The Documented Information clause might have come as a surprise to a lot of compliant businesses within the most recent version of ISO 9001 standards, since different terminology has been used in previous years. So, I did some deeper research to come up with a simple explanation of what documented information consists of exactly.
What is documented information in ISO 9001? The term “documented information” in the ISO 9001 guidelines is basically a combination of the two terms “documents” and “records”. It refers to all of the important information within a business that must be kept organized and controlled.
If you have taken the time to read through the ISO 9001 requirements, you might have looked twice at the term “documented information”. With such vague specifications, there is a lot more to be said about this concept.
In this article, we will be going over what ISO 9001 really means by documented information, and everything else you would need to know about the topic.
|ISO 9001:2015||ISO 9001:2008||Summary of Changes|
|7.5||Documented Information||4.2||Documentation Requirements||Title only.|
|7.5.2||Creating and Updating||4.2.3||Control Of Documents||This requirement is comparable to the requirements from ISO 9001:2008 Clause 4.2.3 – Document Control|
|7.5.3||Control Of Documented Information||4.2.4||Control Of Records||This requirement is comparable to the requirements from ISO 9001:2008 Clause 4.2.4 – Control of Records.|
In previous versions of ISO standards, the terms “documents” and “records” were formally used to refer to the important information and data that exists within a company.
In the current ISO 9001 guidelines that were most recently released in the year 2015, these terms have changed, and been combined under the same category of “documented information”. For the simplest explanation of what this means in terms of ISO 9001, you can think of it as documents and records together.
The documented information that is discussed in ISO 9001 is also defined as the vital information that must be kept and evaluated periodically. Records are usually retained for long periods of time, while documents hold data that is maintained and frequently updated or added to.
In other words, a document can be thought of as a sheet of paper with blank fields for certain types of data or information. The document is the blank paper, but it will become a record when a manager or employee fills it out.
Both of these methods of documenting information are equally as important, which is why they have been combined into one in the current ISO 9001 guidelines, now being recognized as just “documented information”.
Please click here to find ISO Templates that are proven to work.
ISO 9001 Documented Information Overview:
Now that we have established the overall definition of documented information in relation to the ISO 9001 standards, you might be wondering what exactly qualifies under this category.
In this section, we will be talking about the more specific requirements for documented information as outlined in ISO 9001. In order to be complaint with these regulations, these requirements must be followed explicitly.
Contrary to the previous version of ISO 9001 that was released in the year 2008, the current standards do not require any specific procedures when it comes to documented information.
In addition, a quality manual is no longer required in order to be compliant with this set of regulations. The documented information that is mandatory under ISO 9001:2015 includes both documents and records of different types, which will be discussed in more detail in the next section.
The documented information that is required to meet ISO 9001 standards includes a variety of both documents and records. There are 4 live documents and 21 records that are needed in order to be compliant with these guidelines, all of which are listed below.
Maintain the following documented information by keeping it up-to-date and relevant to the QMS:
In short, these documents display the information about the processes of the company regarding how they are currently running and how they will run in the future.
The records portion of the documented information clause, on the other hand, is very lengthy. With a total of 21 records that are required, this section of documented information gets into detail about almost every aspect of the business.
Retain the following documented information as evidence of process compliance:
As mentioned in the previous section, the records are meant to retain specific information about the company. These records include information about the QMS processes, resources, and measurement traceability.
When it comes to the design and development of a product, there is a detailed process outlined in ISO 9001 with a total of 7 steps. A few of these steps require detailed records to be kept, and are referred to in this list of records as design and development planning, inputs, controls, outputs, and changes.
In short, these records are kept throughout the stages of development of a product from start to finish. From the time when the product is planned out and the functions and uses are defined to the first prototype and any changes that need to be made, everything is written down and kept as a record for future reference.
Throughout this entire process, the company personnel are required to write down their progress and any changes that are taking place in any way that they choose. For this specific category of records, the ISO 9001 regulations do not specify what type of records must be kept during these stages.
In other words, there is no specific document that must be filled out during the product development stages, as long as all of the necessary information is recorded. So, if a company would like to document this information in sketches or write an instructional manual of how to operate the product, these records will be adequate.
