- How can I document ISO 9001?
- What is an ISO 9001 document?
- What is an ISO 9001 record?
- How do you maintain ISO documentation?
- How many records does ISO 9001 require?
- What documents must be kept to comply with ISO 9001?
- What records must be kept to comply with ISO 9001?
- Documents that are not mandatory for ISO 9001.
- Documents that go beyond the bare minimum requirements of ISO 9001.
What documented information is required by ISO 9001?
Before we proceed any further, it’s critical to grasp the distinction between a document and a record. The terms “document” and “record” are frequently used interchangeably however, they refer to two distinct concepts. Not only are they distinct, but so are the controls used to manage them. The requirements for documents and records contained within the standard are very different and so understanding their differences is crucial. In the ISO 900:2015 standard, documents and records are described under the collective umbrella term ‘Documented Information’.
How can I document ISO 9001?
“ISO 9001:2015 clause 4.4 Quality management systems and its processes require an organization to “maintain documented information to the extent necessary to support the operation of processes and retain documented information to the extent necessary to have confidence that the processes are being carried out as planned.” (ISO.org)
The term Documented information was introduced as part of the common High-Level Structure (HLS) and common terms for Management System Standards (MSS).
What is an ISO 9001 document?
A document can be considered dynamic in nature and likely to change at any time such as a risk assessment or standard operating procedure. A document’s contents are subject to change and can be updated at any time to reflect new working practices. Almost all businesses will have documents that are updated frequently and maybe even on a daily basis. The ISO 9001 standard understands this and has requirements to ensure the maintenance of documentation is performed and controlled correctly.
The term ‘document’ as provided within ISO 9000:2015:
document
information and the medium on which it is contained
If the specific temperature requirements for running a machine safely are to be communicated registered and controlled, you will usually have a document that describes the standard operating procedure (SOP) to do this. If the requirements for this SOP change, then it’s important that the document is changed in a controlled manner. This will involve permissions on document control, review and communication procedures etc.
What is an ISO 9001 record?
Alternatively, records are used to capture and record data that can be referenced at a future time, the data is thus considered historical in its nature. Examples of historical data might be training records, conformity checks, order specifications and completed orders etc. A record’s information cannot be modified because it just documents what has already occurred. To do this would amount to document misrepresentation and falsification.
The term ‘record’ as provided within ISO 9000:2015:
record
document stating results achieved or providing evidence of activities performed
Records are stored in particular locations which include total digital storage as well as physical printed copies. If the physical printed records are of high value or of great historical importance, their storage location will be highly secure and tightly controlled in terms of security and humidity. Think of the important records that are stored within the British Library vaults as an example. It’s for these reasons that there is a need for a person to be designated as the ‘document controller’. Having a dedicated document controller is a very valuable resource.
How do you maintain ISO documentation?
You maintain documented information through the use of a document controller. The document controller has the responsibility to ensure that documents (and records) are maintained by ensuring that they are;
- up-to-date,
- have the correct identification,
- protected from unauthorized access,
- have the correct version history,
- available for use and have been approved
- are legible
- are protected from damage
It’s wise to only have one document controller wherever possible. The ultimate aim of document control is to ensure that any document been viewed or used at any given time is the correct and most current version available. Having more than one document controller opens up the opportunity for duplicable and miss-communication. This weakens and dilutes the whole purpose of document control.
Do you want to perform a really great magic trick? Have all of your attendees for a training event sign your attendance ‘document’. Once completed, hold the document up for all to see and wave your hand over it. Congratulations! Your document had now changed (as if by magic) into a record! Oh well, you might not get a T.V. spot for such a performance but this does illustrate how a document can exist but then transform into becoming a record of historical data.
How many records does ISO 9001 require?
The most recent release of ISO 9001:2015 requires you to maintain 5 documented information (procedures) and retain 22 documented information (records).
What documents must be kept to comply with ISO 9001?
Take a look at Clause 7.5.1, documentation requirements, which is nothing more than a section heading:
7.5.1 General
The organization’s QMS shall include:
- a) Documented information required by this International Standard;
- b) Documented information determined by the organization as being necessary for the effectiveness of the QMS.
It’s the sub-clause of section 7.5.2 that contains the important instruction and details for the control of documented information under the specific requirements of the standard.
Here is a list of all the mandatory documents contained within ISO 9002:2015:
- Scope of the QMS (clause 4.3)
- Quality policy (clause 5.2)
- Quality objectives (clause 6.2)
- Criteria for evaluation and selection of suppliers (clause 8.4.1)
Certain topics must be documented, but they don’t have to be maintained as separate documents. For example, the topics of management review might include many of the requirements of clause 9.3.2 which can be recorded together as the review outputs, etc. It’s important to maintain your documents in a clear and simple language that all who access and use them can understand. You might also have to consider maintaining documents in a separate language for any foreign workers.
What records must be kept to comply with ISO 9001?
Mandatory records may change depending upon how you have defined the scope of your management system and if you have claimed any exclusions to the standard as per clause 4.3.
