Get 4 FREE months of Conformio to implement ISO 27001

New approach to document and record control in ISO 9001:2015

There is a lot of talk going around about how documented information is changing in the new version of ISO 9001. Can we get rid of our documented procedures? What about documents or records – are there no more requirements for that? While it appears from all advanced drafts of the new 2015 version of ISO 9001 that the specific requirements for documented procedures and records have been removed, there is a new requirement for documented information, which is intended to incorporate both the documents and the records. Here is a bit more about what is meant by documented information.

What is documented information?

ISO 9001:2015 defines documented information as meaningful data that is required to be controlled and maintained by the organization and the medium on which it is contained. Notes to this definition indicate that documented information can refer to the Quality Management System (QMS) and its processes, documentation, and records.

The requirements for documented information are captured in section 7.5 of the draft standard, and include many of the same requirements already in place for documentation and records. The QMS needs to include documented information required by the ISO 9001 standard and documented information determined necessary for the effectiveness of the QMS. The QMS also needs to include the size of the organization and type of activities, complexity of processes and interactions, and the competence of persons.

Additionally, there are requirements for creating and updating documented information, which include identification, appropriate format, and review & approval of documented information. The final requirements about documented information deal with control, and in particular availability and suitability where it is needed, adequate protection, applicable distribution, access, retrieval, use, storage, preservation, control of changes, retention and disposition. All of these requirements are much the same as those already in place for documented procedures and records, but have been made into one set of requirements.

What documented information is required by ISO 9001:2015?

Working from the most recent draft, here are the items in the requirements of the standard that are identified as required documented information:

  • Scope of the QMS
  • Anything necessary to support the operation of the processes
  • Anything necessary to be confident that the processes are carried out as planned
  • The Quality Policy
  • The Quality Objectives
  • Evidence that monitoring and measurement resources are fit for purpose
  • Calibration standards when no internationally recognized standard exists
  • Evidence of competence
  • Evidence that processes have been carried out as planned
  • Evidence to demonstrate conformity of products and service to requirements
  • Results of review of requirements related to products and services
  • Confirmation that design and development requirements have been met
  • Outputs of the design and development process
  • Design and development changes
  • Results of evaluation, monitoring of performance, and re-evaluation of external providers
  • Definition of characteristics of the products and services, including the activities to be performed and the results to be achieved
  • Information necessary to maintain traceability when this is required
  • The results of changes to the production and service provisions
  • Release of product or service to the customer, including the person authorizing the release
  • Actions taken on nonconforming process outputs, products, and services, including concessions obtained
  • Results of monitoring and measurement activities
  • Evidence of the implementation of the audit program and audit results
  • Evidence of the results of management review
  • Evidence of the nonconformities and actions taken, and the results of any corrective actions

Does the new approach mean you need to change?

In the annex to the draft of the new standard, there is an interesting note which states that there is no requirement for an organization to replace the terms they are using with the new terms of the standard, for example replacing record or documentation with documented information. If the terms already in place are easy for your employees to use, then by all means do not confuse people by changing everything to documented information now.

However, if you see a benefit in replacing two procedures for control of documentation and control of records into one procedure with simplified requirements, this is the ideal time to do it. Remember, the idea of a quality management system is for you to adequately control your processes and find ways to improve, and the ISO 9001 requirements are not intended to get in the way of these benefits.

Click here to download a white paper: Checklist of Mandatory Documentation Required by ISO 9001:2015, with more detailed information on the most common ways for structuring and implementing mandatory documents and records.

Advisera Mark Hammar
Mark Hammar
Mark Hammar is a Certified Manager of Quality / Organizational Excellence through the American Society for Quality and has been a Quality Professional since 1994. Mark has experience in auditing, improving processes, and writing procedures for Quality, Environmental, and Occupational Health & Safety Management Systems, and is certified as a Lead Auditor for ISO 9001, AS9100, and ISO 14001.