So, how do you “control” documented information? To control documented information, you will need to organize and collect necessary information regarding various processes. From this information, you must develop simplified, diversified materials that can be applied to different departments and organizations.
If you are implementing a new or updated quality management system (QMS) into your business under ISO 9001:2015, you are required to have relevant documentation that coincides with it. There are several types of documentation that can be used to serve this purpose, including records, reports, policies, and more.
The entire process of organizing updated documentation according to ISO 9001 is commonly referred to as having a “control of documented information.” Like its name suggests, ISO 9001 requires that you have a “controlled,” or organized set of documents that reflect the details of your quality management system.
|ISO 9001:2015||ISO 9001:2008||Summary of Changes|
|7.5||Documented Information||4.2||Documentation Requirements||Title only.|
|7.5.2||Creating and Updating||4.2.3||Control Of Documents||This requirement is comparable to the requirements from ISO 9001:2008 Clause 4.2.3 – Document Control|
|7.5.3||Control Of Documented Information||4.2.4||Control Of Records||This requirement is comparable to the requirements from ISO 9001:2008 Clause 4.2.4 – Control of Records.|
When it comes to controlling documented information, there should not be a question of if you should do it, but rather why you should do it. There are a few reasons why it is beneficial for organizations of all types to control documented information.
Controlling documented information keeps your business organized; when it comes to ISO 9001 certification, this is very important. You will need to be able to show your ISO 9001 auditor that you have organized your quality management system documents with the most updated information and have it available and within reach for management and employees who need to refer to it. Otherwise, you could be considered nonconformant and will lose certification.
Simply put, without controlling documents, your business will lack organization, and without these important documents and organization, you significantly reduce your chances of achieving ISO 9001 certification.
By controlling documents, you are not only organizing them but also developing them so that they are user-friendly and simple to understand for your staff. If your documents are controlled, it is much easier for employees to read and understand the information that it provides.
In turn, employees who are able to better comprehend the information your documents provide will understand how to perform their responsibilities better and more efficiently. And, with more efficient employees comes a more positive company outlook, improved quality services and products, and satisfied customers—all of which are goals for implementing quality management systems into your business.
In other words: there’s no point of seeking out ISO 9001 certification without having controlled documents in the first place!
Please click here to find ISO Templates that are proven to work.
In order to properly control documents under ISO 9001:2015 standards, it is important to first understand what those standards are and what they mean for your business.
First, you must understand what the objectives of the ISO 9001:2015 standards are. The Documented Information guide by ISO, which details the requirements needed for documented information, opens by discussing the two most important objectives for the ISO 9000 series:
The ISO 9001:2015 introduction also mentions quality management systems (QMS), which is also important to understand in order to control documents relevant to your organization’s QMS properly.
Documented information is most often used within organizations as either a form of communication or as a way to provide the evidence required by audits. However, under ISO 9001:2015 standards, documented information must meet four main objectives:
In many cases, you will see the term “documents” and “records” in place of “documented information” throughout your ISO 9001:2015 guide. This is not to confuse you; in fact, there are a few instances in which documents and records will refer to two separate things.
The difference? Records are pieces of documented information that are retained, while documents are maintained. It is important to keep this difference in mind as you review the ISO 9001 requirements.
For more information on how ISO 9001 defines required documentation, see the Documented Information guide by ISO. You can also refer to the official ISO 9000 manual under Clause 3.8 or ISO 9001:2015, Annex A.
Although most would assume that by “documented information,” ISO 9001 is referred to documentation in the form of paperwork, that is not necessarily the case. In fact, under ISO 9001:2015, Clause 7.5.3 Control of documented information requirements and Clause 3.8.5, documentation can be in the form of any medium, including:
Although the most common form of documented information is in traditional paper, know that your organization’s options are certainly not limited in this aspect.
Similarly to how there are several types of mediums that your documentation can be in, there is also a range of the type of formats your information can have as well. Although ISO 9001 does not necessarily require a specific format, you can choose to structure your documentation’s content as the following:
The ISO 9001:2015 guide explains that the quality management system (QMS) incorporated into an organization must include the documentation required by the ISO international standard. It can also include all other documents the company deems necessary.
Although there already is a set of required documents from the standard, it is recommended that further documentation is presented to heighten your chances of success in various departments. In other words, organizations are more than welcome to include their own forms of documentation outside of what is required by ISO 9001. At the end of the day, it will only help improve your organization’s QMS.
