Document control is a core process of ISO 9001 compliance, as it is indispensable to an efficient quality management system. The revised ISO 9001:2015 standards are much more flexible in terms of the documented management and requirements and give organisations the ability to choose how to document their quality management systems.
The standard defines what documentation organisations need to develop to demonstrate the implementation of QMS and achieve compliance. Further, it requires them to control the documented information to ensure the integrity of data. Conformance with this requirement helps organisations manage their systems effectively and prevent costly mistakes.
Let's see what the control of quality records procedure in ISO 9001 and how it benefits your business.
Documented Information and Control Under ISO 9001:2015
As per ISO 9001:2015, documented information is the valuable data – QMS and its processes, documentation, and records – that organisations need to maintain to ensure compliance. Further, clause 7.5 of ISO 9001:2015 requires businesses to establish document access and change control to ensure that accurate and updated information regarding QMS is available as and when needed.
Documented information is a key requirement of ISO 9001 QMS and is split into two types-
- Documents: These are the policies and objectives of the QMS laid down by the organisation and can be modified later.
- Records: These are the documents that need to be retained and are the evidence of the results received. Records cannot be revised as they represent proof.
The requirement for document control aims to ensure that the recorded data is credible and safe and the QMS is reliable, allowing the company to maintain compliance by managing and sharing all the critical information.
Why Do You Need to Keep Records?
The primary purpose of maintaining records and documents is to have evidence to demonstrate compliance and commitment to QMS. Additionally, maintaining accurate records under ISO 9001 allows access to key data that you might need to improve processes.
However, in doing so, organisations often think that every single piece of information generated should be kept as a record, but this is not the case. You are simply required to maintain controls for records you create that prove that you conform to requirements for products and services, as well as any other requirements that the organization identifies. In addition, you must have records that show the effectiveness of the QMS management review.
As per the standard, there are certain mandatory and non-mandatory documents that need to be maintained. The mandatory document requirements include-
- Scope of the QMS
- Quality policy
- Quality objectives
- Procedure for the control of outsourced processes
Control of Records in ISO 9001
Within the ISO 9001 standard, organisations can find various requirements on how to control their documented information through a comprehensive management system. Since the 9001:2015 standard is highly flexible, you can determine how to apply these requirements depending on the size, nature, and needs of your organisation.
However, it is also important to note that not all documents need to be controlled. Organisations can determine which QMS document they need to control based on its importance to the system and impact on the organisation.
Here are the six attributes of the documentation process that need to be controlled-
1. Identification
How does your organisation identify documents? It is important to have processes in place to ensure that you can find the right document when you need to. One way to ensure quick identification is to specify the title and date or allot a number to minimise confusion.
Another way to do this is to file the records for one product or service together so that you can access the documents easily. In addition, this also involves developing a system to identify any missing records from the QMS.
2. Storage
This involves deciding whether you will keep the documented information in electronic or paper format. If the records are on paper, what are the steps you need to take to control the area where they are stored? Moreover, it is crucial to define access and authorisation to the documents to maintain their integrity.
Additionally, you also need to determine if the records will be stored onsite or offsite and plan their proper management.
3. Protection
The documents and records also need to be protected from loss and damage. For instance, if the records are paper, it is better to avoid storage locations like a basement where they will be exposed to moisture or damage by rodents.
On the other hand, if the records are available electronically, it is necessary to have backup processes in place, with at least one backup copy kept offsite to avoid loss of data.
4. Retrieval
How frequently and quickly you need access to a record will also help determine how and where the documents are stored. Plus, there might even be legal requirements that you need to consider when controlling document access and retrieval.
For instance, the FAA in the United States requires that suppliers of aircraft components provide records to assist with an investigation within 24 hours in the event of an airplane crash. This demands quick access to the documents, and so their retrieval will be controlled accordingly.
5. Retention
Depending on the records and the legislation, you will need to decide how long different records need to be retained. This also includes determining the actual retention period for different documents - whether it relates to when the document was created or when the life of the product or service ends.
6. Disposition
Finally, organisations need to manage and control what happens to the records at the end of the retention period. This involves deciding whether to dispose of the records outright or, if not, then implementing review processes before they are destroyed.
Other Considerations
In addition to the above controls, organisations need to consider the following three factors when maintaining and controlling records.
Legibility: You must ensure that the documents are legible. The use of difficult language or illegible handwriting can make these documents less valuable. Moreover, paper records might also get faint or unreadable over time.
Identifiable: Apart from putting identification control in place, you must also ensure that the identification in itself is not difficult to read or understand.
Retrievable: The documents should be easy to retrieve. This means storing paper records in an easily accessible place and ensuring electronic records are updated to the latest formats to avoid losing them to software upgrades.
Wrapping Up
Effective document control is essential for implementing a robust quality management system and maintaining compliance with ISO 9001 standards. By adopting a proactive approach to record control, organisations can streamline processes, enhance compliance, and improve decision-making.