The rest of the records that are required within the documented information clause cover a wide range of processes and functions throughout the business. For instance, they must always monitor how many resources they are intaking and outputting in order to keep track of sales and inventory.
Other vital information about customer satisfaction and employee competency are also required to be recorded. The competence records will indicate the company personnel’s compliancy with the ISO 9001 regulations as individuals, with frequent updates on the status of competency.
The Nonconformity and Corrective Action record will help the management of the company keep track of the employees who are not complying with the ISO 9001 regulations, and should outline their plan of action in order to correct the mistakes.
All in all, the documented information clause of the ISO 9001 is meant to help a company organize all of the vital documents and records that make the business run smoothly.
When a company is compliant with the ISO 9001 regulations, they will be able to efficiently keep track of daily operations, finances, employee training, product development, and much more.
With both documents and records being included under the term “documented information”, there are plenty of ways for compliant businesses to understand the position they are currently in while working to improve it at the same time.
Please click here to find ISO Templates that are proven to work.
The terms ‘documented procedure’ and ‘record’ used in ISO 9001:2015 have both been replaced by the term ‘documented information’, which is defined as information required to be controlled and maintained by an organization, as well as the medium on which it is contained.
A robust document control process lies at the heart of a quality management system; almost every aspect of auditing and compliance verification is determined through the scrutiny of documented evidence.
An organization must control the documentation required by the quality management system and that a suitable document control procedure must be implemented to define the controls needed to; approve, review, update, identify changes, identify revision status and provide access. The document control procedure must clearly define the scope, purpose, method and responsibilities required to implement these parameters.
In order to comply with the document control clause, it is essential that all personnel understand:
To get the most out of your document control procedure it must communicate the steps necessary to ensure that staff and other users of the organisation’s documentation understand what they must do in order to manage that information effectively and efficiently.
Departmental managers should always be responsible for promoting good document and record management practices in their area whilst supporting overall compliance to the document control procedure.
Individuals and their line managers should be responsible for the documents and records that they create, as well as being responsible for their retention and disposal in line with legislative requirements and organisational procedures and practices.
It should be noted that there is no need to maintain a documented procedure but organizations may still chose to operate one. Ensure that the organization’s management system includes documented information required to be maintained and retained by ISO 9001:2015, and the documented information identified by the organization to demonstrate the effective operation of its QMS as defined below.
Operational procedures, work instructions, flow charts, process maps, signs, placards, container markings, labels etc. are all examples of ‘documented information’. Documented information can be in any format and media and from any source.
The organization needs to determine the level of documented information necessary to control its QMS. ‘Access’ can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.
You should seek to confirm that when documented information is created or updated, your organization has ensured that it is appropriately identified and described (e.g. title, date, author, reference number).
It must be in an appropriate format (e.g. language, software version, graphics) and on appropriate media (e.g. paper, electronic). Confirm that documented information is reviewed and approved for suitability and adequacy.
You should seek to confirm that when documented information is created or updated, your organization has ensured that it is appropriately identified and described (e.g. title, date, author, reference number). It must be in an appropriate format (e.g. language, software version, graphics) and on appropriate media (e.g. paper, electronic). Confirm that documented information is reviewed and approved for suitability and adequacy.
Documents that you use as a business should have clear document control. You will already be used to doing this. It also expects a clear format and for it to be approved. This is to prevent anyone just using documents that they see fit.
It seems slightly unnecessary when you are a SME as there may be a very small team or even one of you. For larger businesses this is really important so that documents are used properly and changes that have been incorporated for the good don’t get lost when someone else doesn’t understand them or removes them.
A robust document control process invariably lies at the heart of any compliant management system; almost every aspect of auditing and compliance verification is determined through the scrutiny of documented information. With this in mind, it becomes apparent that the on-going maintenance of an efficient document management system must not be overlooked.
Your organization must control the documented information required by the QMS. A suitable process must be implemented to define the controls needed to; approve, review, update, identify changes, identify revision status and provide access. The documented information process should define the scope, purpose, method and responsibilities required to implement these parameters.
In order to comply with the documented information requirements, it is essential that all personnel understand what types of information that should be controlled and more importantly, how this control should be exercised.
