7.5.3 Control of Documented Information Explained [ISO 9001 Template]

Understanding Documented Information

Documented information is most often used within organizations as either a form of communication or as a way to provide the evidence required by audits. However, under ISO 9001:2015 standards, documented information must meet four main objectives:

• Communication of Information - Documentation must be able to communicate information in relation to the organization’s various systems and processes and the steps needed to perform them
• Evidence of Conformity - ISO 9001 requires that organizations have documentation in the form of records that support that they, in fact, have met ISO 9001 requirements
• Knowledge Sharing - An organization’s documents must be written in a way that employees across the company will be able to understand
• Preserve the organization’s Experiences – Documentation should serve as some form of history of the organization’s experiences. For example, one form of documentation may be the technical specifications of an early version of a product. This information can then be used later to serve as a baseline for improving or updating the product

Documents vs. Records

In many cases, you will see the terms “documents” and “records” in place of “documented information” throughout your ISO 9001:2015 guide. This is not to confuse you; in fact, there are a few instances in which documents and records will refer to two separate things.

The difference? Records are pieces of documented information that are retained, while documents are maintained. It is important to keep this difference in mind as you review the ISO 9001 requirements.

For more information on how ISO 9001 defines required documentation, see the Documented Information guide by ISO. You can also refer to the official ISO 9000 manual under Clause 3.8 or ISO 9001:2015, Annex A.

Documented Information Mediums

Although most would assume that by “documented information,” ISO 9001 refers to documentation in the form of paperwork, that is not necessarily the case. In fact, under ISO 9001:2015, Clause 7.5.3 Control of documented information requirements and Clause 3.8.5, documentation can be in the form of any medium, including:

• Paper
• Electronic
• Computer disc
• Photographs
• Master sample

Although the most common form of documented information is in traditional paper, know that your organization’s options are certainly not limited in this aspect.

Types of Documented Information

Similarly to how there are several types of mediums that your documentation can be in, there is also a range of the type of formats your information can have as well. Although ISO 9001 does not necessarily require a specific format, you can choose to structure your documentation’s content as the following:

• Organizational charts
• Process maps, flow charts, and/or process descriptions
• Procedures
• Work and/or test instructions
• Specifications
• Internal communications
• Production schedules
• Approved supplier lists
• Test and inspection plans
• Quality plans and manuals
• Strategic plans
• Forms

Source: ISO.org, Guidance on the Requirements for Documented Information of ISO 9001:2015

Quality Management System (QMS) Documents

The ISO 9001:2015 guide explains that the quality management system (QMS) incorporated into an organization must include the documentation required by the ISO international standard. It can also include all other documents the company deems necessary.

Although there already is a set of required documents from the standard, it is recommended that further documentation is presented to heighten your chances of success in various departments. In other words, organizations are more than welcome to include their own forms of documentation outside of what is required by ISO 9001. At the end of the day, it will only help improve your organization’s QMS.

Also well-noted here is that the actual QMS documentation required can vary from one organization to another. The following factors may affect what kind of QMS information your organization will require under ISO 9001 standards:

• Size of organization
• Methods of process
• Types of products/services
• How complex interactions are

Clauses Regarding Documented Information in ISO 9001:2015

Information that is documented must remain in accordance with the organization’s quality management system (QMS). The ISO guide mentions what these requirements are, specifically in the following clauses:

• Clause 4.3 - Scope of the QMS
• Clause 4.4 - Documented information necessary for supporting the operation of processes
• Clause 5 - Quality Policy
• Clause 6.2 - Quality Objectives
• Clause 7.5 - Documentation subject to certain requirements

Make sure that you thoroughly review all of the clauses previously listed. You should become familiar with each of them, as they will play a large role in your business’s overall success. Pay special attention to Clause 7.5, as this section notes requirements your documented information must meet under ISO 9001 standards.

Documentation to Improve Quality Management Systems

A quality manual template provides a great set of pre-written documents that can help improve a company’s existing QMS. These documents include:

• Procedures
• Forms
• Quality Plans
• Strategic Plans
• organizational Charts
• Approved Supplier Lists
• Quality Manuals

This list is only the beginning of documents that can help improve your organization’s systems and processes. Depending on your business size or type, you may require additional documentation relevant to your industry.

Documentation Information for Audits

A quality manual template also includes an internal audit template, which provides a list of documents required as a form of evidence during routine audits to achieve certification. Various clauses cover these specific documents:

• Clause 4.4 - Documented information sufficient enough to provide confidence that a quality management system plan will be executed properly
• Clause 7.1.5.1 - Evidence demonstrating the measuring and monitoring of certain resources
• Clause 7.1.5.2 - Evidence that revolves around calibrating the monitoring and measuring of various resources. This is needed when no national/international standard exists for specific resources
• Clause 7.2 - Evidence showing the competence of a person(s) that have completed work underneath the control of the organization in charge, directly affecting the performance as well as the effectiveness of the QMS
• Clause 8.2.3 - Documentation must show the results of reviews, as well as the new list of requirements for products/services
• Clause 8.3.2 - Records that are required for design and development and their standards
• Clause 8.3.3 - Records related to design and development inputs
• Clause 8.3.4 - Records that are based on the activities of design and development controls
• Clause 8.3.5 - Records concerning design and development outputs
• Clause 8.3.6 - Authorized changes centered around design and development
• Clause 8.4.1 - Recorded necessary steps of evaluation, monitoring, selection, and re-evaluation of external providers, as well as any other actions that may take place
• Clause 8.5.2 - Evidence that identifies the outputs when traceability is a requirement
• Clause 8.5.3 - Records regarding the property of both the customer and external providers that are not suitable for use, such as lost or damaged items
• Clause 8.5.6 - Information including the results of a review as well as suggested actions/changes in both the production and service provision. This documentation also includes a list of those who authorize such changes
• Clause 8.7 - Records of all non-conformities, as well as concessions that were obtained. Also included in this is the identification of authority that decides what action will take place as a result of non-conformity
• Clause 9.1.1 - Results of evaluation based on the performance, as well as the effectiveness of the QMS
• Clause 9.3.3 - Evidence that is based on management reviews
• Clause 10.2.2 - Evidence that is based on the nonconformities’ nature, as well as corrective actions that need to be taken. There must also be documentation of the results that come from these corrective actions.

