Document control has even perplexed those who have spent years with ISO standards. However, understanding document control is vital as it is an indispensable part of any efficient Quality Management System (QMS). Hence, the following article explores the requirements outlined in ISO 9001:2015 to understand how document control can be implemented in a feasible, practical, scalable, and efficient manner.

iso 9001 documents

What is document control in ISO 9001:2015?

The standard mandates that organisations must “control over documented information.” The rationale behind this statement is to enhance accessibility of QMS related data to the right people, without compromising the integrity of the information. Document control also enables a guarantee that any unrecorded or unauthorised modifications cannot be made to the contents of the QMS.

Clause 7.5.3.1 of ISO 9001:2015 states the following: 

Documented information is a requirement of the quality management system, and it is needed to be controlled/appropriately managed, so as to ensure that:

  • It is suitable for usage and available where and when it is needed.
  • It is adequately protected from improper usage, loss of confidentiality, or changes in integrity.

 

The problem is that document control has been put on a pedestal, creating many misconceptions about the standard and the purpose of this activity.

The aim of ISO 9001 has always been to consistently apply a set of regulations throughout an organisation, through the application of adequate controls, so that quality is maintained and accessibility as well as distribution of data is appropriately contained within the QMS.

The provision of document control aims to ensure that the QMS remains reliable. This means that any company, irrespective of the scope, should be able to confidently share the details of their processes or how they have incorporated best practices into their organisation, both internally and with external auditors. For more information read ISO 9001 audit article. 

QMS requirements in ISO 9001: 2015

Let us discuss the extent of the QMS requirements in the standard. Whenever we are implementing a QMS within an organisation, it is worth remembering that the standard also states that documented information should be maintained to the extent necessary to support the adequate operation of processes. Moreover, the organisation is expected to retain documented information to the extent necessary to enhance confidence that the processes are operating as planned.

The guidelines also point out that the extent of the documented information of the QMS can differ from one organisation to the other. This difference is dependent upon the size of the organisation and the types of services, products, processes or activities that it carries out. The distinction is also dependent upon the complexity of the processes and their interactions as well as the competence of the staff.

iso 9001 document control

ISO 9001 document Customisation

The key takeaway from this statement is that every organisation has to customise their documented information and control/modify it in accordance to their processes, products and people. More importantly, the documented information should be an appropriate reflection of the QMS, becoming an accurate depiction of the organisation’s procedures, personnel and processes.

Another point of emphasis is that while documented control is a mandatory part of ISO 9001:2015, the exact manner in which these controls need to be implemented within your organisation still remain unspecified. 

Customisation is the key. So for SME and start-ups, utilising a heavy document control may make daily operations more complicated.

Tips for ISO 9001 document control

Let us take a closer look at document control for ISO 9001 and utilise the following tips to improve their functionality. Ask yourself:

Can the adequacy of your documents be approved prior to issue?

Does your QMS have a specific procedure for approving all documents, so that they are guaranteed to be correct, and adequate before they are issued. If such procedure does not exist, can you create an additional workflow that guarantees that the right employees see and approve all your documents before they are released?

By looking at your documents, can you identify the changes and control the current revision status?

Ideally, your QMS should track the changes made to the quality documentation. You should also have a method where all prior versions of the documents are available as records. Keeping both changes and records available helps in the auditing process.

Are the relevant documents available at the points of view?

You have to make sure that both your QMS and all related documents are appropriately accessible to all your employees. You should ask yourself if your employees and third-party suppliers who need to adhere to the procedures can access it when they want and understand what regulations they need to adhere to.

Are your documents readily identifiable and legible?

All documents related to documents must be clearly presented, easily searchable, and adequately labelled. This is more relevant if you utilise a digital format instead of a paper-based one, as traditional methods utilise different folders for different information.

Are your external documents easily identifiable and can you control the distribution?

All information related to your quality processes, such as instructions, manuals, and other operational information accessible and controlled within your QMS through appropriate labelling.

Conclusion

Your documented information should be an appropriate reflection of your QMS, and therefore it should be adequately controlled/modified, so that it remains integral and accessible to the right people.