Required Documents

According to ISO 9001:2008, 4.2.1.a, an organization must include documented statements of quality policy and quality objectives in its quality management system. Clause 4.2.1.b states that the documentation must also include a quality manual.

Clause 4.2.1.c, adds that the documentation must include the documented procedures and records required by the standard. Therefore, ISO 9001:2008 requires the following documents at a minimum:

1. Statement of quality policy (see 5.3) – 4.2.1.a
2. Statement of quality objectives (see 5.4.1) – 4.2.1.a
3. Quality manual (see 4.2.2) – 4.2.1.b
4. Control of documents procedure – 4.2.3
5. Control of records procedure – 4.2.4
6. Internal audit procedure – 8.2.2
7. Control of nonconforming product procedure – 8.3
8. Corrective action procedure – 8.5.2
9. Preventive action procedure – 8.5.3

Six of these required documents are procedures. ISO 9000:2005, 3.4.5, defines a procedure as the “specified way to carry out an activity or a process”. ISO 9000:2005, 3.7.2, defines a document as “information and its supporting medium”.

Other Documents
In clause 4.2.1.d, the standard states that documentation must also include any documents determined by the organization to be necessary to ensure the effective planning, operation, and control of its processes.

Examples of other documents that may add value to the quality management system, although the standard does not specifically require them, include process maps, organization charts, specifications, work instructions, production schedules, approved suppler lists, test plans, and quality plans.

Document Control
The required documents, and others added by the organization, must be placed under document control. Clause 4.2.3 states that a documented procedure must be established to define the controls needed to:

a) approve documents for adequacy prior to issue,
b) review and update as necessary, and re-approve documents,
c) ensure changes and the current revision status of documents are identified,
d) ensure relevant versions of applicable documents are available at points of use,
e) ensure documents remain legible and readily identifiable,
f) ensure documents of external origin are identified and their distribution controlled,
g) prevent unintended use of obsolete documents and apply suitable identification if retained.