What is Documented Information in ISO 9001?

The Documented Information clause might have come as a surprise to a lot of compliant businesses within the most recent version of ISO 9001 standards, since different terminology has been used in previous years. So, I did some deeper research to come up with a simple explanation of what documented information consists of exactly.

What is documented information in ISO 9001? The term “documented information” in the ISO 9001 guidelines is basically a combination of the two terms “documents” and “records”. It refers to all of the important information within a business that must be kept organized and controlled.

If you have taken the time to read through the ISO 9001 requirements, you might have looked twice at the term “documented information”. With such vague specifications, there is a lot more to be said about this concept.

In this article, we will be going over what ISO 9001 really means by documented information, and everything else you would need to know about the topic.

ISO 9001:2015 ISO 9001:2008 Summary of Changes
7.5 Documented Information 4.2 Documentation Requirements Title only.
General 4.2.1 General No change.
7.5.2 Creating and Updating 4.2.3 Control Of Documents This requirement is comparable to the requirements from ISO 9001:2008 Clause 4.2.3 – Document Control
7.5.3 Control Of Documented Information 4.2.4 Control Of Records This requirement is comparable to the requirements from ISO 9001:2008 Clause 4.2.4 – Control of Records.

ISO 9001 Documented Information

In previous versions of ISO standards, the terms “documents” and “records” were formally used to refer to the important information and data that exists within a company.

In the current ISO 9001 guidelines that were most recently released in the year 2015, these terms have changed, and been combined under the same category of “documented information”. For the simplest explanation of what this means in terms of ISO 9001, you can think of it as documents and records together.

The documented information that is discussed in ISO 9001 is also defined as the vital information that must be kept and evaluated periodically. Records are usually retained for long periods of time, while documents hold data that is maintained and frequently updated or added to.

In other words, a document can be thought of as a sheet of paper with blank fields for certain types of data or information. The document is the blank paper, but it will become a record when a manager or employee fills it out.

Both of these methods of documenting information are equally as important, which is why they have been combined into one in the current ISO 9001 guidelines, now being recognized as just “documented information”.

ISO 9001 Documented Information Overview:

  1. Combination of documents and records into one term
  2. Documents - maintain information
  3. Records - retain information

Now that we have established the overall definition of documented information in relation to the ISO 9001 standards, you might be wondering what exactly qualifies under this category.

man writing document

Requirements for Documented Information

In this section, we will be talking about the more specific requirements for documented information as outlined in ISO 9001. In order to be complaint with these regulations, these requirements must be followed explicitly.

  1. Does not require procedures
  2. Does not require quality manual
  3. Requires both documents and records of different types

Contrary to the previous version of ISO 9001 that was released in the year 2008, the current standards do not require any specific procedures when it comes to documented information.

In addition, a quality manual is no longer required in order to be compliant with this set of regulations. The documented information that is mandatory under ISO 9001:2015 includes both documents and records of different types, which will be discussed in more detail in the next section.

What Kind of Documented Information is Required for ISO 9001?

The documented information that is required to meet ISO 9001 standards includes a variety of both documents and records. There are 4 live documents and 21 records that are needed in order to be compliant with these guidelines, all of which are listed below.

MAINTAIN the Documented Information Required for ISO 9001

Maintain the following documented information by keeping it up-to-date and relevant to the QMS:

  1. The scope of the quality management system (4.3)
  2. Information necessary to support the operation of QMS processes (4.4)
  3. The quality policy (5.2)
  4. The quality objectives (6.2)

In short, these documents display the information about the processes of the company regarding how they are currently running and how they will run in the future.

The records portion of the documented information clause, on the other hand, is very lengthy. With a total of 21 records that are required, this section of documented information gets into detail about almost every aspect of the business.

RETAIN the Documented Information Required for ISO 9001

Retain the following documented information as evidence of process compliance:

  1. Evidence of fitness for purpose of monitoring and measuring resources (
  2. Evidence of the basis used for calibration of the monitoring and measurement resources (
  3. Evidence of competence of people doing work under the control of the organization that affects the performance and effectiveness of the QMS (7.2)
  4. Documented information required by the QMS (7.5.1b)
  5. Results of the review and requirements for the products and services (8.2.3)
  6. Records to demonstrate compliance with design and development requirements (8.3.2)
  7. Records of design and development inputs (8.3.3)
  8. Records of the activities of design and development controls (8.3.4)
  9. Records of design and development outputs (8.3.5)
  10. Design and development changes, including the results of the review and the authorization of the changes and necessary actions (8.3.6)
  11. Records of the evaluation, selection, monitoring of performance and re-evaluation of external providers and any actions arising (8.4.1)
  12. Evidence of the unique identification of outputs when traceability is a requirement (8.5.2)
  13. Records of property of the customer or external provider that is lost, damaged or non-conforming and of its communication to the owner (8.5.3)
  14. Results of the review of changes for production or service provision, the persons authorizing the change, and necessary actions taken (8.5.6)
  15. Records of authorized release of products for delivery to the customer including acceptance criteria and traceability to the authorizing person(s) (8.6)
  16. Records of non-conformities, actions taken, concessions and the identity of the authority deciding the action in respect of the nonconformity (8.7)
  17. Results of the evaluation of the performance and the effectiveness of the QMS (9.1.1)
  18. Evidence of the implementation of the audit programme and the audit results (9.2.2)
  19. Evidence of the results of management reviews (9.3.3)
  20. Evidence of the nature of the nonconformities and any subsequent actions taken (10.2.2)
  21. Results of any corrective actions (10.2.2)

As mentioned in the previous section, the records are meant to retain specific information about the company. These records include information about the QMS processes, resources, and measurement traceability.

