ISO 9001:2015, 7.5

Previous newsletter articles have described the ISO/DIS 9001:2015 planned requirements and changes for clause 4 (Context of the Organization), clause 5 (Leadership), and clause 6 (Planning for the Quality Management System).

Clause 7, Support, has five sub-clauses (shown below). This article is on 7.5 Documented Information.

7. Support
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented Information

7.5 Documented Information has the following sub-clauses:

7.5.1 General
7.5.2 Creating and Updating
7.5.3 Control of Documented Information
7.5.3.1 (Untitled)
7.5.3.2 (Untitled)

Before reviewing the requirements, lets discuss “documented information”. It is defined in the terms section as the information required to be controlled and maintained by an organization and the medium on which it is contained.

It can be in any format and media and from any source. It can refer to:

  • quality management system, including related processes;
  • information created in order for the organization to operate (documentation);
  • evidence of results achieved (records).

7.5.1 General

Requirements:

The quality management system must include:

a) documented information required by ISO 9001;
b) documented information determined by organization as being necessary for the effectiveness of the system.

NOTE: The extent of documented information can differ from one organization to another due to the:

a) size of organization and its type of activities, processes, products, and services;
b) complexity of processes and their interactions;
c) competence of persons.

Changes:

Replaces old clauses 4.2.1.c and 4.2.1.d on documentation requirements.
Changes from “procedures” and “records” to “documented information”.
The NOTE on “extent” is from NOTE 2 in old clause 4.2.1.

7.5.2 Creating and Updating

Requirements:

When creating and updating documented information the organization must ensure appropriate:

a) identification and description (e.g., a title, date, author, or reference number);
b) format (e.g., language, software version, graphics), and media (e.g., paper, electronic);
c) review and approval for suitability and adequacy.

Changes:

Gathered requirements from old clause 4.2.3.a, b, c, and e.
New clause adds examples: description, format, and media.

7.5.3 Control of Documented Information

Requirements:

7.5.3.1
Documented information required by system and by ISO 9001 must be controlled to ensure it is:

a) available and suitable for use, where and when it is needed;
b) adequately protected (e.g., from loss of confidentiality, improper use, or loss of integrity).

7.5.3.2
For the control of documented information, organization must address, as applicable:

a) distribution, access, retrieval, and use;
b) storage and preservation, including preservation of legibility;
c) control of changes (e.g., version control);
d) retention and disposition.

Documented information of external origin determined by the organization to be necessary for the planning and operation of the system must be identified as appropriate, and controlled.

NOTE: Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.

Changes:

Gathered from old clause 4.2.3 (c, d, e, f) on control of documents.
Includes requirements from old clause 4.2.4 on control of records.
No mention of obsolete documents; covered by version control.
Adds NOTE on types of access to documented information.
Also see Annex A.6 on Documented Information.