Professional Documents
Culture Documents
Best Tips For Document Management in A QMS and Comply With ISO 9001:2015
Best Tips For Document Management in A QMS and Comply With ISO 9001:2015
ISO 9001:2015
What does the ISO 9001 standard tell us?
7.5.3 Control of documented information
7.5.3.1 Documented information required by the quality management system and by this
International Standard shall be controlled to ensure::
a) it is available and suitable for use, where and when it is needed;
b) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).
7.5.3.2 For the control of documented information, the organization shall address the following
activities, as applicable:
a) distribution, access, retrieval and use;
b) storage and preservation, including preservation of legibility;
c) control of changes (e.g. version control);
d) retention and disposition.
Documented information of external origin determined by the organization to be necessary for the
planning and operation of the quality management system shall be identified as appropriate, and
be controlled.
Documented information retained as evidence of conformity shall be protected from unintended
alterations.
NOTE Access can imply a decision regarding the permission to view the documented information
only, or the permission and authority to view and change the documented information.
The requirements of the standards are very specific, but they do not tell us exactly how to
comply with them for our organization. A frequent problem in organizations that are certified
or implementing the ISO 9001 standard, is the control of the documents that are generated.
To facilitate the control of the documented information, we propose the following:
1. Establish a documented procedure for;
● Approve documents for adequacy prior to issue (Who is responsible for approving)
● Review, update and re-approval of documents.
● Identify changes and the current revision status of the document.
● Make relevant documents available.
● Ensure legibility of documents and are easily identifiable.
● Identify external documents and control their distribution.
● Prevent the use of obsolete documents, and properly identify if they are preserved.
2. Identify the documentation
Design a header that can be used in all documentation, including the logo or organization
name, document name, code, date and version number.
The code of the document will serve to be quickly identified, and is a total freedom of the
organization choose how will encode.
The version is a number that changes each time you make a change to the document, you can
start at 00 when you create it and increase it by 1 each time a change is approved. This serves
to let the reader know if you are using the latest version of the document or if you have an
outdated version.
3. Create a master list or document map
Create a record in which all the documents of the quality management system are listed with
basic information about them. (Name + code + responsibilities + version + guard time + format
+ location). Remember to also add the external documents.
4. Controlled copy
Nowadays, most organizations decide to gradually eliminate paper, replacing printed
documents with digital files. What is recommended is to concentrate all the documents in a
shared network folder and save them in PDF format, so that they can not be modified by
mistake.
Even so, it is often necessary to print copies of the documents so that they are available for
those who do not have access to a computer. These copies should be sealed with the legend
of "controlled copy" in each of its leaves.
Having the legend of controlled copy does not guarantee a good control or ensures that the
documents with which it is available are updated, so in turn, a document must be made where
all the copies that are delivered are registered, with their respective code, version number,
copy number, in which area delivery is made and who is responsible and the position held.
This will facilitate the replacement of the document when there is a modification and change
the version.
5. Obsolete documents
Many times the storage of obsolete documented information may be required by the
organization such as for claims investigation many years after they are generated, or for
different purposes such as organizational knowledge management. One of the ways to save
obsolete digital documents for your history is to compress the documents and protect them
with a password to prevent inadvertent use.
For the elimination of obsolete and unnecessary documented information, the organization
must take into account the control of sensitive data, such as personal or confidential
information, during the elimination process.
In both cases it should be described what are the activities that will be developed for the
storage, the elimination (or both) of obsolete documents and in what way the involuntary use
of these will be ensured. For this it is recommended to identify obsolete copies (watermark /
stamps) either in digital or physical format, separate them from the other current documents
and in case of elimination is described in the procedure, how the process will be carried out.
6. Document management software
The benefit of having a software for document management, is that all the control of
documents from the creation, modification, distribution, approval, accessibility, recovery, use,
storage, printing of copies, obsolete, map of documents, among others activities, are
controlled in one place.
An example is the GENEBRA software. The system simplifies the management of critical
documents, from automating key processes such as revision tracking to exceeding compliance
requirements. Automates document review and approval processes with email notifications of
review tasks that minimize the time it takes to track, review and approve documents.
We can also designate specific permissions to access or print documents, even to download
them. So we can control the visualization of documents to certain people, and keeps all users
updated as it notifies them when the documents were modified or even when they were
about to expire.
GENEBRA is designed to meet the requirements, and it will be much easier to demonstrate
compliance to auditors. For example in point 7.5.3.2 for the control of documented
information, the organization must address the following activities:
a) distribution, access, retrieval and use;
The DISTRIBUTION and the ACCESS to the system are controlled by password. The RETRIEVAL
is done through the query screen using the available filters.
b) storage and preservation, including preservation of legibility;
STORAGE is found in servers of the software, so we do not have to worry about keeping a
backup, we will have all the information available without risk of losing it. The PRESERVATION
of documents is guaranteed according to contract and daily backups are made by the same
software.
c) control of changes (e.g. version control);
CONTROL OF CHANGES, each time a document is modified, the same software increases the
code of the version by +1, so that no document will be outdated, in turn the software will
notify the modifications via email to those responsible.
d) retention and disposition.
The RETENTION and DISPOSITION is done in the same system, such as its disposition, all the
documents can be replaced, inactivated or eliminated from the system.
With GENEBRA, it is not necessary to keep a map of documents in spreadsheets, which must
be updated. In an audit it will be much more comfortable to show the auditor all the updated
documents, where you can also filter what kind of documents you want to see, such as by
process, category, distribution, etc.
You can try the software for free by clicking here.
Note: Remember that one of the most common points of unconformity in all organizations is
the documentation. The adoption of good practices for the control of documented information
is a major step both in implementing the ISO 9001:2015 and its maintenance.
The documented information does not necessarily have to be abundant or scarce, it will
depend on each organization.
Through documentation an organization demonstrates compliance. Communicate what we do
and how we do things, communicate what happened and what results were achieved. It is,
essentially, a tool for communication.
Control it!