Document controls in ISO 9001: meeting the requirements

ISO 9001 is one of the most important and popular international standards. It helps organisations demonstrate their commitment to quality management and have all the right processes and approaches in place to make it happen. Each year hundreds of thousands of companies around the world seek certification in ISO 9001 and go through the required audit process.

One element that is critical for ISO 9001 is having the right documents and related controls in place to support quality management processes. But implementing document controls and demonstrating that they are in place is not always straightforward and realistically organisations may need to invest in additional software to support ISO 9001.

In this post we’re going to explore what needs to be done to get the right document controls in place for ISO 9001. First, we look at what ISO 9001 and why it’s so important. We then look at the specific requirements around documents controls in ISO 9001 and some of the associated challenges. Finally, we look at how policy management software like Xoralia can help.

What is ISO 9001?

ISO 9001 is the international standard for Quality Management Systems (QMS) and helps to define what needs in place to achieve certification. The standard recognises organisations that take a process-led approach to quality management in order to consistently provide products and services that meet both regulatory and customer requirements.

ISO 9001 is published by the International Standards Organisation (ISO), with the current version dating from September 2015.

Why is ISO 9001 important and what are its benefits?

ISO 9001 is a major standard with over two million organisations worldwide certified. It is critical for many organisations as it recognises their commitment to quality, which is important to customers, suppliers and regulators; some successful commercial relationships may even be conditional on ISO 9001 being in place. The fact that the standard is recognised across borders also makes it essential.

ISO 9001 is particularly important for sectors such as manufacturing, construction, technology, engineering, healthcare and more.

Beyond certification, implementing ISO 9001 has major benefits in helping to establish the quality of goods and services, driving efficiency, supporting good customer service, minimising risks, standardising approaches, providing clarity for staff over specific processes and more.

What is document control in ISO 9001?

Documents play a crucial role in the life of organisations. Documents contain details of policies and related information. They provide records of decisions that have been made. Documents represent the “official” line of what to do and are everyday essential reference points for employees.

Within a Quality Management System there is an emphasis on doing things in a particular way to guarantee quality. But employees will need to have access to the right documents with the right information at the right time. Unsurprisingly in ISO 9001 there is an emphasis on having document controls in place to ensure that any relevant documents are up to date, have accurate information, are accessible an dmore.

The need to have “documented information” and the control of documented information are specifically referenced in the standard and is therefore an area that organisations must address in able to get certified.

What ISO 9001 document controls need to be in place?

The ISO 9001 standard is very detailed and requires a lot of very specific actions to gain certification. The area relating to documented information and document controls are covered in section 7.5, and points 7.51 to 7.53. Richard Keen at Endeavour Technical provide a very helpful overview of these sections of ISO 9001, detailing what the standard requires relating to document controls.

In essence it covers the documented information that you need to maintain and retain for ISO 9001 documented information, and additional needs such as the importance of staff fully understanding the type of documents that need to be controlled and how.

Clause 7.5.3 is specifically dedicated to the “Control of Documented Information” and includes (among other things) the need to:

• Have controls in place to approve, review, update, identify changes and provide access to relevant documents , effectively all through their lifecycle.
• Make relevant documents available at the point of use.
• Have a suitable format to for the documents.
• Provide adequate protection and security, including access control.
• Have the right approach to document retention in place.
• And more!

What are some of the challenges with document control in ISO 9001?

Maintaining document controls is not always as straightforward as it should be with some associated challenges. These challenges are relatively common in organisations but organisations seeking ISO 9001 accreditation needs to show that they are tackling these.

Challenges include:

Lack of formality and clarity: Stakeholders simply aren’t clear on what needs to be done relating to document controls, sometimes because there are no formal procedures available or they are too loosely applied. Clearly ISO 9001 requires a far more formal approach with clarity over what everybody needs to do.

Lack of buy-in: Some stakeholders within the business don’t fully buy-in for the need for document controls so don’t manage their documents in the way that they should.

Version control: Version control is not consistently applied so there can be multiple versions of the same document in circulation, with some that are out of date, and confusion about which is the latest one. ISO 9001 cannot be applied when there are multiple versions of documented information.

Access control and security: Access and security controls are not fully applied to documents, usually unintentionally. The ISO 9001 standard requires security and access control to be addressed.

Documents not up to date: Document owners don’t keep their documents up to date, either because they have forgotten to or don’t see it as a priority.

Documents are not easily available: Documents are not easily accessed by the people who need to reference them, often because there is no established or trusted central repository. ISO 9001 requires documents of controlled information to be readily available at the point of use.

Changes are not recognised: Even if changes are made to a document – for example to a policy or a procedure – then this is not communicated or recognised by the people who need to know about what that change is.

There is no approval process in place: Some documents should have an approval process in place but this isn’t there either because it is not clear who the approver should be, or the workflow relies on sending the right emails which isn’t very reliable. ISO accreditation would need to cover approval of the relevant documents.

How can policy management software help with ISO 9001 document control

Policy management solution can help with many of the general challenges associated with controlling documents must be addressed for ISO 9001 certification. For example, a robust policy management software solution like Xoralia:

Additionally, investing in a solution like Xoralia helps to demonstrate that you are doing what you can to put the right documents controls in place for ISO 9001. It also provides clarity for both documents owners and staff to they know what they need to do to support ISO 9001 and reflects its importance, ensuring all stakeholders pull their weight.