Also, well-noted here is that actual QMS documentation required can vary from one organization to the other. The following factors may affect what kind of QMS information your organization will require under ISO 9001 standards:
Information that is documented must remain in accordance with the organization’s quality management system (QMS). The ISO guide mentions what these requirements are, specifically in the following clauses:
Make sure that you thoroughly review all of the clauses previously listed. You should become familiar with each of them, as they will play a large role in your business’s overall success. Pay special attention to Clause 7.5, as this section notes requirements your documented information must meet under ISO 9001 standards.
The documented information maintained by an organization is necessary for it to operate smoothly. The ISO 9001 guide also provides a great list of documents that can help improve a company’s existing QMS. These documents include:
This list is only the beginning of documents that can help improve your organization’s systems and processes. Depending on the size or type of business you are, you may require additional documentation relevant to your industry.
The comprehensive ISO 9001 guide also provides a list of documents required as a form of evidence during routine audits to achieve certification. Various clauses cover these specific documents:
Note that other documentation outside of this list can be added to improve your organization’s quality management system. Of course, each business is different, so the types of optional documents you may retain and maintain will depend on your QMS in addition to your industry and size.
Implementing a quality management system can be hectic for anyone at any organization. This is why it is great that the ISO (International Organization for Standardization) has provided some clarity on the subject on their user-friendly guide. If your organization is getting ready to introduce a new QMS and wish to achieve ISO 9001 certification, it is recommended that you refer to their ISO 9001:2015 guide.
Some useful tips that are provided include making sure that the interaction between the processes involved has been determined. Also, make sure that you have properly figured out what processes are needed for effective implementation is important to have a successful QMS.
Also recommended is to have a process that involves effective operations and controls well documented. One of the best tools to use during this is process mapping; however, it is not a requirement to use.
The analysis of the processes should be the primary focal point in order to define exactly what amount of documented information will be needed for the QMS to run efficiently. Also, you should be taking into consideration all of the requirements set out by ISO 9001 itself as well during this process.
If you are preparing to implement a new or updated QMS, keep in mind everything that you will need to determine before starting. Some things you will need to consider before integrating a QMS into your business are processes that are needed, as well as the interactions that need to happen between them in order to function properly.
A quality management system is not always built from scratch; in fact, many organizations choose to update their existing QMS to meet ISO 9001:2015 standards better. Doing so helps businesses save time and resources, and makes transitioning into a new QMS easier, so it is no surprise that this is common among organizations of many types.
If your organization is planning on updating an existing QMS, then one thing you will need to review is your documentation. Luckily, you will not need to rewrite documented information that exists completely. However, you will at least need to make sure the documentation is updated to reflect the new version of your QMS as well as meet ISO 9001 requirements.
If you find that your QMS is already operating effectively and successfully, then you should not encounter any issues when it comes to updating saved documentation.
The documented information that you provide must cover all requirements mentioned within the ISO 9001 standard. One of the requirements is to provide such documents as a form of evidence for conformance.
Three documents that are required by the ISO 9001 standard are:
Although a quality manual is not required within ISO 9001 like the previous three documents listed, it is highly recommended that your business has one. Not only are quality manuals a great way to simplify and communicate the steps to complicated processes, but they also offer much knowledge of the ISO 9001 standard. They can also be customized to fit your specific organization.
Even though it takes time and effort to create and solidify a quality manual fit for your company, it is well worth it — especially if you plan on bringing in new employees and want to introduce them to your quality management system (QMS).
Of course, when updating or creating new documents, it is important that your paperwork conforms to ISO 9001:2015 standards. This is especially the case if your organization’s goal is to be certified.
Conformity is a term that characterizes an organization that has met all the requirements of ISO 9001:2015 and has a successful QMS. Conformity is usually determined during routine internal and external audits.
During these audits, your auditor will request that you provide documentation — or evidence — that your QMS is up to standard and is effective. The key here is that your organization has to be able to provide the effectiveness of its QMS using its available, controlled documentation. Controlled documents are a requirement for ISO 9001:2015, so if you have this information already, you are one step ahead.
There are certain cases in which your specific business may not be required to provide documentation as a form of evidence. However, in these situations, it is always better for an organization to have documentation anyway; it will make for a better QMS down the line.
Suitability refers to documentation that assures conformity to the ISO 9001:2015 standard. In other words, the documentation you have created is properly fitted for your internal processes across departments while meeting ISO requirements.
It is no secret that the process of gathering documented information can be overwhelming. However, if you are organized and have a quality manual on hand to keep you on track, you will be controlling documents in no time.
