Get 4 FREE months of Conformio to implement ISO 27001

How to set up document approval/withdrawal within your QMS based on ISO 9001:2015

A Quality Management System (QMS) will always need some way to control documented procedures; even if you try to reduce their number to a minimum, you will still need to provide some documented procedures. Even though the new requirements of ISO 9001:2015 do not require a documented procedure for control of documents, there is still a need to control your documented information.

For more on how documented information is covered in the updated standard, see this blog post on the New approach to document and record control in ISO 9001:2015.

What is needed in the new standard, and how can you comply?

In fact, the new requirements (clause 7.5 of ISO 9001:2015) are not very different from those already in place for control of documents, which were discussed in the article on Some tips to make Document Control more useful for your QMS. You still need to show that documents are approved for adequacy before you use them, reviewed and updated routinely, and legible and identifiable, and that relevant versions are available at the point of use and obsolete documents are removed from use.

If you already have a procedure for controlling documents that is compliant with ISO 9001, this procedure will continue to be useful even with the new standard. Also, as mentioned in the article above, there is no need to change the terms you are using if you find them useful; if you want to continue to use the term “documents and records” rather than “documented information,” then go ahead – it is your QMS.

Why are document approval and withdrawal important?

The ISO 9001:2015 documented information requirements now replace the previous requirements for both documented procedures and records, and the proper approval and withdrawal for each of these documents is important. The most crucial thing to remember is that the right people need to approve a document before it is released, and it needs to be removed from use when no longer relevant.

Since there is no need to document every procedure in your company, you want to make sure that the procedures you do document are properly approved before release so that the correct instructions are given to your employees. Likewise, if you update a procedure, you want to withdraw the previous obsolete procedure quickly so that the old and now incorrect information is removed from circulation among your employees and the new and improved instructions are used.

For records, this is also obvious, because they are the objective evidence that you have collected to show that you are properly implementing your QMS. Therefore, records need to be properly approved when created. In the case of records, you will want to eventually remove them from your system and destroy them at a predetermined time because your space and ability to store this evidence indefinitely is limited, and so having a designated time to withdraw and destroy them is important.

What are your options for documented information?

Documented information is found in two main formats: hard copy and electronic documents and records. This is easy to understand, but how does your documented information process differ from hard copy to electronic? In fact, the systems are not that much different in their basic concepts, although the details are not the same.

With both systems it is still important to have proper approval of a procedure or record before it is released. Hard copy records often show this with either a signature or stamp impression of the people approving the document. If you are keeping these as hard copy documents, you will need to have some sort of location where people can access the procedures for use, and the records will need to be properly stored against damage until they are physically destroyed. Many computer programs exist to control the approval sign-off process, but this does not change the need for appropriate approval before release.

Withdrawal and disposal of obsolete procedures and outdated records can be much easier with electronic files, because a computer can be made to only look at the most recent procedure, and a program can be made to find and delete records by date when no longer needed. Hard copy files are harder to control, because you need to locate and actually replace or destroy the hard copy of the document or record.

Simple is better; don’t use complex tools for simple problems

As has been stated, there are many computer programs to control your documented information, but these can be costly, so don’t go overboard when you don’t need to. If you are a small company with few procedures and records, then investigate a hard copy process for approving, using, controlling, and withdrawing this information within your company.

Remember: a QMS built around ISO 9001:2015 is not intended to drive you to implement costly electronic monitoring that does not suit your company; it is there to help you improve customer satisfaction and save you money through continual improvement. If a simple method of controlling your documented information works for you, don’t spend time and money where you don’t have to. Use these resources to improve your system and gain the benefit you implemented a QMS for in the first place.

Download this free Checklist of Mandatory Documentation Required by ISO 9001:2015 to learn about the structure of documents needed for QMS implementation.

Advisera Mark Hammar
Mark Hammar
Mark Hammar is a Certified Manager of Quality / Organizational Excellence through the American Society for Quality and has been a Quality Professional since 1994. Mark has experience in auditing, improving processes, and writing procedures for Quality, Environmental, and Occupational Health & Safety Management Systems, and is certified as a Lead Auditor for ISO 9001, AS9100, and ISO 14001.