To get the most out of your documented information process, it must communicated to ensure that staff and other users of the documentation information understand what they must do in order to manage that information effectively and efficiently. Demonstrate the organization's arrangements for controlling documented information required by ISO 9001 and your organizations own requirements, including:
Demonstrate the organization's arrangements for document retention e.g. organization/legal/contractual retention periods, storage, preservation, back up, retention of knowledge, disposal, obsolescence e.g. withdrawal, replacement, legacy archive and suitable identification (‘for information only’, ‘not to be used after….’, ‘uncontrolled copy’, ‘for reference purposes only’, etc.
Describe how the organization protect electronic data, e.g. security policy, system access profiles, password rules, storage and back-up policy including protection from loss, unauthorized changes, unintended alteration, corruption, physical damage
Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.
Departmental managers should always be responsible for promoting good documented information practices in their area whilst supporting overall compliance to the requirements.
Individuals and their line managers should be responsible for the information that they create, as well as being responsible for their retention and disposal in line with legislative requirements and organizational needs.
In the most recent and up to date version of ISO 9001:2015, there is a total of 10 clauses. However, only clauses 4-10 are required in order to be considered compliant. In the previous version of ISO 9001:2008, there were only 8 clauses in the entire document, with clauses 4-8 being mandatory for certification.
In order to become certified with ISO 9001, there is a series of steps and actions that must be taken before you can be considered compliant. The final step in registration leading up to the granting of certification is a full internal audit on the company to confirm that the operational standards of the company are active and effective.
ISO certification is not actually provided by the ISO themselves. They simply create the international standards for all companies to choose to become compliant with. The certification process must be performed and granted by a third party, since ISO does not issue certificates at all.
ISO 9001 Clauses - DO
- 7 Support
- 7.1 Resources
- 7.2 Competence
- 7.3 Awareness
- 7.4 Communication
- 7.5 Documented information
- 8.1 Operational planning and control
- 8.2 Requirements for products and services
- 8.3 Design and developent of products and services
- 8.4 Control of externally proveded processes, products and services
- 8.5 Productions and service provision
- 8.6 Release of products and services
- 8.7 Control of nonconforming outputs
Updated: 9th October 2019
Author: Richard Keen
Richard is our Compliance Director, responsible for content & product development.
But most importantly he is ISO's biggest fanboy and a true evangelist of the standards.
Learn more about Richard
Don’t Try to Manage It All Alone!
Our ISO Auditors and Quality Manager Trainers have been in this industry for years, and since 2002 we’ve been providing thousands of small businesses and large corporations with the tools they need to get certified.
Instead of trying to create everything you need to follow this process from scratch, use ours. We have procedures, templates, checklists, process maps, forms and gap analysis tools to help you control your documented information without missing a single input or output.
Before you invest all the hours reinventing the wheel, before you spend countless dollars outsourcing the task — try our templates.
Control of Documented Information Procedure - view sample
The purpose of this procedure is to ensure that all relevant documented information and organizational knowledge which forms an integral part of our quality management system is managed under controlled conditions and that all documented information is reviewed and approved by authorized personnel prior to issue.
Includes Process Activity Map and 3 forms.
Documented Information Template
Pay by Credit Card, Debit Card, PayPal or Apple Pay.
Bought by Small Businesses and Large Corporations our templates have been sold online and CD since 2002.
The Templates are used by first timers following our step-by-step, clause-by-clause guidance documents; and experienced Quality Managers wishing to streamline and improve their existing documentation.
The application of our templates is scalable and generic; regardless of the size and type of organization. The elements that form the quality management system are the same.
1. Our customizable templates save you time and money by offering a streamlined process to create your quality documentation
2. They’ve got everything you need in one simple template
3. Proven to work our templates have helped thousands of businesses big and small achieve certification
4. Documents use styles to make reformatting and rebranding a breeze
5. Our templates are generalizable for any industry or sector. The application of our templates is scalable and generic; regardless of the size and type of organization.
Please view our Client list.
Please use the chatbox on the bottom right for any FAQs about:
Or, email [email protected] or call us on 0845 054 2886 if you have any questions about our Templates and how they can help you.