Key Changes in Documentation Requirements

ISO 9001:2000 is less prescriptive than the 1994 version and allows an organization to be more flexible in the way it documents its quality management system. Organizations should develop the minimum amount of documentation needed to demonstrate the effective planning, operation, and control of its processes. The extent of the documentation will be based on process complexity, personnel competence, and organization size.

Clause 4.2 of ISO 9001:2000 describes the documentation requirements for a quality management system. To see how these requirements differ from the corresponding clauses in ISO 9001:1994, see our analysis below:

4.2.1 Documentation Requirements (vs. clauses 4.1.1; 4.2.2 in ISO 9001:1994)

  • Include documented statements of quality policy and quality objectives (clarified)

Clause 4.1.1 of ISO 9001:1994 required management to document its policy and objectives for quality. The new standard clarifies that these documented “statements” are required documentation and must, therefore, be controlled.

Many organizations will revise their quality policy statements to reflect the expanded requirements in clause 5.3, Quality Policy. Since the quality policy statement is a controlled document, don’t overlook that changes to it must be identified (4.2.3.c), made available (4.2.3.d), and the old version removed (4.2.3.g). Quality objectives are also subject to the requirements of clause 4.2.3. Refer to clause 5.4.1 for the requirements for quality objectives.

  • Include documents needed for effective planning, operation, and control of processes (added)

Clause 4.2.2 of ISO 9001:1994 covered procedures, but not documents in general. The new standard includes a requirement for procedures, but also adds that the documentation must include any other documents needed by the organization for the effective planning, operation, and control of its processes. For example, this other documentation could include quality plans, schedules, work instructions, process maps, approved lists, and additional procedures.

The old clause 4.9 (a) said to include procedures where the absence of procedures might adversely affect quality, but this was limited to the production, installation, and servicing areas.

It is still a requirement to include the procedures required by the standard. However, ISO 9001:2000 has reduced the number of required procedures to these six:

4.2.3 – Control of Documents
4.2.4 – Control of Records
8.2.2 – Internal Audits
8.3 – Control of Nonconforming Product
8.5.2 – Corrective Action
8.5.3 – Preventive Action

4.2.2 Quality Manual (vs. 4.2.1)

Clause 4.2.2 of the new standard specifies the minimum content for a quality manual. The format of the manual will vary depending on the size, complexity, and culture of the organization.

  • Include scope of quality management system (added)

ISO 9001:1994 required the quality manual to cover the requirements of the standard. Although this coverage might describe the quality management system, it didn’t expressly define the scope of the system, especially any outsourced processes.

  • Give details and justification for any exclusions (added)

ISO 9001:2000 allows requirements in clause 7, Product Realization, to be considered for exclusion if they do not apply due to the nature of the organization and its product. In those cases, the details and justification for the exclusions must be covered in the quality manual.

  • Describe interaction between processes of system (added)

Clause 4.1 (a) of ISO 9001:2000 requires processes be identified and clause 4.1 (b) requires their sequence and interaction be determined. This clause 4.2.2 (c) adds the requirement to describe the process interaction in the quality manual, which is aligned with the process approach promoted by the new standard (see clause 0.2). Process maps, although not a requirement, may be a good way to illustrate this process interaction in the quality manual.

  • Provide outline of documentation structure (dropped)

Quality manuals adhering to ISO 9001:1994 had to outline the documentation structure used in the quality system. In keeping with the reduced documentation requirements of the new standard, this requirement has been dropped. ISO 9001:2000 requires a documented system, not a system of documents. However, it would still be a good practice to describe the overall documentation framework for the benefit of the reader.

4.2.3 Control of Documents (vs. 4.5)

  • Review and update as necessary and re-approve (clarified)

ISO 9001:1994 required that document changes be reviewed and approved. The new standard now requires documents be reviewed and updated as necessary, which implies a periodic review of documents to see if they need to be revised. A typical practice is to examine all documents not updated during the year to confirm they are still valid.

  • Keep documents legible and readily identifiable (added)

The requirement that records be legible and readily available now also applies to documents. If a document isn’t fully legible, it can’t be used for its intended purpose. Likewise, if it isn’t readily identifiable as the appropriate document, it will not be available for use in a timely manner.

  • Identify external documents and control their distribution (clarified)

ISO 9001:1994 required control of external documents. The new standard clarifies that this control is for the identification and distribution of the external documents.

  • Establish master list or equivalent control procedure (dropped)

ISO 9001:1994 required the use of a master list (or equivalent procedure) to identify the current revision status and to preclude the use of obsolete documents. Since the new standard says to identify the current revision status (4.2.3.c) and to prevent the unintended use of obsolete documents (4.2.3.g), the continued reference to a “master list” is unnecessary. Master lists will still be used by most organizations, but since an equivalent procedure was always acceptable, the specific requirement was dropped.

  • Use the original approval function to review document changes (dropped)

Having the original approvers review and approve document changes (unless designated otherwise) was an ISO 9001:1994  requirement. It has been dropped in ISO 9001:2000. Since there may be situations where responsibilities have changed, the full set of original approvers may no longer be the appropriate reviewers. The organization must define the controls to approve documents for adequacy prior to issue (which includes the review process).

  • Provide reviewers access to pertinent background information (dropped)

To approve documents for adequacy before they are issued implies giving the reviewers the necessary background information to perform their review task. ISO 9001:2000 does not expressly repeat this good practice as a requirement. However, reviewers will know why the document is being updated since the changes must be identified (4.2.3.c).

4.2.4 Control of Records (vs. 4.16)

Organizations are free to develop any records they need to demonstrate the conformity of their processes, products, and quality management system.

  • Ensure records remain readily identifiable (clarified)

ISO 9001:1994 required records to be identified. However, ISO 9001:2000 clarifies that records must be readily identifiable. What is meant by “readily”? Well, the dictionary defines it as “without delay or objection; in a prompt, timely, and cooperative manner”.

  • Maintain pertinent records from subcontractors (dropped)

What about dropping the requirement to maintain pertinent records from subcontractors? Clause 7.4.1 of ISO 9001:2000 requires records be kept of supplier evaluations and any actions arising from the evaluation. So, if records from a supplier are a pertinent part of the evaluation, the records must be maintained. In addition, clause 7.4.3 requires an organization to implement inspection and other activities to ensure purchased product meets specified purchase requirements. Since clause 4.2.4 requires records be maintained as evidence of conformity, any pertinent supplier records needed for evaluation of the received product would be covered.

  • Make records available to customers if required (dropped)

ISO 9001:1994 said records must be made available for customer evaluation, if agreed contractually. ISO 9001:2000 clause 5.2, Customer Focus, requires top management to ensure customer requirements are met. Any contractual requirement to permit customer evaluation of records is adequately covered in the new standard and doesn’t need a more specific reference in 4.2.4 .

  • Collection, filing, indexing, and accessing of records (dropped)

Prior references to the collection, filing, indexing, and access of records were dropped. However, these requirements are still addressed in the new standard by requiring the storage (collection and filing) and retrieval (indexing and access) of records.