Two document control issues that might apply particularly to documents of external origin

While the ISO 9001:2008 version was explicit about documentation, ISO 9001:2015 allows more freedom in how, what, and when to document a quality management process (such as specific procedures).

Table of Contents Show

The Changed Nature of ISO 9001 Documentation
Having It Your Way (Sort Of)
So What Is Required?
Will a Quality Manual be required?
Document Maintenance

It appears this evolution is not only to accommodate more modern forms of communication such as video, audio, and other electronic records, but to allow an organization the flexibility to reuse appropriate information, maintain current versions easier, provide broader access/distribution and reduce costs associated with documentation. (Note: This change does not require changing mediums and allows an organization to also reuse existing QMS documentation, as long as it conforms. See explanation below.)

The Changed Nature of ISO 9001 Documentation

The ISO 9001:2015 standard has removed the distinction between documents and records. Both are now called “documented information”. As per ISO’s definition, the term “documented information” refers to information that must be controlled and maintained. Therefore, it expects that you also maintain and control the medium as well as the information. Documented information is used as evidence of conformance.

Having It Your Way (Sort Of)

ISO 9001:2015 essentially allows the organization to tailor the completeness or complexity of documentation to its own situation, as long as it still achieves its overall objectives. The shift does not, however, lessen the requirement for proper documentation. As noted in the standard, “documented information” can be required:

When information needs to be disseminated or shared.
To prove (and retain that proof) that a quality process has been completed and what the results were.
To retain organizational knowledge including:
- Processes
- Specifications and revisions
- Goals and expectations
- Monitoring and measuring
- Analysis, reviews, evaluations, and validations
- Terminology
- Decisions made
- Negotiations
- Notifications
- Authorizations
- Actions taken
- Assets, inventories and property management
- Position descriptions and qualifications

So What Is Required?

ISO 9001:2015 clause 7.5, requires an organization to:

“Maintain documented information to the extent necessary to support the operation of processes and retain documented information to the extent necessary to have confident that the processes are being carried out as planned.”

ISO’s Guidance on the requirements for Documented Information of ISO 9001:2015 provides these guidelines on what to document:

Documenting critical portions of the quality management system (QMS) such as its scope, key operational processes, policies, and objectives.
Documenting important, but perhaps less critical information that supports the QMS such as process flowcharts, specific quality and operational procedures, schedules, information collection approaches (i.e. forms, surveys), business plans, etc.

Will a Quality Manual be required?

The short answer is that under ISO 9001:2015, a quality manual will not be required. The ISO 9001:2015 standard does not specify requiring a formal quality manual. However, a quality manual can still satisfy the requirement for documented information concerning:

In many cases, the information required by the QMS will still be most convenient and accessible if collected, published and maintained through a traditional quality manual format.

Document Maintenance

As noted in section 7.5, the standard still applies traditional rigor in updating, protecting and retaining documents for information that has been deemed a critical part of the QMS (and other related management systems). There are many specific clauses that essentially call for this documentation (see sample section from ISO documented information guidance below) integrity.

While ISO 9001 2015 documentation requirements are less restrictive than previous revisions, there are still specific instances where documented information must be recorded and retained by the organization’s evidence of achieved results, as noted above.

Whether an organization has an existing QMS or is just starting, the key is to let the processes that are used to meet its goals determine documentation requirements. If documentation that exists can be shown to support the QMS’ processes effectively, then it can and should be used for that goal. If not, then the appropriate level of effort to transform or re-purpose that documentation into the proper function should be applied.

This flexibility does not, however, relieve the organization from being able to prove that it is meeting its quality management goals. As noted above, the standard has many instances where it calls for specific evidence of conformity. Documentation must accordingly be accurate, objective and current in this regard, and in practice, must stand up to the scrutiny that a properly executed external audit will demand. So, while ISO 9001:2015 is more accommodating regarding documentation directives, the discipline used in compiling previous revision’s quality management system requirements may still be a viable approach.

Please note that certain text from the ISO 9001 standard is only used for instructional purposes. Standard Stores recognizes and respects the International Organization for Standardization (ISO) copyright and intellectual property guidelines.

Can you imagine the possible outcomes of selling a product or service that no longer is compliant with the legislation due to the seller’s apathetic approach towards the legislative changes? What would be your reaction if your customers claim that your products are no longer meeting the guidelines of the latest version of the ISO 9001 Standard? In both cases, one thing is obvious that tension will be reflected in the wrinkles of your eyebrows! You need to count on external document controls for preventing these cases.

Definition of External Documents in terms of ISO: 9001

In ISO 9001:2015, clause 7.5.3.2, it is mentioned that the documented information of external origin must be identified as well as controlled. Now you might be thinking about what this external origin is. It is a form of documented information regarding the ISO 9001 certification. This documentation must be issued by an external body. Such documentation may include customers, suppliers, legislators, certification body, or business associates.

First, it is important to identify two sorts of documented information of ISO 9001:2015:

• First kind of information that must be retained
• Second, information that must be maintained

Recorded issues can be a customer order, a calibration certificate, or a maintained report. Other relevant external documents may include- where and how are you looking for a particular record? How long the organization will be able to keep up the records? How would you minimize the risks related to the records? It is also important to take care of product specifications, logistics specifications, material safety data sheet, permits, standards, platform rules.

Why should an Organization Determine and Survey the External Documents?

A Quality Management System must identify the relevant documents of external origin. For instance, an organization should use a register that can list the names of the documents, updated version, and date, internal distribution (inside the organization, who are allowed to use the document), and responsibility for control (who, inside the organization is allowed to control the divided responsibilities. This is applicable to ISO 14001 certification as well.

When it comes to the external documents, you may address some challenges, it would be better to say some questions, such as:

• How do you know whether the document is still relevant for the updated version? • In case, the document has been changed, what would be the possible consequences? • Do the changes made in the document define the practices of your organization?

• Who will be responsible for investigating the implications?