, then assign responsibility to roles, not individuals. Roles persist when people leave. Individuals do not.
  • Make sure every person with a QMS responsibility knows about it before the audit. Brief your team, not just your quality manager.
  • Keep your organisational chart current. Set a reminder to review it whenever there is a significant staffing change.
  • Include QMS responsibilities in job descriptions. This is one of the simplest ways to demonstrate formal assignment.
  • Review your responsibility structure during every management review. This creates a documented record of ongoing oversight.
  • Give people the authority they need to carry out their responsibilities. A process owner who cannot make decisions about their process is not really an owner.

If you are unsure whether your current approach meets the standard, it is worth getting a gap assessment done before your certification audit. A good ISO consultant can review your documentation and interview your team to identify any gaps before an auditor does. If you are looking for a consultant who genuinely understands the standard, choosing the right ISO consultant is worth doing carefully.

Getting Help With ISO 9001 Implementation

Clause 5.3 is one of those requirements that looks simple on the surface but reveals complexity when you try to apply it to a real organisation with real people and real reporting structures. Getting it right requires a clear understanding of both the standard and your own business.

If you are working through ISO 9001 implementation and want to make sure you are meeting all the requirements, including Clause 5.3, CertBetter can connect you with verified ISO consultants who have hands-on experience helping businesses build quality management systems that work in practice, not just on paper. Submit one form and receive up to three competing quotes from vetted providers, completely free. It is a straightforward way to find the right support without spending hours researching providers on your own.

Get 3 ISO Quotes. 24 Hours Response

Tell us what you need and compare vetted ISO consultants or certification bodies within 24 hours. Free, no obligation.

Trusted by 400+ businesses like yours

Frequently Asked Questions

No. ISO 9001:2015 deliberately removed the requirement for a formal management representative that existed in earlier versions of the standard. Clause 5.3 requires top management to assign responsibilities and authorities for relevant roles, but it does not specify that a dedicated quality manager must exist. In small businesses, the owner or operations manager can hold these responsibilities. What matters is that the responsibilities are clearly assigned, documented, and understood by the people who hold them.

Responsibility refers to the obligation to perform a task or achieve an outcome. Authority refers to the power to make decisions, allocate resources, or take action to fulfil that responsibility. Clause 5.3 requires both to be assigned. A person who is responsible for a process but has no authority to change it or allocate resources to fix problems is set up to fail. Effective implementation means giving people both the obligation and the power to act.

There is no single prescribed format. Common approaches include organisational charts with defined roles, job descriptions that include QMS responsibilities, a RACI matrix mapping responsibilities to roles, or a section in the quality manual. Whatever format you use, the document needs to be current, accessible to the people it covers, and consistent with how the organisation actually operates. An auditor will check the document but will also interview staff to confirm that responsibilities are genuinely understood.

Clause 5.3 requires top management to ensure QMS integrity is maintained when changes are planned and implemented. This means that when significant changes occur, including staff turnover in key quality roles, you need to update your responsibility documentation, brief the new person on their obligations, and ensure there is no gap in accountability during the transition. Failing to do this is a common audit finding and can result in a nonconformance if it creates a gap in the system.

Yes, particularly in smaller organisations. One person can be responsible for QMS conformance, performance reporting, and promoting customer focus simultaneously. The important thing is that the responsibilities are clearly documented and that the person has the capacity and authority to fulfil them all. If one person is overloaded with quality responsibilities to the point where the system is not functioning effectively, that becomes a risk that auditors may identify during a surveillance or recertification audit.

Clause 5.3 requires someone to be responsible for ensuring that processes deliver their intended outputs. In practice, this is implemented through the concept of process ownership, where a specific person is assigned accountability for the performance of each key process. Process owners monitor their processes, identify problems, and drive improvements. This responsibility needs to be formally assigned and documented, and process owners need to understand what is expected of them, including how to measure process performance and what to do when something goes wrong.

Dilawar Laghari

Hi! I am Dilawar Laghari, founder of CertBetter.

I created CertBetter to help anyone compare ISO certification providers for free.

ISO 9001 Clause 5.3: Roles, Responsibilities & Authorities - CertBetter