How to write an ISO 9001 quality policy (with examples)

The quality policy is often one of the first documents an auditor asks to see. It's also one of the most frequently written badly. Vague promises about "delighting customers" and "striving for excellence" might look fine on paper, but they won't satisfy an ISO 9001 auditor — and more importantly, they won't actually help your business.

This guide explains exactly what your quality policy needs to contain, what the standard says, and how to write something that's both compliant and genuinely meaningful to the people who work in your organisation.

What is a quality policy and why does it matter?

Your quality policy is a short, formal statement of your organisation's commitment to quality. It sits at the top of your Quality Management System (QMS) and sets the direction for everything else — your quality objectives, your processes, and your approach to continual improvement.

Think of it as your organisation's promise to itself and its customers. It shouldn't be a wall of corporate language that nobody reads. The best quality policies are short enough to remember, specific enough to mean something, and honest enough to reflect how the business actually operates.

ISO 9001:2015 makes the quality policy a mandatory documented requirement. You can't certify without one, and your auditor will use it as a lens through which to view everything else in your QMS.

What ISO 9001 requires your quality policy to include

ISO 9001:2015 clause 5.2 sets out the requirements. Your quality policy must:

• Be appropriate to the purpose and context of your organisation
• Provide a framework for setting quality objectives
• Include a commitment to satisfying applicable requirements
• Include a commitment to continual improvement of the QMS

The standard also requires that the quality policy is:

• Available as documented information
• Communicated, understood, and applied within the organisation
• Available to relevant external parties if appropriate

Note that the standard doesn't require you to use specific wording. There's no magic phrase that makes a quality policy compliant. What matters is that it genuinely covers the four requirements above and that people in your organisation actually understand and follow it.

Common mistakes that catch businesses out

Auditors see hundreds of quality policies every year. Here are the patterns that raise red flags:

Being too generic

Phrases like "we are committed to the highest standards" or "quality is at the heart of everything we do" are meaningless without context. What standards? What does quality mean for your specific business? An auditor will probe further, and if your staff can't explain what the policy means in practice, you have a problem.

Listing objectives inside the policy

Your quality policy should provide a framework for objectives — not be a list of them. Specific, measurable targets (such as "achieve 98% on-time delivery") belong in your quality objectives document, not your policy. The policy explains the direction; the objectives explain the destination.

Signing it and forgetting it

ISO 9001 requires the policy to be "understood and applied" within the organisation. If your staff have never seen it, can't summarise it, or don't know where to find it, that's a nonconformity waiting to happen. Auditors often ask employees directly what the quality policy says.

No link to top management

The policy must be established by top management (clause 5.1). That means it should be visibly owned by a director or senior leader — not drafted by a quality manager and quietly filed away. Auditors look for evidence of leadership commitment, and the quality policy is one of the clearest signals of that.

How to write a quality policy step by step

1. Start with your context. Review your organisation's purpose, your key customers, and the sector you operate in. What does quality actually mean for your business and your customers? A software company's definition of quality will look different to a food manufacturer's.
2. Identify your key commitments. Beyond the two mandatory commitments (satisfying requirements and continual improvement), what else genuinely matters? Consider customer satisfaction, regulatory compliance, staff development, or environmental responsibility if these are relevant.
3. Write a first draft in plain English. Aim for 150 to 300 words. Avoid jargon. Write as if you're explaining your approach to a new employee on their first day.
4. Check it against the clause 5.2 requirements. Does it cover all four requirements? Is it specific to your organisation? Would a member of your team be able to explain what it means?
5. Get it signed off by a director. This is a leadership document. It needs to be owned at the top of the business.
6. Communicate it. Display it in your workplace, include it in staff inductions, and make it available on your website or to customers if appropriate. Document how you've communicated it — this becomes evidence for your auditor.

Quality policy examples

The following are illustrative examples based on common business types. They're intended to show tone and structure — your policy must reflect your own organisation.

Example 1: Small professional services firm

"At [Company Name], our commitment is to deliver reliable, accurate, and timely services that meet our clients' needs and applicable legal requirements. We aim to continually improve our processes and the effectiveness of our quality management system, ensuring our team has the skills, resources, and clarity to do their best work. This policy is reviewed annually and is the responsibility of the Managing Director."

Example 2: Manufacturing SME

"[Company Name] is committed to manufacturing products that consistently meet customer specifications, regulatory standards, and our own quality benchmarks. We will maintain and continually improve our quality management system to reduce errors, improve efficiency, and deliver on our promises to customers. Every member of our team is responsible for quality in their own work. This policy is owned by the Operations Director and reviewed as part of our annual management review."

Notice what both examples have in common: they're specific, they name a responsible person, they include both mandatory commitments, and they avoid hollow language. Neither is more than 100 words.

Keeping your quality policy alive after certification

Getting certified is the beginning, not the end. Your quality policy needs to stay relevant as your business changes.

Build a review of your quality policy into your annual management review (which ISO 9001 requires anyway under clause 9.3). Ask yourself: does this still reflect who we are and what we do? Has anything changed that should be reflected here?

Keep a version history in your document control system so you can demonstrate to auditors that the policy is actively maintained rather than static.

And make communication an ongoing habit — not just a one-off at certification. New starters should encounter the quality policy in their induction. It should be visible in your workplace. Quality team meetings are a natural place to reference it.

A quality policy that people actually know about and understand is one of the simplest and most effective ways to show an auditor that your QMS is genuinely embedded in the business — not just a set of documents created for audit day.