Introduction

The quality policy is one of the first documents you create when implementing a quality management system — and one of the most misunderstood. Many companies treat it as a formality: a few generic sentences about “delivering quality” that get printed, framed, and forgotten.

That is a missed opportunity.

A well-written quality policy is the foundation of your entire QMS. It defines the direction for your quality objectives, guides decision-making across the organisation, and signals to customers, employees, and auditors that your commitment to quality is real — not just words on paper.

In this guide, we walk you through exactly how to write a quality policy that meets ISO 9001:2015 requirements, reflects your actual business, and satisfies auditors. We include real-world examples, a step-by-step writing process, common mistakes to avoid, and a ready-to-use template.

This article is part of our comprehensive ISO 9001 Implementation Guide for SMEs in the DACH Region. If you are implementing a full QMS, we recommend reading that guide first for context.

What Is a Quality Policy?

A quality policy is a formal statement by top management that defines the organisation’s overall intentions and direction regarding quality. Think of it as the “constitution” of your quality management system — everything else (quality objectives, processes, audits, improvements) should trace back to it.

It is not a marketing document. It is not a mission statement. It is a management commitment that must be:

• Specific to your company, your industry, and your customers
• Actionable enough to derive measurable quality objectives from it
• Understood by every employee — from the shop floor to the boardroom
• Lived in daily operations, not just displayed on a wall

The quality policy sits at the top of your QMS hierarchy. It flows downward into quality objectives, which flow into processes, which produce measurable results, which feed back into management review and continuous improvement.

What Does ISO 9001:2015 Actually Require?

Before writing your policy, you need to understand exactly what the standard demands. Section 5.2, which falls under Chapter 5 — Leadership, sets out clear requirements:

5.2.1 — Establishing the Quality Policy

Top management shall establish, review, and maintain a quality policy that:

1. Is appropriate to the purpose and context of the organisation — It must reflect what your company actually does, who your customers are, and the environment you operate in.
2. Provides a framework for setting quality objectives — Your quality objectives must be directly derivable from the policy. If your policy says nothing about delivery reliability, you cannot logically set a quality objective for on-time delivery.
3. Includes a commitment to satisfy applicable requirements — This covers legal requirements, regulatory requirements, customer requirements, and any standards you commit to.
4. Includes a commitment to continual improvement of the quality management system — Not just product improvement — improvement of the system itself.

5.2.2 — Communicating the Quality Policy

The quality policy shall:

• Be available and maintained as documented information
• Be communicated, understood, and applied within the organisation
• Be available to relevant interested parties, as appropriate

This second part is where many companies fail. Writing a good policy is only half the job. If your employees cannot explain what it means in their own words, an auditor will flag it.

The 6-Step Process to Writing Your Quality Policy

Step 1: Understand Your Context

Before putting pen to paper, revisit your context analysis (ISO 9001 Chapter 4). Your quality policy must be appropriate to your company’s purpose and context. Ask yourself:

• What does our company do? What products or services do we provide?
• Who are our customers? What do they expect from us?
• What industry are we in? What are the specific quality challenges?
• What legal and regulatory requirements apply to us?
• What are our competitive differentiators related to quality?

Example: A precision machining company serving the automotive industry has very different quality priorities than an IT consulting firm. The machining company might emphasise dimensional accuracy, traceability, and on-time delivery. The IT firm might focus on project delivery, data security, and customer communication.

Step 2: Identify Your Quality Priorities

Based on your context, define 3 to 5 quality priorities that genuinely matter to your business. These should be areas where quality performance directly impacts customer satisfaction and business success.

Common quality priorities include:

• Customer satisfaction and responsiveness
• Product or service conformity and reliability
• On-time delivery performance
• Employee competence and development
• Supplier quality and partnership
• Process efficiency and waste reduction
• Compliance with legal and regulatory requirements
• Innovation and continuous improvement

Tip: Involve your management team in this step. The quality policy must be owned by top management — not drafted in isolation by the quality manager.