When it comes to the design and development of a product, there is a detailed process outlined in ISO 9001 with a total of 7 steps. A few of these steps require detailed records to be kept, and are referred to in this list of records as design and development planning, inputs, controls, outputs, and changes.

In short, these records are kept throughout the stages of development of a product from start to finish. From the time when the product is planned out and the functions and uses are defined to the first prototype and any changes that need to be made, everything is written down and kept as a record for future reference.

Throughout this entire process, the company personnel are required to write down their progress and any changes that are taking place in any way that they choose. For this specific category of records, the ISO 9001 regulations do not specify what type of records must be kept during these stages.

In other words, there is no specific document that must be filled out during the product development stages, as long as all of the necessary information is recorded. So, if a company would like to document this information in sketches or write an instructional manual of how to operate the product, these records will be adequate.

Document files

The rest of the records that are required within the documented information clause cover a wide range of processes and functions throughout the business. For instance, they must always monitor how many resources they are intaking and outputting in order to keep track of sales and inventory.

Other vital information about customer satisfaction and employee competency are also required to be recorded. The competence records will indicate the company personnel’s compliancy with the ISO 9001 regulations as individuals, with frequent updates on the status of competency.

The Nonconformity and Corrective Action record will help the management of the company keep track of the employees who are not complying with the ISO 9001 regulations, and should outline their plan of action in order to correct the mistakes.

All in all, the documented information clause of the ISO 9001 is meant to help a company organize all of the vital documents and records that make the business run smoothly.

When a company is compliant with the ISO 9001 regulations, they will be able to efficiently keep track of daily operations, finances, employee training, product development, and much more.

With both documents and records being included under the term “documented information”, there are plenty of ways for compliant businesses to understand the position they are currently in while working to improve it at the same time.

7.5.1 General

It should be noted that there is no need to maintain a documented procedure but organizations may still chose to operate one. Ensure that the organization’s management system includes documented information required to be maintained and retained by ISO 9001:2015, and the documented information identified by the organization to demonstrate the effective operation of its QMS as defined below.

The terms ‘documented procedure’ and ‘record’ used ISO 9001:2015 have both been replaced by the term ‘documented information’, which is defined as information required to be controlled and maintained by an organization, as well as the medium on which it is contained.

Operational procedures, work instructions, flow charts, process maps, signs, placards, container markings, labels etc. are all examples of ‘documented information’. Documented information can be in any format and media and from any source.

The organization needs to determine the level of documented information necessary to control its QMS. ‘Access’ can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.

7.5.2 Creating and Updating

You should seek to confirm that when documented information is created or updated, your organization has ensured that it is appropriately identified and described (e.g. title, date, author, reference number).

It must be in an appropriate format (e.g. language, software version, graphics) and on appropriate media (e.g. paper, electronic). Confirm that documented information is reviewed and approved for suitability and adequacy.

You should seek to confirm that when documented information is created or updated, your organization has ensured that it is appropriately identified and described (e.g. title, date, author, reference number). It must be in an appropriate format (e.g. language, software version, graphics) and on appropriate media (e.g. paper, electronic). Confirm that documented information is reviewed and approved for suitability and adequacy.

Documents that you use as a business should have clear document control. You will already be used to doing this. It also expects a clear format and for it to be approved. This is to prevent anyone just using documents that they see fit.

It seems slightly unnecessary when you are a SME as there may be a very small team or even one of you. For larger businesses this is really important so that documents are used properly and changes that have been incorporated for the good don’t get lost when someone else doesn’t understand them or removes them.

7.5.3 Control of Documented Information

A robust document control process invariably lies at the heart of any compliant management system; almost every aspect of auditing and compliance verification is determined through the scrutiny of documented information. With this in mind, it becomes apparent that the on-going maintenance of an efficient document management system must not be overlooked.

Your organization must control the documented information required by the QMS. A suitable process must be implemented to define the controls needed to; approve, review, update, identify changes, identify revision status and provide access. The documented information process should define the scope, purpose, method and responsibilities required to implement these parameters.

In order to comply with the documented information requirements, it is essential that all personnel understand what types of information that should be controlled and more importantly, how this control should be exercised.

