ISO 9001:2015, 7.5

Previous newsletter articles have described the ISO 9001:2015 requirements and changes for Clause 8 – Operation, Clause 9 – Performance Evaluation, and Clause 10 – Improvement.

Our last three newsletters included articles on the requirements in Clause 7 – Support for Resources (7.1), Competence (7.2), Awareness (7.3), and Communications (7.4).

This article is on:

7.5 Documented Information

7.5.1 General
7.5.2 Creating and Updating
7.5.3 Control of Documented Information

Before reviewing the requirements, lets discuss “documented information”. It is defined in ISO 9000:2015, 3.8.6, as the information required to be controlled and maintained by an organization and the medium on which it is contained.

It can be in any format and media and from any source. It can refer to:

  • the management system, including related processes;
  • information created in order for the organization to operate (documentation);
  • evidence of results achieved (records).

7.5.1 General


The quality management system must include:

a) documented information required by ISO 9001;
b) documented information determined by the organization as being necessary for the effectiveness of the quality management system.

NOTE: The extent of documented information for a quality management system can differ from one organization to another due to the:

a) size of organization and its type of activities, processes, products, and services;
b) complexity of processes and their interactions;
c) competence of persons.


  • Replaces old clauses 4.2.1.c and 4.2.1.d on documentation requirements
  • Changes from “procedures” and “records” to “documented information”
  • The NOTE on “extent” is from NOTE 2 in old clause 4.2.1

7.5.2 Creating and Updating


When creating and updating documented information, the organization must ensure appropriate:

a) identification and description (e.g., a title, date, author, or reference number);
b) format (e.g., language, software version, graphics), and media (e.g., paper, electronic);
c) review and approval for suitability and adequacy.


  • Gathered requirements from old clause 4.2.3.a, b, c, and e
  • Adds examples for description, format, and media
  • Drops “re-approval” language since “approval” also applies to updating

7.5.3 Control of Documented Information

Documented information required by the quality management system and by ISO 9001 must be controlled to ensure it is:

a) available and suitable for use, where and when it is needed;
b) adequately protected (e.g., from loss of confidentiality, improper use, or loss of integrity). For the control of documented information, the organization must address, as applicable:

a) distribution, access, retrieval, and use;
b) storage and preservation, including preservation of legibility;
c) control of changes (e.g., version control);
d) retention and disposition.

Documented information of external origin determined by the organization to be necessary for the planning and operation of the system must be identified as appropriate, and controlled.

Documented information retained as evidence of conformity must be protected from unintended alterations.

NOTE: Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.


  • Gathered from old clause 4.2.3 (c, d, e, f) on control of documents
  • Includes requirements from old clause 4.2.4 on control of records
  • Adds examples for protection (confidentiality, use, and integrity)
  • Adds evidence must be protected from unintended alteration
  • No mention of obsolete documents; covered by version control
  • No specific change identification language
  • Adds NOTE on types of access to documented information
  • See ISO 9001:2015, Annex A.6, on Documented Information

You can have our 2.0 day “ISO 9001:2015 Requirements and Transition Guidance” course taught at your location by contacting Larry Whittington at or 770-862-1766.