One of the best tools that help organizations control documented information is a process activity map. The map contains the subject (what, who, input/output, how, measure) on the left side, in addition to its respective information pertaining to the document needed to be controlled on the right side. The activity in which both sides link is usually in the center of the map.
The map is set up with the subjects with what, input, and how on the left side, with with who output, and with what measure on the right. In the center is an activity, which everything eventually links to in some way and vice versa.
The following is an example of what a process activity map can include:
What - Retained Information & Maintained Information
Controlling documented information and organizational knowledge.
With Who - Document Control & Quality Manager
Input - Revised QMS Documents, Standards, Customer Drawings, Specifications, and Process Changes
Output - Document Approval, Process Control, Continual Improvement, Document Changes, and Record Control
How - Documented Information Register and Disaster Recovery
With What Measure - Number of Incorrect Documents, Number of Document Errors, and Number of Document Changes
Another thing that can help your organization control documented information is understanding special references, terms, and definitions. For example, some of the more important terms you will need an understanding of include:
With the most recent ISO 9001:2015 standard, many organizations are wondering if it is best to adjust to the new standard, or even seek certification for the standard in the first place.
While there is no official requirement to update to the new standard or to achieve the standard, it is highly recommended for organizations, and for many reasons:
After reading all of this information, you may be wondering if the effort for achieving certification is worth it in the first place. It is! ISO 9001 is one of the most renown standardizations around the globe and has helped many businesses reach the next level of providing quality service to customers, providers, and employees.
Many benefits come from certification, including:
Controlling documented information is much easier said than done. If you are implementing a quality management system (QMS) into your organization for the first time, you will have quite a while before you reach the point where you can easily control documents and achieve ISO 9001 certification. However, the time and effort put into improving your business are well worth it.
Outside of aiming for ISO 9001 certification, having controlled documents allows your business to function much more efficiently, as it provides records, communication, and education for employees. For example, if you have a system that is complex or offers inconsistencies between completed processes, you may want to have some form of documentation so that your employees—both old and new—are able to execute and successfully complete such processes.
In conclusion, with the right knowledge, you can easily create, update, and organize documented information while staying within ISO 9001:2015 standards. You will be a certified ISO 9001 organization in no time!
ISO 9001 Clauses - DO
- 7.1 Monitoring and Measuring Resources for ISO 9001
- 7.2 Competence and Awareness - What is it?
- 7.5 What is Documented Information in ISO 9001
- 7.5.2 Creating and updating Documented Information for ISO 9001
- 7.5.3 Control of Documented Information Explained
- 8.2 What are the Requirements for Products and Services?
- 8.3 Design and Developent of Products and Services Explained
- 8.7 Control of Nonconforming Process outputs Products and Services
Written: 31st August 2019
Author: Richard Keen
Richard is our Compliance Director, responsible for content & product development.
But most importantly he is ISO's biggest fanboy and a true evangelist of the standards.
Learn more about Richard
Don’t Try to Manage It All Alone!
Our ISO Auditors and Quality Manager Trainers have been in this industry for years, and since 2002 we’ve been providing thousands of small businesses and large corporations with the tools they need to get certified.
Instead of trying to create everything you need to follow this process from scratch, use ours. We have procedures, templates, checklists, process maps, forms and gap analysis tools to help you control your documented information without missing a single input or output.
Before you invest all the hours reinventing the wheel, before you spend countless dollars outsourcing the task — try our templates.
Control of Documented Information Procedure- view sample
The purpose of this procedure is to ensure that all relevant documented information and organizational knowledge which forms an integral part of our quality management system is managed under controlled conditions and that all documented information is reviewed and approved by authorized personnel prior to issue.
Includes Process Activity Map and 3 forms.
Documented Information Template
Pay by Credit Card, Debit Card, PayPal or Apple Pay.
Bought by Small Businesses and Large Corporations our templates have been sold online and CD since 2002.
The Templates are used by first timers following our step-by-step, clause-by-clause guidance documents; and experienced Quality Managers wishing to streamline and improve their existing documentation.
The application of our templates is scalable and generic; regardless of the size and type of organization. The elements that form the quality management system are the same.
1. Our customizable templates save you time and money by offering a streamlined process to create your quality documentation
2. They’ve got everything you need in one simple template
3. Proven to work our templates have helped thousands of businesses big and small achieve certification
4. Documents use styles to make reformatting and rebranding a breeze
5. Our templates are generalizable for any industry or sector. The application of our templates is scalable and generic; regardless of the size and type of organization.