To get the most out of your documented information process, it must communicated to ensure that staff and other users of the documentation information understand what they must do in order to manage that information effectively and efficiently. Demonstrate the organization's arrangements for controlling documented information required by ISO 9001 and your organizations own requirements, including:

  1. Availability e.g. document accessibility (hard copy, electronic media), readily available at the point of use;
  2. Suitability e.g. format, media suitable to the environment, ease of understanding, language, interpretation;
  3. Protection e.g. document authentication, document markings (official, secret, restricted, confidential, private, sensitive, classified, unclassified), access controls (individual, role specific),
  4. Physical security (master documents, server rooms, libraries) IT security (User ID, password, servers, download, back up, encryption, ‘read only’, ‘read/write’), protection from corruption and unintended alterations.

Demonstrate the organization's arrangements for document retention e.g. organization/legal/contractual retention periods, storage, preservation, back up, retention of knowledge, disposal, obsolescence e.g. withdrawal, replacement, legacy archive and suitable identification (‘for information only’, ‘not to be used after….’, ‘uncontrolled copy’, ‘for reference purposes only’, etc.

Describe how the organization protect electronic data, e.g. security policy, system access profiles, password rules, storage and back-up policy including protection from loss, unauthorized changes, unintended alteration, corruption, physical damage

Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.

Departmental managers should always be responsible for promoting good documented information practices in their area whilst supporting overall compliance to the requirements.

Individuals and their line managers should be responsible for the information that they create, as well as being responsible for their retention and disposal in line with legislative requirements and organizational needs.

Related Questions

How many clauses are there in ISO 9001 total?

In the most recent and up to date version of ISO 9001:2015, there is a total of 10 clauses. However, only clauses 4-10 are required in order to be considered compliant. In the previous version of ISO 9001:2008, there were only 8 clauses in the entire document, with clauses 4-8 being mandatory for certification.

What is the last step in ISO 9001 registration?

In order to become certified with ISO 9001, there is a series of steps and actions that must be taken before you can be considered compliant. The final step in registration leading up to the granting of certification is a full internal audit on the company to confirm that the operational standards of the company are active and effective.

Does ISO provide certification to businesses?

ISO certification is not actually provided by the ISO themselves. They simply create the international standards for all companies to choose to become compliant with. The certification process must be performed and granted by a third party, since ISO does not issue certificates at all.


ISO 9001 Clauses - DO

Written: 6th May 2019
Author: Richard Keen

Richard Keen

Richard Keen

Richard is our Compliance Director, responsible for content & product development.
But most importantly he is ISO's biggest fanboy and a true evangelist of the standards.
Learn more about Richard

ISO templates

Don’t Try to Manage It All Alone!

Our ISO Auditors and Quality Manager Trainers have been in this industry for years, and since 2002 we’ve been providing thousands of small businesses and large corporations with the tools they need to get certified.

Instead of trying to create everything you need to follow this process from scratch, use ours. We have procedures, templates, checklists, process maps, forms and gap analysis tools to help you control your documented information without missing a single input or output.

Before you invest all the hours reinventing the wheel, before you spend countless dollars outsourcing the task — try our templates.


ISO 9001:2015

Control of Documented Information Procedure- view sample

The purpose of this procedure is to ensure that all relevant documented information and organizational knowledge which forms an integral part of our quality management system is managed under controlled conditions and that all documented information is reviewed and approved by authorized personnel prior to issue.

Includes Process Activity Map and 3 forms.

Download free example procedure


add to cart

ISO 9001:2015

Documented Information Template


add to cart

  • Supplied as fully-editable MS Word or Excel files
  • All the templates use styles – making reformatting and rebranding a breeze
  • Immediate download

Pay by Credit Card, Debit Card, PayPal or Apple Pay.
Credit card, PayPal or ApplePay

Are The Templates Suitable For You?

Bought by Small Businesses and Large Corporations our templates have been sold online and CD since 2002.

Used by:

  • Small Businesses – dentists, accountants, engineers
  • Large Organizations – hospitals, power plants, aircraft manufacturers

The Templates are used by first timers following our step-by-step, clause-by-clause guidance documents; and experienced Quality Managers wishing to streamline and improve their existing documentation.

The application of our templates is scalable and generic; regardless of the size and type of organization. The elements that form the quality management system are the same.

Five Reasons To Choose Our Templates

1. Our customizable templates save you time and money by offering a streamlined process to create your quality documentation

2. They’ve got everything you need in one simple template

3. Proven to work our templates have helped thousands of businesses big and small achieve certification

4. Documents use styles to make reformatting and rebranding a breeze

5. Our templates are generalizable for any industry or sector. The application of our templates is scalable and generic; regardless of the size and type of organization.

Recent Clients

Please view our Client list.

ISO 9001 Client images

Any Questions?

Please use the chatbox on the bottom right for any FAQs about:

  • The buying process
  • Security
  • Payment and Billing
  • Downloading and Delivery
  • Document Format
  • Systems Requirements
  • Other Support

Or, email info@iso-9001-checklist.co.uk or call us on 0845 054 2886 if you have any questions about our Templates and how they can help you.