Clause 7.5 - Documented Information is a new section within the ISO9001:2015 standard, this section highlights what is required when creating and controlling documentation that is required to support your Quality Management System and the requirements have obviously changed since technology has moved on significantly since the last iteration of the standard, so how you present your documentation is no longer as prescriptive as it once was. There is, for example, no requirement within the standard to actually have a Quality Manual or any form of a register for your forms, records, documents or document changes. That said while it doesn't require it these things are probably still good to have but certainly not in any hard copy form.
What is Documented Information ?
The ISO9001:2015 Clause 7.5 - Documented Information is actually a combination of a few other areas required by the previous version of the standard, it's just really recognising that the formats have moved on, previously ISO9001 referred to "Documents" and "Records". Documents referred to things like Policies, Procedures, Work Instructions and Checklist Templates for example where Records was about the historical information that you kept to demonstrate compliance with your QMS such as completed checklists, training records, audits and things like that. Documents and records are no longer referenced as such int he new standard, instead, it is a single Documented Information heading which is now about any information that you need as an organisation to run the business and to demonstrate the results out of the Quality Management System.
To know when the new standard is referencing a document or a record think about it in the following way
- If the standard says you need to Maintain documented information then it's talking about a Document (Policy, Process, Work instruction etc.)
- If the standard says you need to Retain documented information then it's talking about a Record that should be kept (Audit results, Quality data etc.)
There is also now the requirement for the organisation to identify what Documented Information is required to have their Quality management System run effectively and include this into their system. Again, ISO9001:2015 doesn't care what format you have these things in, it can be hard copy, PDF's, Word documents or inside a dedicated QMS system like MANGO, the choice is yours to make based on what is the best thing for your organisation.
What Things Are Required ?
There are a few requirements for your documented Information that you need to meet for any part of the standard that says documentation MUST be included (i.e. if you don't have them you don't meet the standard) these are:
- Document Identification & Description - so a name, date, author or a reference number would be needed to make it individually identifiable. For me, having a Document number makes life simpler, a title helps and knowing who wrote it and when are also helpful and easy to do.
- Appropriate Format - so how is the information presented, language i.e. if you are an English speaking organisation but the document is in French you may struggle to comply, it may need a software version, it may be in paper or in PDF.
- Review & Approval - all items need to have been reviewed for suitability and adequacy, in other words, are they fit for purpose. Once reviewed you should be able to show that it has been checked and then approved.
- Available for Use - think about this as the next step from Appropriate format - For example, if you are a distributed organisation with people in a wide range of places needing the information having a central paper copy probably isn't it, having PDF helps, having it available on the cloud even better.
- Protected - This is about a few things, you need to ensure confidentiality and that the information is available only to the correct people, the documented information can't be used incorrectly (maybe the wrong revision) and you must be able to ensure integrity so that the format or the content, for example, can't be easily changed.
- Controlled - Here they are looking control in terms of the distribution, access and retrieval - so only those who should have it do and that if they need to get it they can. Storage and preservation are required i.e. how do you ensure that when it's used it's in the proper condition and fully legible? Changes i.e. version control is in place and finally retention - how long you keep the information (and where) and disposition - how you get rid of obsolete or out of date information.
There is also the requirement for the organisation to identify any information held externally that they believe is central to their planning and operation of the quality management system. Perhaps you use 3rd party design requirements or specifications, you have industry standards to use, these need to be factored into the thinking.
Importantly any documented Information that is held as evidence that something conforms to a standard or specification needs to be kept in such a way that is protected from unintended alteration, i.e. you can't accidentally overwrite the last Certificate of Conformance or Quality data sample you produced.
Summary
The new clause 7.5 Documented Information in the ISO9001:2015 standard breaks down what has combined all document and record requirements into one section. There is no longer a need to have hard copies or even a quality manual or documented procedures in order to meet the standard but the organisation should think long and hard about what they do need and who and how the information will be used. Many of these things are still just as valid and easy to use but you can now use any media format you need to in order to make it effective to your organisation.