A closer look at Document Control for ISO9001
What is document control?
Properly documented information is at the heart of meeting the ISO9001 standard, and is a key part of providing evidence of conformance. Document control covers how this information is managed. Given that the majority of auditing and compliance verification is through the scrutiny of documented evidence this means that a robust document control process is central to your quality management system.
ISO9001:2015 defines six mandatory components needed for your document control procedure:
1. Document Approval
You must have a set process in place for how you approve new documents (such as procedures), before they are introduced. This approach ensures consistency and that every document is properly approved by relevant people, with a full audit trail, prior to use. You need to outline who will review it, the order of review and who has approval rights. Ensure that you can evidence this, and use a document management system that automates the process as much as possible – such as by setting rules for who has to review specific documents, based on their content, deadlines for approval and workflows around the order of reviewers.
2. Document updating and reapproval of amended documents
It is vital that you review documents regularly to make sure they are up-to-date, suitable, still reflect your practices and current legislation. If how you operate has changed or is changing, you clearly then need to update relevant documents and go through the approval cycle again.
Again, using the right document management system can make this process seamless and easily auditable. Look for one that can automatically flag documents that require review (such as after a set period of time from approval), sends them to reviewers by email and then collates the updates, ready for re-approval. The document history should record all the staff involved in the document development including the timeline.
3. Identify changes
Simply retaining the final version of a document removes the audit trail around its creation and any changes that are made. The ISO9001 standard therefore specifies that you need to be able to easily identify changes to documents, including who made them and when they were made. This can be achieved by adopting a specified numbering or date system for drafts of the same document, or through using different colours or fonts within the document itself. Back this up with an external record of the document history, stored in a spreadsheet, to make the change audit trail easy to follow.
4. Make documents available where they are needed
Document control is all about transferring documents to those that need them, in a clear, auditable way. This includes notifying relevant people (such as reviewers) of any changes – a process that your document management system should be able to assist with. Also look for a system that creates an online backup of Master documents and delivers transparent document ownership, to ensure that it is clear who is responsible for each one.
5. Control documents of external origin
Most organisations are likely to rely on some documents created, supplied or updated by external partners – it is vital that document control is extended to cover these as well as home grown ones. The best way to achieve this is through a document management system that offers a variety of user rights from admin to general user. This ensures accountability and puts limitations on external partner access, whether these are customers or suppliers. Documents can be accessed through an extranet which is restricted to external users whilst at the same time managing rights and permissions for in-house user access.
6. Prevent inadvertent use of obsolete documents
Staff accidentally using obsolete documents can be a major compliance issue, but removing old documents completely leaves gaps in audit trails. Equally, some documents may move from being obsolete to being current again if circumstances change. Therefore implement a system that allows you to mark documents as obsolete, and hides these from normal users so that only the latest, approved version is available to them. You can keep older versions and make those available to selected users, providing a visual indication (such as a line through the title), that makes it clear that they should no longer be used. Also include the ability to change document status from obsolete to current as required, avoiding the need to start the whole approval process again.
Document control is a central pillar of ISO9001:2015 compliance – and using the right document management system can help you manage the process effectively, efficiently and in a timely way. Find out more about how Cognidox can help by looking through our features.