Clause 7.1 – 7.4 explained
In order to properly understand Document Control, or as the standard references in a new broader sense “Documented Information,” we must first understand the clauses leading up to Documented Information in the standard. Documented Information 7.5 is part of clause 7 the “Support” clause.
Clause 7 builds on itself starting with 7.1.2 People, 7.1.3 Infrastructure and 7.1.4 Environment for the Operation of Processes. These two subclauses address the need for a foundation where people can operate in a relatively safe and comfortable manner appropriate to the organization. Its up to the organization to document these with no clear imperative on what documented information is appropriate. Further clauses 7.1.5 Monitoring and Measuring Resources and 184.108.40.206 Measurement Tractability lay out many details that must be documented in regards to internal checks and measures of the QMS, measurement equipment and the foundation for preventative maintenance in the organization. In fact, 220.127.116.11 General (Monitoring and Measuring Equipment) is given the strongest imperative for documented information yet in the standard, The organization shall retain appropriate documented information as evidence of fitness for purpose of the monitoring and measurement resources.
Organizational Knowledge 7.1.6 does a lot of the development of the QMS, but as it relates to Documented Information, it is clear that organizations must document much, but not all, of their Organizational Knowledge. Note 2 states that: Organizational knowledge can be based on:
a) internal sources (e.g. intellectual property; knowledge gained from experience; lessons learned from failures and successful projects; capturing and sharing undocumented knowledge and experience; the results of improvements in processes, products and services);
b) external sources ( e.g. standards; academia; conferences; gathering knowledge from customers or external providers)
Clauses 7.2 Competence, 7.3 Awareness, and 7.4 Communication all build upon 7.1 where the organization identifies critical information for the operation and monitoring & measuring of its QMS, products and processes. 7.2, 7.3 and 7.4 ensure the organization is able to disseminate critical information in appropriate means.
Documented Information 7.5
As taken from ISO 9000:2015, the definition for Documented Information is
Documented information (3.8.2) required to be controlled and maintained by an organization (3.2.1) and the medium on which it is contained
Note 1 to entry: Documented information can be in any format and media and from any source.
Note 2 to entry: Documented information can refer to:
— the management system (3.5.3), including related processes (3.4.1);
— information created in order for the organization to operate (documentation);
— evidence of results achieved (records (3.8.10)).
Note 3 to entry: This constitutes one of the common terms and core definitions for ISO management system
standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
In short, documented Information is anything that is documented. This can be on the back of a napkin, a standard procedure, or computer records in a database.
Requirements of Documented Information
From the standard
The organization’s quality management system shall include:
a) documented information required by this International Standard;
b) documented information determined by the organization as being necessary for the effectiveness of the quality management system.
Line item b) makes it clear, anything required for the QMS.
Given 7.1.5, we know that documented information MUST include all required documented information in the ISO 9001:2015 standard. Beyond that, the organization should have documented information required to demonstrate (as seen above) that the work environment is established, organizational knowledge is identified and maintained as appropriate, and then that monitoring and measuring activities have identified what is and is not worthy of measurement and what it is measured against. Clause 7.2, 7.3 and 7.4 further describe critical information to communicate and attain required. By following the examples of 7.1 – 7.4 any organization will have defined most of its required documented information.
7.5.2 Creating and updating
When creating and updating documented information, the organization shall ensure appropriate:
a) identification and description (e.g. a title, date, author, or reference number);
b) format (e.g. language, software version, graphics) and media (e.g. paper, electronic);
c) review and approval for suitability and adequacy.
This much is clear, documents must be identified in an appropriate manner, the goal being to uniquely identify each bit of documented information. The precise format of the documents is not so important, though I have seen many organizations place more importance on strict adherence to the “document formatting procedure” than on the contents of all procedures combined. Line b) in 7.5.2 is to ensure the same media, same format, same language for a specific type of documented information is appropriate.
Line c) is critical, all documented information must be approved as it is suitable and adequate. Not to bring the 9001:2008 version back from the grave, but “Most” types of documented information fall into two categories, Document and Record. Documents don’t change often, and are often used as templates for records. Records are generally “filed in” For example, Purchase Orders vs Purchase Order Template, BOL, Inspection Report vs Inspection Report Template.
A few key requirements must be address:
18.104.22.168 For the control of documented information, the organization shall address the following activities, as applicable:
a) distribution, access, retrieval and use;
b) storage and preservation, including preservation of legibility;
c) control of changes (e.g. version control);
d) retention and disposition.
Sub clause 22.214.171.124 is the perfect checklist for your Document/Content control system. I’ll paraphrase below.
a) Who is notified of new docs and updates? Who can access it? How do they get it? Is it obvious how to use & file it?
b) Where is it stored? How’s it kept safe (physical or IT)? Can it be read (correct language)?
c) Who has authorization to make changes? Who approves those changes? Identification updated? DON’T APPROVE YOUR OWN WORK!
d) How long are records kept? Who gets access to them (especially once archived)?
To see the process more directly, please take a moment to download our FREE Process Procedure for Documented Information here.