Step 3: Draft the Policy Statement

Now write your quality policy. Follow these principles:

• Be specific. Replace generic phrases with concrete commitments that reflect your actual business.
• Be concise. Aim for one page maximum — ideally 150 to 300 words. Shorter is better.
• Be clear. Write in plain language. Every employee must be able to understand it. Avoid jargon, buzzwords, and overly formal language.
• Be honest. Only commit to what you are willing to measure and be held accountable for.

Structure your policy around these elements:

1. Opening statement — Who you are and what you do (1-2 sentences)
2. Quality commitments — Your 3-5 specific quality priorities (the core of the policy)
3. Commitment to requirements — Compliance with applicable requirements
4. Commitment to improvement — Continual improvement of the QMS
5. Closing statement — Management commitment and signature

Step 4: Validate Against ISO 9001 Requirements

Before finalising, check your draft against this compliance checklist:

• Appropriate to the purpose and context of the organisation?
• Provides a framework for setting quality objectives?
• Includes commitment to satisfy applicable requirements?
• Includes commitment to continual improvement?
• Will be maintained as documented information?
• Can be communicated and understood by all employees?
• Can be made available to interested parties?

If any box is unchecked, revise your draft.

Step 5: Get Top Management Sign-Off

The quality policy is a top management document. The CEO or managing director must:

• Actively participate in its creation (not just sign at the end)
• Formally approve and sign the policy
• Be prepared to explain it to an auditor
• Demonstrate commitment to it through actions, not just words

Auditor reality check: During a Stage 2 audit, auditors may ask the CEO or managing director about the quality policy. They want to see that management is aware of its content and can explain the general direction — it does not need to be memorised word-for-word. For more on what leadership commitment means in practice under ISO 9001, see our detailed guide.

Step 6: Communicate and Deploy

A quality policy only works if people know it, understand it, and apply it. Effective communication strategies include:

• Display it in common areas, meeting rooms, and on the company intranet
• Discuss it during team meetings, onboarding, and annual reviews
• Train on it — explain what each commitment means in practice for different roles
• Reference it when setting quality objectives and making decisions
• Review it at least annually during management review — update if your context changes

The real test: Can a random employee on the shop floor explain the quality policy in their own words? They do not need to recite it word-for-word, but they should know the general direction and how it relates to their work.

Quality Policy Examples

Bad Example 1 — Too Generic

“Our company is committed to delivering the highest quality products and services. We strive for excellence in everything we do. Customer satisfaction is our top priority. We comply with all applicable requirements and continuously improve our processes.”

What is wrong with this?

• Could apply to literally any company in any industry
• “Highest quality” and “excellence” are meaningless without context
• No specific commitments that could drive measurable objectives
• An auditor cannot verify any of these statements
• Employees cannot derive actionable guidance from it

Bad Example 2 — Too Long and Complex

“In accordance with our strategic vision and mission, and recognising the importance of quality management systems in the contemporary business environment, our organisation hereby commits to the establishment, implementation, maintenance, and continual improvement of a quality management system that is in conformity with the requirements of ISO 9001:2015, taking into account the context of the organisation as defined in Clause 4.1, the needs and expectations of interested parties as defined in Clause 4.2, and the scope of the quality management system as defined in Clause 4.3…”

What is wrong with this?

• Reads like a legal document, not a guiding principle
• No employee will read or understand this
• Simply restates the standard requirements without adding company-specific value
• Lacks any concrete quality commitments

Good Example — Precision Manufacturing Company

Quality Policy of [Company Name]

[Company Name] manufactures precision-machined components for the automotive and mechanical engineering industries. Our customers depend on us for parts that meet exact specifications, delivered reliably and on time.

We commit to:

• Delivering products that consistently meet customer and regulatory requirements through robust process controls, incoming inspections, and final quality checks.
• Ensuring reliable and on-time delivery by continuously optimising our production planning and supply chain management.
• Investing in our employees’ skills and qualifications through regular training, so every team member understands their role in delivering quality.
• Building strong supplier partnerships based on transparent evaluation criteria and collaborative improvement.
• Continuously improving our quality management system by setting measurable objectives, analysing performance data, and acting on findings from audits and management reviews.

We comply with all applicable legal, regulatory, and customer-specific requirements.