Note that other documentation outside of this list can be added to improve your organization’s quality management system. Of course, each business is different, so the types of optional documents you may retain and maintain will depend on your QMS in addition to your industry and size.

Preparing to Implement a QMS

Implementing a quality management system can be hectic for anyone at any organization. This is why it is great that the ISO (International organization for Standardization) has provided some clarity on the subject on their user-friendly guide. If your organization is getting ready to introduce a new QMS and wish to achieve ISO 9001 certification, it is recommended that you refer to their ISO 9001:2015 guide.

Some useful tips that are provided include making sure that the interaction between the processes involved has been determined. Also, make sure that you have properly figured out what processes are needed for effective implementation is important to have a successful QMS.

Also recommended is to have a process that involves effective operations and controls well documented. One of the best tools to use during this is process mapping; however, it is not a requirement to use.

The analysis of the processes should be the primary focal point in order to define exactly what amount of documented information will be needed for the QMS to run efficiently. Also, you should be taking into consideration all of the requirements set out by ISO 9001 itself as well during this process.

If you are preparing to implement a new or updated QMS, keep in mind everything that you will need to determine before starting. Some things you will need to consider before integrating a QMS into your business are processes that are needed, as well as the interactions that need to happen between them in order to function properly.

Updating or Refreshing an Existing Quality Management System

A quality management system is not always built from scratch; in fact, many organizations choose to update their existing QMS to meet ISO 9001:2015 standards better. Doing so helps businesses save time and resources, and makes transitioning into a new QMS easier, so it is no surprise that this is common among organizations of many types.

If your organization is planning on updating an existing QMS, then one thing you will need to review is your documentation. Luckily, you will not need to rewrite documented information that exists completely. However, you will at least need to make sure the documentation is updated to reflect the new version of your QMS as well as meet ISO 9001 requirements.

To update or refresh your QMS documentation click here

If you find that your QMS is already operating effectively and successfully, then you should not encounter any issues when it comes to updating saved documentation.

Requirements for Documentation

The documented information that you provide must cover all requirements mentioned within the ISO 9001 standard. One of the requirements is to provide such documents as a form of evidence for conformance.

Three documents that are required by the ISO 9001 standard are:

• Quality Policy
• Quality Objectives
• QMS Scope

Quality Manual

Although a quality manual is not required within ISO 9001 like the previous three documents listed, it is highly recommended that your business has one. Not only are quality manuals a great way to simplify and communicate the steps to complicated processes, but they also offer much knowledge of the ISO 9001 standard. They can also be customized to fit your specific organization.

Even though it takes time and effort to create and solidify a quality manual fit for your company, it is well worth it — especially if you plan on bringing in new employees and want to introduce them to your quality management system (QMS).

Conformity & Audits

Of course, when updating or creating new documents, it is important that your paperwork conforms to ISO 9001:2015 standards. This is especially the case if your organization’s goal is to be certified.

Conformity is a term that characterizes an organization that has met all the requirements of ISO 9001:2015 and has a successful QMS. Conformity is usually determined during routine internal and external audits.

During these audits, your auditor will request that you provide documentation — or evidence — that your QMS is up to standard and is effective. The key here is that your organization has to be able to provide the effectiveness of its QMS using its available, controlled documentation. Controlled documents are a requirement for ISO 9001:2015, so if you have this information already, you are one step ahead.

There are certain cases in which your specific business may not be required to provide documentation as a form of evidence. However, in these situations, it is always better for an organization to have documentation anyway; it will make for a better QMS down the line.

Suitability

Suitability refers to documentation that assures conformity to the ISO 9001:2015 standard. In other words, the documentation you have created is properly fitted for your internal processes across departments while meeting ISO requirements.

Managing & Controlling Documents

It is no secret that the process of gathering documented information can be overwhelming. However, if you are organized and have a quality manual on hand to keep you on track, you will be controlling documents in no time.

Process Activity Map

One of the best tools that help organizations control documented information is a process activity map. The map contains the subject (what, who, input/output, how, measure) on the left side, in addition to its respective information pertaining to the document needed to be controlled on the right side. The activity in which both sides link is usually in the center of the map.

The map is set up with the subjects with what, input, and how on the left side, with with who output, and with what measure on the right. In the center is an activity, which everything eventually links to in some way and vice versa.

The following is an example of what a process activity map can include:

Another thing that can help your organization control documented information is understanding special references, terms, and definitions. For example, some of the more important terms you will need an understanding of include:

• Documented information (discussed in ISO 9001:2015, Clause 3.8.2)
• Record (Clause 3.8.5)
• Quality manual (Clause 3.8.7)
• Specification (Clause 3.8.5)
• Objective evidence (Clause 3.8.1)

Controlling documented information is much easier said than done.

If you are implementing a quality management system (QMS) into your organization for the first time, you will have quite a while before you reach the point where you can easily control documents and achieve ISO 9001 certification. However, the time and effort put into improving your business are well worth it.

Outside of aiming for ISO 9001 certification, having controlled documents allows your business to function much more efficiently, as it provides records, communication, and education for employees