- Monitoring and measuring equipment calibration records (clause 7.1.5.1)
- Records of training, skills, experience and qualifications (clause 7.2)
- Product/service requirements review records (clause 8.2.3.2)
- Record about design and development outputs review (clause 8.3.2)
- Records about design and development inputs (clause 8.3.3)
- Records of design and development controls (clause 8.3.4)
- Records of design and development outputs (clause 8.3.5)
- Design and development changes records (clause 8.3.6)
- Characteristics of product to be produced and service to be provided (clause 8.5.1)
- Records about customer property (clause 8.5.3)
- Production/service provision change control records (clause 8.5.6)
- Record of conformity of product/service with acceptance criteria (clause 8.6)
- Record of nonconforming outputs (clause 8.7.2)
- Monitoring and measurement results (clause 9.1.1)
- Internal audit program (clause 9.2)
- Results of internal audits (clause 9.2)
- Results of the management review (clause 9.3)
- Results of corrective actions (clause 10.1
Documents that are not mandatory for ISO 9001.
There are numerous non-mandatory documents that can be used for ISO 9001 implementation. Listed here are some of the more common records that are maintained:
- Procedure for determining the context of the organization and interested parties (clauses 4.1 and 4.2)
- Procedure for addressing risks and opportunities (clause 6.1)
- Procedure for competence, training and awareness (clauses 7.1.2, 7.2 and 7.3)
- Procedure for equipment maintenance and measuring equipment (clause 7.1.5)
- Procedure for document and record control (clause 7.5)
- Sales procedure (clause 8.2)
- Procedure for design and development (clause 8.3)
- Procedure for production and service provision (clause 8.5)
- Warehousing procedure (clause 8.5.4)
- Procedure for management of nonconformities and corrective actions (clauses 8.7 and 10.2)
- Procedure for monitoring customer satisfaction (clause 9.1.2)
- Procedure for internal audit (clause 9.2)
- Procedure for management review (clause 9.3)
Documents that go beyond the bare minimum requirements of ISO 9001.
Let’s not forget the requirement under clause 5.1(b):
- Documented information determined by the organization as being necessary for the effectiveness of the QMS.
Each organization will differ in its own requirements for what is deemed necessary in terms of maintaining further documented information. Here’s a list of what I think are the most common ones that you might also consider as necessary for your organization. When viewing this list, ask yourself “how else would I evidence this type of data?:
- Procedure for determining the context of the organization and interested parties (clauses 4.1 and 4.2)
- Procedure for addressing risks and opportunities (clause 6.1)
- Procedure for competence, training and awareness (clauses 7.1.2, 7.2 and 7.3)
- Procedure for equipment maintenance and measuring equipment (clause 7.1.5)
- Procedure for document and record control (clause 7.5)
- Sales procedure (clause 8.2)
- Procedure for design and development (clause 8.3)
- Procedure for production and service provision (clause 8.5)
- Warehousing procedure (clause 8.5.4)
- Procedure for management of nonconformities and corrective actions (clauses 8.7 and 10.2)
- Procedure for monitoring customer satisfaction (clause 9.1.2)
- Procedure for internal audit (clause 9.2)
- Procedure for management review (clause 9.3)
It’s wise to remember that this list is not exhaustive and any documentation required to ensure effective operation and control is required by ISO 9001. Your organization decides on additional documentation depending on your own business requirements. Issues including communication procedures, site induction procedures, and daily operation of tasks will all influence the need for documents and records.
Avoid complexity where possible and keep things as simple and lean as possible. External auditors will not award you any more points for an overly complex system. In fact, they will appreciate a simple management system that is easy to navigate and therefore easy to audit.
You can learn how to conduct internal (1st-party) audits and also what to expect from a (3rd-party) external audit on our Internal auditing Training Course.
“ISO 9001:2015 allows organization flexibility in the way it chooses to document its quality management system (QMS). This enables each individual organization to determine the correct amount of documented information needed in order to demonstrate the effective planning, operation, and control of its processes and the implementation and continual improvement of the effectiveness of its QMS”.
(ISO.org)
ISO 14001:2015 Requirement
The requirement remains the same.
ISO 45001:2018 Requirement
The requirement remains the same.
For Auditors
Check to see that the minimum documentation requirements for the standard is being met.
Check that documentation meets the requirements of 7.5.2 to 7.5.3.2
Check roles, responsibilities and authorities in relation to document control
Check a variety of documentation samples against the requirements
Some questions that I will answer in more detail in future articles:
- How do I write an ISO document?
- What is the cost of ISO 9001 certification?
- Who is eligible for ISO certification?
- How long does it take to get ISO 9001 certification?
- Do I need ISO 9001?
- How hard is it to get ISO 9001 certification?
- Does ISO 9001 require a quality manual?
- How long does ISO 9001 last?
References: www.iso.org
ISO 9000:2015
ISO 9002:2015
Please be kind, share and create a link back to this article.
(c) All content is copyrighted to ISO Training UK – All rights reserved 2022.