Documented Information for ISO9001:2015
Posted on November 5th, 2015Quality
In the 2015 release of the ISO 9001 Quality Management Standard, references to 'documents' and 'records' have now been replaced by "documented information". Requirements have also changed.
A big driver for the change was to better incorporate different kinds of information contained in formats that might not be considered “documents”. This includes information embedded in software, digital files, videos, audio recordings, photographs, and also master samples – if that is part of how you communicate requirements.
The change in terminology will go across all of the management system standards, as they also get updated.
Regardless of how you hold the information, anything deemed necessary for the organisation to operate, or necessary for the effective functioning of the management system, must be controlled.
There used to be 6 required procedures and now there are none.
In ISO 9001:2015 there are only a few required documents – or “documented information that must be maintained“:
- Scope of the management system
- Quality Policy
- Quality Objectives
plus information that is necessary to support operation of your processes. Typical examples would be procedures, inspection and test plans, forms, checklists, work instructions.
You get to determine what is necessary and while this is no longer dictated by the standard, it is not a free ticket to drop all document control. Whatever documented information you use to support operation and control of your processes must be controlled.
On the other hand, there are still plenty of required records – or “documented information that must be retained“:
- Review of requirements for products and services
- Design and development: inputs, reviews, controls, verification, outputs, validation, change control.
- Supplier evaluation
- Unique identification – (e.g. serial / batch number) if traceability is required
- Customer property – lost, damaged or found unsuitable for use and communication to the owner
- Change control – reviews, actions, authorisations
- Criteria and authorisation for release of products and services for delivery to the customer
- Calibration of monitoring and measuring equipment
- Training records
- Corrective Actions and results
- Monitoring and measurement activities
- Audit findings and actions
- Management reviews
This list is not very different to the records required in ISO 9001:2008.