This policy is communicated to all employees and made available to our customers and interested parties upon request. It is reviewed annually as part of our management review.

[City], [Date]
[Name, Title — Managing Director]

Why this works:

• Clearly states what the company does and who it serves
• Each commitment is specific and measurable
• Quality objectives can be directly derived (delivery rate targets, training hours, supplier scores, etc.)
• Written in plain language anyone can understand
• Meets all ISO 9001:2015 Section 5.2 requirements

Good Example — IT Services Company

Quality Policy of [Company Name]

[Company Name] provides IT consulting and software development services to medium-sized businesses in the DACH region. Our clients trust us to deliver projects on time, within budget, and with solutions that work reliably.

We are committed to:

• Understanding our clients’ requirements thoroughly before every project through structured requirements analysis and regular communication throughout delivery.
• Delivering projects that meet agreed specifications, timelines, and budgets by following defined project management processes and quality gates.
• Ensuring the competence of our team through continuous professional development, certifications, and knowledge sharing.
• Responding to client feedback promptly and transparently, treating every issue as an opportunity to improve our services.
• Improving our processes and management system continuously based on project reviews, client satisfaction surveys, and internal audits.

We comply with all applicable legal requirements, including data protection regulations (GDPR/DSGVO) and contractual obligations.

[City], [Date]
[Name, Title — Managing Director]

Common Mistakes and How to Avoid Them

Mistake 1: Writing the Policy in Isolation

The quality manager writes the policy alone, sends it to the CEO for signature, and considers it done.

Why it fails: The CEO cannot explain it to an auditor. Employees see it as a “quality department thing.” Nobody feels ownership.

Solution: Run a 2-hour workshop with top management and department heads. Discuss context, priorities, and commitments together. The quality manager facilitates and drafts — but the content must come from leadership.

Mistake 2: Copying a Template Without Adapting It

Many companies download a template from the internet and change only the company name.

Why it fails: Auditors recognise generic policies immediately. More importantly, a copy-paste policy cannot guide your specific quality objectives and decisions.

Solution: Use templates as inspiration for structure, but write the content from scratch based on your own context analysis and quality priorities.

Mistake 3: Making It Too Ambitious

Committing to “zero defects” or “100% customer satisfaction” sounds impressive but creates problems.

Why it fails: These targets are unrealistic and unmeasurable. When your quality objectives inevitably fall short of perfection, you have a nonconformity against your own policy.

Solution: Commit to realistic, directional goals. Instead of “zero defects,” write “continuously reducing defect rates through systematic root cause analysis.”

Mistake 4: Never Updating the Policy

The policy was written during initial certification and has not been touched in five years, even though the company has changed significantly.

Why it fails: The policy no longer reflects the organisation’s context, which is a direct nonconformity against Section 5.2.1(a). Auditors will ask when it was last reviewed.

Solution: Review the quality policy at every management review (at least annually). Update it when your business context, customer base, product range, or strategic direction changes significantly.

Mistake 5: Failing to Communicate Effectively

The policy exists as a PDF on the intranet. Nobody reads it.

Why it fails: Section 5.2.2 requires the policy to be “communicated, understood, and applied.” A document nobody reads fails all three criteria.

Solution: Make the policy visible (posters, intranet homepage, onboarding materials), discuss it regularly (team meetings, annual reviews), and connect it to daily work (“This is why we do incoming inspections — it directly supports commitment #1 in our quality policy”).

How to Derive Quality Objectives from Your Quality Policy

Your quality policy and quality objectives must be directly connected. Each commitment in your policy should translate into one or more measurable objectives. For a deeper look at how objectives and planning work under ISO 9001, see our guide on Chapter 6 — Planning. Here is how the connection works in practice:

Quality Policy Commitment	Quality Objective	KPI	Target
Delivering products that meet specifications	Reduce customer complaints	Complaint rate per 1,000 units	< 2
Ensuring reliable and on-time delivery	Improve delivery performance	% of orders delivered on time	≥ 95%
Investing in employee skills	Ensure workforce competence	Training hours per employee per year	≥ 16 hours
Strong supplier partnerships	Maintain supplier quality	% of suppliers rated A or B	≥ 90%
Continuous improvement of QMS	Drive measurable improvement	Number of improvement actions implemented	≥ 12 per year

Key principle: If you cannot define a measurable objective from a policy commitment, the commitment is too vague. Go back and make it more specific. Your objectives should also account for risks and opportunities identified during your planning process.

