Documentation

ISO 9001 Documentation Requirements

Team Safesite
By Team Safesite
January 24, 2020

The ISO 9001:2015 certification is as much about the documentation as it is the process of standardization. You could even say the two goals are one and the same.

When you apply for certification, your application rests on the long list of documents and records that share your processes, procedures, and standards.

New Documentation Requirements Under 9001:2015

When the ISO 9001:2015 requirements launched, it changed the documentation requirements. The new version demands far less paperwork from businesses, which also means it’s applicable to more companies. 

At the same time, it can also trip you up: you still need to document every process, procedure, and standard that you identify as necessary regardless of whether the standards explicitly name the docs. These are the non-mandatory requirements, but only in the sense that you don’t need them if the process doesn’t apply to you. 

Essentially, your organization is allowed to determine for itself just how you prefer to document your QMS as well as what you believe is the adequate amount of documentation to represent your planning.

To explore what this means in real terms, let’s dive into the ISO 9001:2015 documentation requirements.

Documented Information is the Core of the ISO 9001:2015

Your paperwork — not your processes per se — is at the heart of your ISO 9001:2015 development journey. The standard refers to it as “documented information.”

Documented information is the meaningful information and data that requires control and that your organization must maintain. The documents can refer to:

  • The Quality Management System (QMS) generally
  • Processes
  • Documentation
  • Records

Your documented information can communicate messages, serve as evidence of implementation or share knowledge between parties.

According to the ISO’s guidance on requirements, the main objectives of the documented information include:

  • Communicating information
  • Providing evidence of conformity
  • Knowledge sharing
  • Disseminating and preserving the organization’s experiences

The Two ISO 9001:2015 Documentation Requirements

When applying for your ISO 9001 certification, you will submit two groups of documents to the external auditor:

  1. The documentation named by the standard (as provided below)
  2. The documentation you decide is required for your QMS

The mandatory documents required by ISO 9001:2015 are:

  • Documented information to the extent necessary to have confidence that the processes are being carried out as planned (clause 4.4).
  • Evidence of fitness for the purpose of monitoring and measuring resources (clause 7.1.5.1). 
  • Evidence of the basis used for calibration of the monitoring and measurement resources (when no international or national standards exist) (clause 7.1.5.2).   
  • Evidence of competence of person(s) doing work under the control of the organization that affects the performance and effectiveness of the QMS (clause 7.2). 
  • Results of the review and new requirements for the products and services (clause 8.2.3). 
  • Records needed to demonstrate that design and development requirements have been met (clause 8.3.2) 
  • Records on design and development inputs (clause 8.3.3). 
  • Records of the activities of design and development controls (clause 8.3.4).
  • Records of design and development outputs (clause 8.3.5). 
  • Design and development changes, including the results of the review and the authorization of the changes and necessary actions (clause 8.3.6). 
  • Records of the evaluation, selection, monitoring of performance and re‐evaluation of external providers and any and actions arising from these activities (clause 8.4.1)
  • Evidence of the unique identification of the outputs when traceability is a requirement (clause 8.5.2). 
  • Records of the property of the customer or external provider that is lost, damaged or otherwise found to be unsuitable for use and of its communication to the owner (clause 8.5.3). 
  • Results of the review of changes for production or service provision, the persons authorizing the change, and necessary actions taken (clause 8.5.6).
  • Records of the authorized release of products and services for delivery to the customer including acceptance criteria and traceability to the authorizing person(s) (clause 8.6). 
  • Records of nonconformities, the actions taken, concessions obtained and the identification of the authority deciding the action in respect of the nonconformity (clause 8.7).
  • Results of the evaluation of the performance and the effectiveness of the QMS (clause 9.1.1)
  • Evidence of the implementation of the audit program and the audit results (clause 9.2.2).
  • Evidence of the results of management reviews (clause 9.3.3). 
  • Evidence of the nature of the nonconformities and any subsequent actions taken (clause 10.2.2).; 
  • Results of any corrective action (clause 10.2.2). 

These documents need to be retained as records of the results of your QMS.

The above looks like a long list of paperwork, but the good news is that many companies find these records already exist within the company’s current documentation practice. There’s a good chance that you will already have or be familiar with most of these documents.

Newer businesses (or those new to the ISO 9001:2015 standard) who don’t have a long or broad documentation history are the ones who usually spend the most time generating the paperwork listed above.

Ultimately, the documented information is part of the core value of the ISO 9001:2015. It encourages you to standardize the processes you already employ and to work towards consistent data collection and data updates to core paperwork like the documents listed above.

