Policies: 1st level of documents
In the documentation pyramid (as I drew it; see the link in the last post), policies are the foundation–the bottom layer. Policies are commonly referred to as “Tier 1” documents (though such terminology does not occur in Quality Management System standard texts).
An organization’s policies (or standards) form the foundation of the organization’s operations. Specifally, a policy describes how the organization (and people within the organization) are expected to behave. In other words, policies express who and what the organization is and intends to be.
Organizations usually have many policies, some driven by regulation, others are self-generated. For example, there are many Human Resources policies; there are also SHE (Safety, Health and Environmental) policies, financial policies and others.
The importance of policies vis-a-vis operating procedures is that the policies establish a framework around how “things are to be done.” If policies are used correctly, nothing in an operating procedure would violate a policy.
Policy audience: an organization’s policies have a global audience. Employees, applicants, customers, suppliers, regulatory agencies, even communities in which the organizations operate (audiences vary with policies, of course).
Issues addressed by policies: who is responsible to do what, the order in which actions will take place, limits around what will be done, and of course, what will not be done (in terms of behavior that is expected and behavior that will not be tolerated).
In the next post, we will focus on the operating procedure itself.