Quality Policy Template

Use this template as a starting point. Replace all bracketed text with your company-specific information.

Quality Policy of [Company Name]

[Company Name] [describe what you do — products/services] for [describe your customers/markets]. [One sentence about what your customers expect from you].

We are committed to:

1. [Commitment related to product/service quality] — [brief explanation of how you achieve this].
2. [Commitment related to customer satisfaction or delivery] — [brief explanation of how you achieve this].
3. [Commitment related to employees/competence] — [brief explanation of how you achieve this].
4. [Commitment related to compliance] — We comply with all applicable legal, regulatory, and customer-specific requirements relevant to our products/services and industry.
5. [Commitment to continual improvement] — We continuously improve our quality management system by [specific methods: setting measurable objectives, conducting internal audits, evaluating performance data, acting on management review outcomes].

This policy is communicated to all employees and made available to interested parties upon request. It is reviewed at least annually during our management review and updated as needed.

[City], [Date]
[Full Name]
[Title — e.g., Managing Director / CEO / General Manager]

What Auditors Check Regarding the Quality Policy

During a certification or surveillance audit, auditors verify whether your quality policy meets the requirements of Section 5.2. This is straightforward — they are checking compliance, not creativity. Here is what they look for:

1. Is the policy appropriate to the organisation’s context? The policy should reflect what your company actually does. A generic policy that could belong to any company may raise questions.
2. Does it provide a framework for quality objectives? Auditors check whether your quality objectives can be logically traced back to the policy commitments.
3. Does it include a commitment to satisfy applicable requirements? This means legal, regulatory, and customer requirements. A simple statement is sufficient.
4. Does it include a commitment to continual improvement? This is the one companies most often forget. The policy must explicitly mention improvement of the QMS — not just product quality.
5. Is it documented, communicated, and available? Auditors verify that the policy exists as documented information, that employees are aware of it, and that it can be made available to interested parties.

That is essentially it. Auditors are not looking for literary quality or an impressive document. They verify that the requirements are met and that the policy is not just a piece of paper nobody knows about. If an employee is asked about quality and has no idea what the company’s quality direction is, that can become a finding — but the bar is reasonable, not perfection.

Frequently Asked Questions

Conclusion

Your quality policy is not a bureaucratic checkbox — it is the strategic compass for your entire quality management system. A good quality policy is specific to your company, drives measurable objectives, is understood by your employees, and is actively used in decision-making.

Take the time to write it properly. Involve your leadership team. Make it real, make it specific, and make it yours.

And remember: the best quality policy is not the one with the most impressive language. It is the one that your team actually follows.

Need help writing your quality policy or implementing ISO 9001? Sternberg Consulting supports SMEs in the DACH region with practical, no-nonsense quality management consulting — from gap analysis through certification. Contact us for a free initial consultation.

Related Articles

• ISO 9001 Implementation for SMEs: The Complete Guide for the DACH Region — The full step-by-step implementation guide this article is part of.
• Understanding Clause 5 of ISO 9001:2015 — Leadership — Deep dive into leadership requirements, including quality policy, roles, and responsibilities.
• Understanding Chapter 6 of ISO 9001:2015 — Planning — How to set quality objectives and plan for risks and opportunities.
• Requirements of ISO 9001:2015 Chapter 4 — Context of the Organisation — Understanding your context is the foundation for writing your quality policy.
• Risk-Based Thinking in ISO 9001 — A systematic approach to identifying risks and opportunities.
• Common Pitfalls in ISO 9001 Implementation — Mistakes to avoid during your ISO 9001 journey.
• ISO 9001:2015 Requirements Simply Explained — A plain-language overview of the entire standard.
• Top 10 Reasons Why You Need ISO 9001 Certification — Why ISO 9001 matters for your business.