ISO 9001 specifies requirements for a Quality Management System (QMS) where an organization needs to demonstrate its ability to consistently provide product that meets customer and applicable statutory and regulatory requirements.
An organization is required to establish, document, implement, and maintain a quality management system and continually improve its effectiveness.
A cornerstone of the QMS is document control. Therefore, in order for an organization to meet ISO 9001 requirements, it must have a document control system in place. Auditors pay particular attention to document control.
Document control is an essential preventive measure ensuring that only approved, current documents are used throughout the organization. Inadvertent use of out-of-date documents or not approved documents can have significant negative consequences on quality, costs, and customer satisfaction.
What is Controlled Document?
Let's define controlled documents. Controlled document is any document that is used to perform work and not for reference. Furthermore, ISO 9001 states that documents required by the QMS should be controlled.
The QMS includes the following documents: statements of quality policy and quality objectives, quality manual, procedures, and records determined by the organization to be necessary to ensure the effective planning, operation, and control of its processes.
The format and structure of the quality policy, quality objectives, and quality manual is a decision for each organization, and will depend on the organization’s size, culture and complexity.
A small organization may find it appropriate to include the description of its entire QMS within a single manual, including all the documented procedures required by the standard. Large, multi-national organizations may need several manuals at the global, national or regional level, and a more complex hierarchy of documentation.
ISO 9001 specifically requires the organization to have documented procedures for the following six activities:
1. Control of documents
2. Control of records
3. Internal audit
4. Control of nonconforming product
5. Corrective action
6. Preventive action
Some organizations may find it convenient to combine the procedure for several activities into a single documented procedure (for example, corrective action and preventive action). Others may choose to document a given activity by using more than one documented procedure (for example, internal audits). Both are acceptable.
Some organizations (particularly larger organizations, or those with more complex processes) may require additional documented procedures (particularly those relating to product realization processes) to implement an effective QMS.
Other organizations may require additional procedures, but the size and/or culture of the organization could enable them to be effectively implemented without necessarily being documented. However, in order to demonstrate compliance with ISO 9001, the organization has to be able to provide objective evidence that its QMS has been effectively implemented.
The typical controlled document types include:
- policies - the company’s position or intention for its operation;
- procedures - responsibilities and processes for how the company operates to comply with its policies;
- work and/or test instructions - step-by-step instructions for a specific job or task;
- forms and records - recorded information demonstrating compliance with documented requirements;
- drawings - those that are issued for work;
- process maps, process flow charts, and/or process descriptions;
- specifications;
- internal communication;
- production schedules;
- approved supplier lists;
- test and inspection plans;
- quality plans.
The type and extent of the documentation will depend on the nature of the organization’s products and processes, the degree of formality of communication systems and the level of communication skills within the organization, and the organizational culture.
Document Control Procedure
ISO 9001 states that the procedure for document control should be established which should include the following:
1. To approve documents for adequacy prior to issue.
Document approvals are mandatory and must be kept as a record as well. When determining who should approve a particular document, limit approvals to those with direct knowledge or responsibility for the document.
Approval signatures must be recorded prior to the release and use of the document. Approvals may be in the form of a written signature or a password-protected electronic approval record. The date of all approvals must precede the document's release date.
While not explicitly stated, this requirement also applies to temporary memos or postings that are used to communicate QMS or product-related requirements. Any temporary documents must be clearly identified, signed and dated. It is advisable to include an expiration date on temporary documents to ensure they are removed from use when intended.
2. To review and update as necessary and re-approve documents.
All documents must be reviewed periodically and updated and re-approved if needed. This review can be tied to a company's internal audit process, management review or scheduled on some periodic (annual) basis. A record of such reviews must be kept.
3. To ensure that changes and the current revision status of documents are identified.
When a document is updated, a record must be kept of the change, including the reasons for and nature of the change. In addition, current revision status must be maintained. This includes the current development stage (draft, review, approval, etc.) and the date or revision level (number or letter) identifying the current version of the document.
4. To ensure that relevant versions of applicable documents are available at points of use.
The storage and access of documents must easily allow individuals to find the appropriate version of a document to use where needed. Older versions of a document that are still needed (e.g. specifications for an older product) may remain active if necessary, but the revision level must be made clear.
You should consider where designated controlled locations of your documents will be established and whether short-term reference copies of controlled documents will be permitted. Typically, the easier it is for employees to access controlled copies when needed, the fewer times they will feel the need to use an uncontrolled copy of a document. Ensuring timely and convenient access to documents is frequently the source of high costs and repeated discrepancies.
5. To ensure that documents remain legible and readily identifiable.
The format and storage of documents must protect a document from being rendered unreadable due to wear or damage and that every document can be clearly identified through a title, document number or other suitable identification.
6. To ensure that documents of external origin determined by the organization to be necessary for the planning and operation of the quality management system are identified and their distribution controlled.
Documents that do not originate within the organization, but are necessary for ensuring quality and meeting customer requirements must also be controlled. These can include customer, supplier or industry documents. However, the extent of control is limited to clear identification and controlled distribution. A log or other record would suffice to track external documents.
7. To prevent the unintended use of obsolete documents, and to apply suitable identification to them if they are retained for any purpose.
Out-of-date documents or older versions of revised documents must be protected from unintentional use. This usually requires segregation or disposal of obsolete documents. Any obsolete documents that are kept for reference or other purposes must be clearly identified through markings, separate storage areas, or other means.
Controlled documents need to be clearly identified. Hard copy documents need to be stamped. Electronic documents need to be watermarked so that when they are printed, they could be identified that they are controlled documents and a user needs to verify an electronic version prior to use of this document.
Main Objectives
These are some of the main objectives of an organization’s documentation system:
1. Communication of Information
Documentation is viewed as a tool for information transmission and communication.
2. Evidence of conformity
Documentation is viewed as provision of evidence that what was planned, has actually been done.
3. Knowledge sharing
Documentation is used to disseminate and preserve the organization’s experiences. A typical example would be a technical specification, which can be used as a base for design and development of a new product.
Measuring Success
How can you measure the performance of your document control process? Here are some suggested metrics:
User satisfaction – Periodically survey your employees regarding the usability of your documentation. Use the results to improve the format of your documents and training of your authors.
Document errors – Track the number of document revisions due to information mistakes in your documentation. Results will often reveal weaknesses in your review and proofreading processes.
Up-to-date – Count the number of document revisions or audit discrepancies stemming from a document that is out-of-date. This will tell you whether your periodic document reviews or obsolete document provisions are effective.
Cycle time – Measure the time it takes a document to be developed or revised from initial draft to release. Work to improve the efficiency of your document control process as you would any other business process.
Cost – Consider tracking the costs associated with your documentation including developing, revising, storing, retrieving, distributing, filing, auditing, reviewing, approving, etc. Of these potential costs, document retrieval is often an expensive hidden cost generated when individuals must search endlessly for a document because of inadequate indexing, organization, storage or training.
Results of the performance measures of your document control process can help you determine how to drive continual improvements into your entire QMS.
In my next posts I will describe electronic systems that are used for document control.