Document Control in ISO 9001:2015: What The Standard Requires

Document Control in ISO 9001:2015: What the Standard Requires

Document Control in ISO 9001:2015: What The Standard Requires

For an organisation to comply with ISO 9001:2015, it must have a quality management system (QMS) that includes document control instead of simply a system of documents.

In this article, we look at document control in ISO 9001:2015 and what is required to be compliant.

What is document control in ISO 9001:2015?

The term “documented information” in ISO 9001:2015 refers to the important documents and records that must be kept organised and controlled within the QMS.

Within ISO 9001:2015, control over documented information ensures that:

  • the right people have access to a QMS when and where they need it
  • no unauthorized or unrecorded changes can be made to its required content.

While ISO 9001:2015 requires document controls, the way those controls are implemented is not specified. They can be scaled to an organisation’s size and complexity.

The main objectives of an organisation’s documented information include:

  • communicating information
  • evidence of conformity
  • knowledge sharing
  • dissemination and preservation of an organisation’s experiences.

Documents can be in any format, including paper, magnetic, electronic or optical computer disc, photograph or master sample.

ISO 9001:2015 requirements for documented information

Three clauses within the standard are essential to understand fully for document control in ISO 9001:2015.

Clause 4.4

This clause requires an organisation’s QMS and processes to “maintain documented information to the extent necessary to support the operation of processes and retain documented information to the extent necessary to have confidence that the processes are being carried out as planned”.

Clause 7.5.1

This clause outlines what the QMS documentation must include:

  • Documented information required by this international standard
  • Documented information is determined by the organisation as necessary for the effectiveness of the quality management system.

The note after this clause clarifies how QMS documented information can differ from one organisation to another due to the following:

  • size of organisation and its type of activities, processes, products and services
  • complexity of processes and interactions
  • competence of persons.

Clause 7.5.3

Clause 7.5.3 of ISO 9001:2015 states:

“Documented information required by the quality management system and by this International Standard shall be controlled to ensure:

  1. it is available and suitable for use, where and when it is needed
  2. it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).”

Documents you’re required to maintain

Documented information that the organisation must maintain to establish a QMS include:

  • the scope of the quality management system (4.3)
  • documented information necessary to support the operation of processes (4.4)
  • the quality policy (5)
  • the quality objectives (6.2).

This documented information is subject to the requirements of clause 7.5.

An organisation must also maintain documented information to communicate information necessary for the organisation to operate.

Although ISO 9001:2015 doesn’t require specific documents, examples that add value to a QMS include:

  • organisation charts
  • process maps, process flow charts and/or process descriptions
  • procedures
  • work and/or test instructions
  • specifications
  • documents containing internal communications
  • production schedules
  • approved supplier lists
  • test and inspection plans
  • quality plans
  • quality manuals
  • strategic plans
  • forms.

Documents you’re required to retain

All documented information is subject to the requirements in clause 7.5. Documented information that the organisation must retain to provide evidence of results achieved (records) includes:

  1. Documented information is necessary to ensure the processes are being carried out as planned. (4.4)
  2. Evidence of fitness for monitoring and measuring resources. (7.1.5.1)
  3. Evidence of the basis for calibrating the monitoring and measurement resources (when no international or national standards exist). (7.1.5.2)
  4. Evidence of competence of person(s) doing work under the organisation’s control affects the performance and effectiveness of the QMS. (7.2)
  5. Results of the review and new requirements for the products and services. (8.2.3)
  6. Records are needed to demonstrate that design and development requirements have been met. (8.3.2)
  7. Records on design and development inputs. (8.3.3)
  8. Records of the activities of design and development controls. (8.3.4)
  9. Records of design and development outputs. (8.3.5)
  10. Design and development changes, including the review results and authorisation of the changes and necessary actions. (8.3.6)
  11. Records of the evaluation, selection, monitoring of performance and re‐evaluation of external providers and any actions arising from these activities. (8.4.1)
  12. Evidence of the unique identification of the outputs when traceability is a requirement. (8.5.2)
  13. Records of property of the customer or external provider that’s lost, damaged or otherwise found to be unsuitable for use and its communication to the owner. (8.5.3)
  14. Results of the review of changes for production or service provision, the persons authorising the change and necessary actions taken. (8.5.6)
  15. Records of the authorised release of products and services for delivery to the customer including acceptance criteria and traceability to the authorising person(s). (8.6)
  16. Records of nonconformities, the actions taken, concessions obtained, and the identification of the authority deciding the action with respect to the nonconformity. (8.7)
  17. Results of the evaluation of the performance and the effectiveness of the QMS. (9.1.1)
  18. Evidence of the implementation of the audit program and the audit results. (9.2.2)
  19. Evidence of the results of management reviews. (9.3.3)
  20. Evidence of the nature of the nonconformities and any subsequent actions taken. (10.2.2)
  21. Results of any corrective action. (10.2.2)

An organization is free to develop other records that may be needed to demonstrate conformity of its processes, products, services, and QMS. These records are also subject to the requirements of clause 7.5.

Basic questions to consider

Within ISO 9001:2015, there are seven required document control elements.

1 | Can you approve documents for adequacy before issue?

Your QMS must have a procedure that guarantees the right people see and approve documents (ensuring they serve their purpose) prior to release.

2 | Can you identify the changes and control the current document revision status?

Your QMS must track and record changes made to quality documentation for auditing purposes.

3 | Can you make relevant documents available at points of use?

Your employees (and third-party suppliers) must be able to access documents within your QMS when and where they need to.

4 | Can you ensure the documents remain legible and readily identifiable?

The documents within your QMS must be clear, labelled and easy to find, which is easier to achieve in a digital (rather than paper) format.

5 | Can you identify external documents and control their distribution?

Where standards and operational information necessary to your quality processes are contained within external documents, they must be accessible and controlled within your QMS.

6 | Can you prevent obsolete documents from unintended use?

Your QMS must ensure that obsolete documents are clearly labelled and that the difference between “issue” and “drafts” of documents is shown.

7 | Can you apply suitable identification if obsolete documents are retained?

Document version histories must be labelled to ensure they aren’t mistaken for current issues.

Updates to ISO 9001:2015

ISO 9001 is currently undergoing revision with a new version of the standard expected in late 2026.

So far, nothing suggests that the new revision will change the document control requirements, but organisations that want to remain compliant with ISO 9001 should look for the update.

The next revision of this standard is likely to be ISO 9001:2026 with a target publication date of September 2026.

Simplifying document control in ISO 9001 with a Compliant Management System

Compliants Management System makes it simple to comply with document control standards. It saves your organisation time and eliminates mistakes.

 

Get Started

There has never been a better time to invest in ISO certification. Show your commitment to quality management, the environment or occupational health & safety performance with a UKAS certified ISO certification from Compliant.
Get in Touch