Documented Information

Control of documented information is required by all management system standards. Their common document and record control requirements are based on Annex SL of ISO Directives, Part 1.

This article identifies the requirements for documented information in Annex SL (black) and the added text for ISO 9001:2015 (blue), ISO 14001:2015 (green), and ISO 45001:2015 (red).

7.5 Documented information
7.5.1 General

The organization’s (quality; environmentaloccupational health and safety) management system shall include:

a) documented information required by this International Standard;
b) documented information determined by the organization as being necessary for the effectiveness of the qualityenvironmentaloccupational health and safety) management system.

NOTE The extent of documented information for a (quality; environmentaloccupational health and safety) management system can differ from one organization to another due to:

– the size of organization and its type of activities, processes, products and services;
– the need to demonstrate fulfillment of its compliance obligations;
– the need to demonstrate fulfillment of legal requirements and other requirements;
– the complexity of processes and their interactions;
– the competence of persons (workersdoing work under the organization’s control.

7.5.2 Creating and updating

When creating and updating documented information, the organization shall ensure appropriate:

– identification and description (e.g., a title, date, author, or reference number);
– format (e.g., language, software version, graphics) and media (e.g., paper, electronic);
– review and approval for suitability and adequacy.

7.5.3 Control of documented information

Documented information required by the (quality; environmentaloccupational health and safety) management system and by this International Standard shall be controlled to ensure:

a) it is available and suitable for use, where and when it is needed;
b) it is adequately protected (e.g., from loss of confidentiality, improper use, or loss of integrity).

For the control of documented information, the organization shall address the following activities, as applicable:

– distribution, access, retrieval and use;
– storage and preservation, including preservation of legibility;
– control of changes (e.g., version control);
– retention and disposition.

Documented information of external origin determined by the organization to be necessary for the planning and operation of the (quality; environmentaloccupational health and safety) management system shall be identified as appropriate, and controlled.

Documented information retained as evidence of conformity shall be protected from unintended alterations.

NOTE 1: Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.

NOTE 2: Access to relevant documented information includes access by workers, and, where they exist, workers’ representatives.