Some tips to make Document Control more useful for your QMS

Have you ever thought that a documented procedure for documents is unnecessary? Do you fail to see why this is such an important requirement of any Management Standard (ISO 9001, but also ISO 14001, ISO 27001, etc.)? As one of the six mandatory documents of ISO 9001, this is one of the cornerstones for making your Quality Management System easily understood and relevant for anyone who needs to reference it. Like most other things in the ISO 9001 standard, these requirements do not tell you what needs to be a documented procedure in your QMS, but they do define some things you need to do with a documented procedure once you have decided you need to document it. The procedure for document control is closely related to the procedure for Record Control, and share many commonalities, and it is certainly acceptable to merge the two procedures if you wish, and many companies do.

For more information, see Some tips to make Control of Records more useful for your QMS.

Why is a documented procedure needed?

The reason for a documented procedure is to define controls. The procedure can be a document of words, a flowchart of some sort, or any other form of documentation that the company finds useful, but it does need to be documented, and it needs to define the controls for the following list of seven attributes of the process. I have identified some tips on each topic to help make your controls better suited to your needs, but an overall question you need to answer is what customer requirements are there for these aspects of the process.

1) Approve for Adequacy. Decide how you will determine that a procedure is adequate and can be used, and who is responsible for approving this. The approver might be the same for all procedures, or might change depending on who owns a process. It is also important to have a way to make sure that the documents for different processes are not contradictory or in conflict with each other.

2) Review/Update and Re-Approve. Determine how updates that are identified for a process are assessed for implementation, and how the updated procedure will be approved again for use. There should be a way to make sure that the change doesn’t affect other processes, like eliminating a record that is essential for another process to work, and equally importantly, to ensure that the participants of an earlier process know that they no longer need to create a record if it is no longer needed in an updated process.

3) Changes and Revision Status identified. You need to figure out how you will identify documents so that the people who need to use them know there is a change (this is often easier with electronic versions than with paper copies), as well as ensure that if a user has two versions of a document they know which is the latest version to use (this does not require revision control, but that is one way of accomplishing this goal). It is often beneficial to have some way to identify what has changed in a document to make transition easier, because making the change easy to understand can make compliance to the change better.

4) Relevant Versions at point of use. It is important to make sure people are using the most recent version of documents, and to eliminate situations that allow people to have an older version that they reference after changes have been made and approved. It is important to think about remote employees who need to know about updates and do not access your documents from a central location, as well as suppliers or customers in the same situation.

5) Legible and identifiable. Documents need to be readable by everyone, scans need to be clear enough to read, and they need to be in the appropriate languages for those who need to use them. Documents should be written at an appropriate level for the people who need to use them (if they read like a PhD thesis, some employees may not understand the content), and it should be easy to identify what process the document is for. (Can you identify the document on all pages, or is the document useless if the front page is missing or a paper copy is dropped and goes out of order?)

6) Control of External Documents. If you have customer or regulatory documents that are required for your processes, these need to be controlled, and there must be a way to tell if there are new versions so that you can replace them and stop using outdated versions. If the distribution of these documents is restricted to certain persons, how do you control this?

7) Prevent use of Obsolete Documents. If you have made a change to a documented procedure, it is certainly because you have a need to change the process and want people to stop doing the process the old way, so you need to make sure people are not using an older version to do their job. If it doesn’t matter that people are not following the most current process, then why did you change it? Or, more importantly, why does a mandated process order exist in the first place?

For more information, see Deciding which procedures to document in QMS.

Make your Document Control work for you

It is important to note that the reason you have a documented procedure for controlling documents is not to mandate what to document, but to ensure the controls are in place for the important procedures that you do decide to document. The controls should be as strict as needed, because you have decided that these are the processes that must be done consistently each time to ensure that your Quality System functions properly to provide good products or services for your customers. If you have identified a process as this important, it is important to control the method of documenting it as well. You owe it to your customers and yourself.

Download this free Checklist of Mandatory Documentation Required by ISO 9001:2015 to learn about the structure of documents needed for QMS implementation.

Advisera Mark Hammar
Mark Hammar
Mark Hammar is a Certified Manager of Quality / Organizational Excellence through the American Society for Quality and has been a Quality Professional since 1994. Mark has experience in auditing, improving processes, and writing procedures for Quality, Environmental, and Occupational Health & Safety Management Systems, and is certified as a Lead Auditor for ISO 9001, AS9100, and ISO 14001.