A Guide to the Non-Mandatory Documentation

Outside of the documents listed above, your organization may choose to add documents that contribute to the value of your QMS.

According to the ISO, non-mandatory ISO 9001:2015 documentation includes:

  • Organization charts
  • Procedures
  • Specifications
  • Work instructions
  • Test instructions
  • Production schedules
  • Approved supplier lists
  • Quality plans
  • Strategic plans
  • Quality manuals
  • Internal communication documents

If you do create these types of documented information, then you must follow the same rules laid out in clause 7.5. In other words, treat them the same way as you treat the named required documented information.

What About the Quality Manual?

Those familiar with the ISO 9001:2008 will remember the need to complete and present the quality manual to the certification body before the audit.

The publication of the 2015 standard revealed that the quality manual is no longer a mandatory document.

If you got certified under the 2008 version, you might let out a cheer. But the truth is that even though it’s no longer required, it is still a very helpful document to have.

What’s more, you still need some type of document that describes your QMS (including scope and process interactions) to send to the auditor, even if you don’t call it a quality manual.

Your organization’s quality manual is a comprehensive look at your organization, your QMS, and the approach to quality management you selected on the development journey.

In the past, organizations spent a huge amount of time and energy creating these documents. While most met the fundamental requirements of the ISO 9001, many missed the spirit of the document itself.

Instead, they focused too heavily on overwriting the document rather than creating something useful. If you created a quality manual in the past, there’s a good chance that you never used it again.

The Pro’s of a Creating Quality Manual

Even though it’s no longer required, producing a quality manual can be incredibly helpful for your organization. It doesn’t need to be 50+ pages: it should be short, snappy, and to the point with the goal of contributing to the QMS.

Plus, you may find that some businesses require their suppliers to provide their quality manual during the tender or selection process. If you have a solid document to provide them, you’ll set your organization apart from the competition.

How to Submit and Maintain Your Required Documentation

The ISO 9001:2015 standards aren’t prescriptive in terms of the format of your documentation. You can submit paper documents, but you’re also able to submit electronic versions of the documents. You can even use video and audio, if you choose.

When setting up your documentation system, it is helpful to do so in a way that supports the maintenance of and retention of the documents. It should be easy to update, save, and share the documents as and when necessary.

Choosing electronic documentation can help make the process of meeting clause 7.5 requirements, as dictated below.

Cropped Quality Manager Construction 1.jpeg

Clause 7.5: When to Review Your ISO 9001:2015 Documentation

The ISO 9001:2015 requires that you control your documents, but it grants you much more freedom in doing so than the previous 2008 standard did.

However, there are still requirements for updating the documented information.

Clause 7.5 requires you establish and use documented procedures to “maintain documented information to the extent necessary to support the operation of processes and retain documented information to the extent necessary to have confidence that the processes are being carried out as planned.”

For some businesses, the “extent necessary” may mean once a year. Others may only choose to go through the process once every two or three years.

When working through your obligation under clause 7.5, you need processes to:

  • Approve documents
  • Review, update, and submit documents for re-approval
  • Identify changes
  • Make documents available
  • Ensure documents are legible and identifiable
  • Identify and control external documents
  • Keep obsolete documents out of circulation
  • Identify obsolete documents as necessary if retained

You must also establish documented procedures for the following tasks:

  • Identifying records
  • Storing records
  • Protecting records (including keeping them identifiable and legible)
  • Retrieving records
  • Retaining records
  • Disposing of records

Conclusion

The two most important objectives of the ISO 9001:2015 update were to develop a more simple set of standards that apply to all organizations and to allow organizations to focus on the most relevant documentation for their business activities.

You should already recognize most of the documented information from the list of requirements above. Your goal then is to standardize it and supplement it with the other documented information that will help your QMS work.

Improve Your Documentation with Digital Auditing Tools

Safetsite is a free auditing tool that can be used to audit your ISO system, including processes and documentation. Identify gaps, assess risk, and make corrections to maintain the highest QMS standards in your company.

Hear the Latest from Safesite
Subscribe to our newsletter to receive the latest updates.

Team Safesite

By Team Safesite

We're a group of safety and tech professionals united in our desire to make every workplace safer. We keep a pulse on the latest regulations, standards, and industry trends in safety and write about them here on our blog.

This article covers:

Copy to clipboard
Hear the Latest from Safesite
Subscribe to our newsletter to receive the latest updates.

Related Blog Posts

Discover all articles
Documentation
14 min read

The Safety Pro’s Guide to Root Cause Analysis and Identification
Documentation
9 min read

Everything You Need to Run a Job Hazard Analysis (JHA)
Guides
23 min read

How to Perform a Health and Safety Risk Assessment