The job's not over until the paperwork's done. 

The ISO 9001 standard cares for us. It cares for us from several aspects. One of these aspects regards our documentation. The ISO 9001 Standard requires that we will document our quality management system by all means.

TYPES OF RECORDS

At first, you must define what documents would be included in this procedure. Documents can be working procedures, diagrams, technical specifications, price quotes etc. In order not to "swirl" around too many documents, let's make it clear. Let's define what a document is:

• Communication of information
• Evidence for correspondence
• Sharing of any kind of knowledge

APPROVED DOCUMENTS

Someone within the organization must supervise all documents and see that they are suitable for working before they are released.
The reason is to prevent any faults where unsuitable documents are being used or information that is classified is handed to wrong bodies. For any document, it required to define who shall approve it and when. Who should be the responsible? The same one who is responsible for the documented information. It must be part of his job description. There are situations that more than one function would be needed to approve one document. It happens when more than one process is documented on one document.

UPDATED DOCUMENTS

• Date of last update
• The reason for the update
• The function who demanded the update
• The function that authorized the update

Now, the ISO 9001 requirement for documents control is to maintain a documented procedure which describes the process of controlling your documents. That means that your organization is required to maintain a written procedure aside from performing the documents control itself. You may want to review the next solution. These guys provide you with templates of documents control procedure that is easy to customize and to use for your own quality management system. The solution is appropriate to the ISO 9001:2008 requirements: QualityManualTemplates.com 

Back to business,

Although the ISO 9001 standard doesn’t require these requirements specifically, it would help you to achieve its basic requirements. Of course you would use what is suitable for your organization. Today there are a lot of document management softwares (like the one mentioned above). These softwares, naturally qualify for the standard requirements but it is recommended to review anything before purchasing.

AVAILABILITY AND DISTRIBUTION OF DOCUMENTS

This is a un separated part of the last requirement. Defining the availability and distribution of documents must include the following:

• User authorization – to which it is authorized to use the document.
• The location of the document – where must the document be kept before and after use.

Most of today's process management systems (such as ERP or CRM systems) provide documents control relevant to the process they handle. They present the user with a screen (a screen on a computer system is a document like any other document) with defined information to input. Most of these systems also has authorization module installed. But when systems like the ones mentioned do not exist in the organization, it must provide with his employees the relevant updated documents. That means the latest approved editions. In order to ensure that, the standard require a documented method. How to obtain that? Well, it depends on your organization and his substructures.

IDENTIFICATION OF DOCUMENTS

Any document (internal or external) must be identified somehow. Any internal document must have a name, serial number, catalogue number or whatever. Something that would identify it. The ISO 9001 standard requires that you maintain a method to achieve the identification. The identification must include the numbering, coding or however you decided to identify the document. But it is required to document the method. You must also include location of documents. How one can trace the document. For example customer's files are scanned to the computer or stored in some closet. The final purpose of all this is to achieve control of the documents - any employee, once he looks at a document or trying to trace a document, would know where to approach; a department, a process, some function or any kind of identification relevant to your organization.
If we look again at process management systems, then it is much simpler. Any document in those systems is identified by a number of some kind, produced by the system. The number is given according to some internal method. In this case you must not document this method but mention it in the procedure that these specific documents are managed and controlled.
In case there are documents that are manually managed you must document the method.

All this applies for external documents as well. Any documentation that arrives from outside (with presumption that it is a document as defined) is included in the ISO 9001 standard requirement. In this case you must specify what is to do with these documents and where one can trace them in the hour of need. For example, where to file the documents. Again, you define the method according to your organization's nature. The ISO 9001:2000 did not refer to this matter specifically, but the new revised edition, the ISO 9001:2008, specifically requires that when an external document is required to realize the product, the method of controlling the documents must refer to it.

DOCUMENTS REMOVAL
You must define a method for documents removal for any reason: unupdated, out of use, irrelevant, etc. The method must include what is it to do with the document and who is the responsible, once it is out of use. For example, removing old documents from the organization's server for no further use or removing old forms from the offices so no one would use them again. Some of this things sound trivial and they are, but still this is a ISO 9001 standard requirement.

A helpful tip: In any external audit (at least the ones that we participated in) the auditor always asked about the backup process. "What is the relation between the ISO 9001 Standard and the organizations files backup process?" You ask. Well, there is an indirect relation to the Documents Control requirement. One of the requirements hinted by the ISO 9001 Standard is that all documents must be backed up. You must Document this subject as well. It's not enough to Show that you perform the backup every evening before you go home. We believe you, but it's not enough. Maintain such a procedure and perform backups for your magnetic files. 

ISO 9001:2008 DOCUMENTS CONTROL REQUIREMENTS

Please refer to this article to learn about the new ISO 9001:2008 requirements for documents control.

SUMMARY:

• The ISO 9001 standard requires that we document all sorts of our documents. It requires that we would not confuse all kinds of documents from different sources as well. Therefore we must define a method for documents control.
• This is not a recommendation but a requirement.
• The method must be presented as a documented procedure.
• The documented procedure would be called "Control of documents ".
• You must include a definition of your documents within the method – describe the types of your documents. You are required to include external documents that are essential to the product realization as well.
• All documents must be approved before use. The purpose is to verify that the documents are suitable for work.
• All documents must be updated. You must define a method to ensure the use of updated documents only. The method should include management documents editions and documents indications.
• All documents must be identified. The organization must specify a method for documents identification. The purpose is that any employee would know which document he holds or where to trace it.
• It is also required to manage availability and distribution of documents. You must verify that documents that are distributed to the users are the correct ones.
• You must define a method for documents removal; when and why to remove documents and in whose responsibility.

aaa