If you’re starting to implement ISO 9001, ISO 14001, ISO 27001, or any other ISO management standard, one of the first concerns you probably have is how to handle the policies, procedures, and other documents you’ll produce.

Should you use Dropbox? Or SharePoint? Or simply keep the files on local disk and deliver them through email?

What do the ISO standards require of a DMS?

Let’s see first what exactly you need to comply with – clause 7.5 (which specifies how to handle “documented information” in most of the ISO management standards) requires you to have a system that complies with the following:

  • Clearly identifies each document – e.g., document name, date, author, etc.
  • The changes are controlled and identified
  • Enables the reviewing process of documents, and also their approval
  • Enables distribution and access to the documents
  • Makes sure the documents are available to everyone who needs them
  • Ensures their confidentiality (i.e., that only certain people are allowed to see the documents) and their integrity (i.e., that only certain people can change the documents)
  • Allows different formats of documents – e.g., PDF, text, spreadsheets, but also other formats
  • How the documents are stored and preserved
  • Retention and disposition

All this should be enabled not only for the company’s internal documents, but also for external documents that are important for their management system.

How does this look in real life?

It is easy to have a system that clearly identifies name, author, and date of each document – the only thing is, it is also useful to include the status of each document; for example, in Conformio we did it like this:


You can identify changes in the documents by using Track Changes features in MS Word, or by simply using the Change History table in the document itself; however, your DMS should enable you to revert the changes to use older versions of the document:


The review process usually works as a small workflow, where the author of the document sends the document to selected colleague(s) for review – for example, by setting the document status and then specifying who is the next one to receive this document:


The approval process should work very similarly – setting the appropriate status of the document, and inserting people who are on a distribution list to receive this document. Once the document is approved, the notification should be sent automatically and recipients should be able to open it with a click of a mouse – here’s what this notification looks like in Conformio:


Of course, if someone wants to view all the policies and procedures, they should be made available in one place; for example, in Conformio all the internal documents are placed in a folder called Company Rules:


Ensuring the confidentiality is best done if you limit the access to certain folders only to authorized people – in Conformio we created a possibility to create private folders and define who has access to them; further, you can define which level of access each user has, so if you want to preserve the integrity of files, you can approve only the reading rights:


Of course, every modern DMS or file management system offers the possibility to upload any type of file, so this one is easy to achieve; also, if you’re dealing with digital documents, then any DMS will take care of storage and preservation of those documents (this ISO requirement is more problematic with paper documents). Finally, retention and disposition of the documents is also more problematic with paper documents, but with digital documents you can simply define how long you keep some kind of records, and then delete all that are older than, e.g., three years – again, very easy in any DMS or file management system.

So, what should you actually do?

When you read the requirements of ISO standards closely, you’ll notice that you can use any solution – Dropbox, SharePoint, your local disk, or any other solution – because these requirements are mostly common sense.

So, the point is – you have quite a lot of freedom in choosing the Document Management System that is the most appropriate for you. In other words, you should find a solution that makes it easier to you to comply with all ISO requirements but, more importantly, that your employees will find easy to use.

Click here to open a free account at Conformio – you’ll have free access for 10 users to the unlimited features of a Document Management System compliant with ISO 9001, ISO 14001, and ISO 27001.