The job's not over until the paperwork's done.
The ISO 9001 standard cares for us from several aspects. One of these aspects regards our documentation and its control. Hence the ISO 9001 Standard requires us to document our quality management system by all means.
One of his cares is that we won't get confused and mix up different documents from different sources. Therefore it requires that all documents will be controlled. This is not a recommendation but a requirement. In order to implement an effective documents control in your organization you must maintain a method or a process that define the frame and method of the control. This method will serve as one of the organizations quality procedures and it can be named "Control of documents". You may use other names or terms such as document control procedure, document control jobs, document controller, document management or document management system. They are all relating to the same issue: the specification for documents control. In this procedure you must refer to the next issues.
TYPES OF RECORDS
The first thing you need to do is to define which documents are included under this procedure. Documents may appear as guides, working procedures, diagrams, user manuals forms etc. In order refine the definition of a document, let's define what a document is:
- Communication of information
- Evidence for correspondence
- Sharing of any kind of knowledge
- Any document that answers these definitions and serves the quality management system will be included under the document management.
Now I will review the ISO 9001 Standard's documents control requirements.
Someone within the organization must control the documents and ensure that they are suitable for working before they are released for use. The reason is to prevent any faults where unsuitable documents are being used or information is misused. For each document, it is required to define who shall approve it and when. Who might responsible? The same one who is responsible or connected in some way to the information documented. It can be part of his or hers job description. There are situations that more than one function or role in the organization will need to approve one document. It happens when more than one process is documented on one document.
UPDATED DOCUMENTSImplementing document control requirement ensures that only the last edition is in use – and not an older one. Therefore you must define a method for maintaining updated editions through the organization and its different departments and the elimination of older editions as well.
How would one know what is the last version? Usually organizations manage list of editions and updates of documents; one can manage the changes it on the document itself to tell the truth I am not a fan of this method because it add information on the document that not always needed. But the important thing is to indicate on the document itself the edition. This way, any employee that would use the document, can be sure that he holds the last edition and not an older one. Of course, don’t forget to document the method on the documents control procedure.
It is also required to define what is to do with old versions that are now not updated; how do you handle them? Are they to be destroyed, archived, deposit or etc. Managing the editions must include:
- Date of last update
- The reason for the update
- The function who demanded the update
- The function that authorized the update
- The function that demanded and authorized may be the same.
The ISO 9001 requirement for documents control is to maintain a documented procedure which describes the process method tools and means necessary to control the documents. That means that your organization is required to maintain a written procedure aside from performing the documents control itself. You may want to review the next solution. This firm provides you with templates of documents control procedure and that are easy to customize and implement in your quality management system. The solution is appropriate to the ISO 9001:2008 requirements: QualityManualTemplates.com
Back to business. Consider implementing a document control system or software. Although the ISO 9001 standard does not require these requirements specifically, it would help you achieving the requirements. Today there are a lot of document management systems. These software, were designed according to the standards specifications and naturally qualify for the requirements but it is recommended to review the processes before purchasing.
AVAILABILITY AND DISTRIBUTION OF DOCUMENTSThis is a un separated part of the last requirement. Defining the availability and distribution of documents must include the following:
- User authorization – which function or role in the organization are authorized to use the document.
- The location of the document – where must the document or the information be kept before and after use.
Most of today's process management systems (such as ERP or CRM systems) provide documents control relevant to the process they handle. They do the document control job for you (partially). They present the user with a screen and mask (a screen on a computer system is a document like any other document) with defined information to input. Most of these systems also has authorization module installed. When such systems exist, you may mention this control on the procedure. But when systems like the ones mentioned do not exist in the organization, you must provide the employees with the relevant updated documents. That means the latest approved editions. In order to ensure that, the standard requires a documented method. How to obtain that? Well, it depends on your organization and his substructures. Try this solution for example.
DENTIFICATION OF DOCUMENTS
Any document (internal or external) must be identified somehow. For example, each internal document will have a name, serial number, catalogue number or something that identifies it. The ISO 9001 standard requires that you maintain a method describing the identification; methods and means The identification shall cover:
- the numbering,
- the method for identification,
- the location of documents,
- and how one can trace the document.
The final objective of this is describing the control of the documents - any employee, once he reviews a document or trying to trace a document, would know where to approach; a department, a process, some function or any kind of identification relevant to your organization. It is like a map with instructions regarding your documentation. If we look again at process management systems (ERP), then it is much simpler. Any document in those systems is identified by a number, produced by the system and related to a process. The number is given according to some internal method. In this case you must not document this method but mention it in the procedure that these specific documents are managed and controlled.
In case there are documents that are manually managed you must document the method.
All this applies for external documents as well. Any documentation that enters the organization and serve as an input (with presumption that it is a document as defined) shall be included under the ISO 9001 standard requirement. In this case you must specify what is to do with these documents and where one can trace them in time of need. For example, where to file the documents. Again, you define the method according to your organization's nature. The ISO 9001:2000 did not refer to this matter specifically, but the new revised edition, the ISO 9001:2008, specifically requires that when an external document is required for the realization of the product, the method of controlling the documents must refer to it.
The method shall refer to the removal of documents for any reason: not updated, out of use, irrelevant, etc. The method must include what is it to do with the document and who is the responsible, once it is required to be removed. For example, removing old documents from the organization's server for no further use or removing old forms from the offices so no one would use them again. Some of this things sound trivial and they are, but still this is a ISO 9001 standard requirement.
A helpful tip: In any external audit (at least the ones that we participated in) the auditor always asked about the backup process. "What is the relation between the ISO 9001 Standard and the organizations files backup process?" You might ask. Well, there is an indirect relation to the Documents Control requirement. One of the requirements hinted by the ISO 9001 Standard is that all documents must be secured. In other words, backed up. You must Document this issue as well. It's not enough to show that you perform the backup every evening before you go home. Everybody believes you, but it's not enough. Maintain such a procedure and perform backups for your magnetic files.
- The ISO 9001 standard requires that we document all sorts of documents that are part of the QMS. Therefore we must define a method for documents control
- The method must be presented as a documented procedure
- The documented procedure may be called "Control of documents "
- You must include a definition of your documents within the method – describe the types of your documents. You are required to include external documents that are essential to the realization of the product as well
- All documents must be approved before use. The purpose is to verify that the documents are suitable for work
- All documents must be updated. You must define a method to ensure the use of updated documents only. The method should include management documents editions and documents indications
- All documents must be identified. The organization must specify a method for documents identification. The purpose is that any employee will know which document he holds or where to trace it
- It is also required to manage availability and distribution of documents. You must verify that documents that are distributed to the users are the correct ones
- You must define a method for documents removal; when and why to remove documents and in whose responsibility