Document control is a key part of any Quality Management System (QMS) and, therefore, a requirement of ISO 9001:2015. This blog post explores this requirement and how it can be implemented in an efficient and scalable way within different types of organisation.What is Document Control within a QMS?
Document controls are the measures that are put in place to govern the way contents of a Quality Management System can be accessed, added to, changed or otherwise altered.
Within ISO 9001:2015, ‘control over documented information’ is mandated to determine that the right people have access to a QMS where and when they need it - and to ensure that no unauthorised or unrecorded changes can be made to its required contents:
These provisions appear in ISO 9001:2015, 188.8.131.52 in the following way:
“Documented information required by the quality management system and by this International Standard shall be controlled to ensure:
a) it is available and suitable for use, where and when it is needed;
b) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).”
By requiring controls over the accessibility and distribution of information contained within a QMS, therefore, ISo 9001 aims for the consistent application of standards throughout an organisation.
These document control provisions aim to ensure a QMS is always a reliable means by which a company can define and share the details of their processes and best practice internally, as well as with external auditors when required.
The extent of QMS requirements in ISO 9001: 2015
When it comes to implementing a QMS solution, however, it’s worth noting that ISO 9001: 2015 also states:
“A QMS should maintain documented information to the extent necessary to support the operation of processes and retain documented information to the extent necessary to have confidence that the processes are being carried out as planned.”
And its guidelines further point out:
“the extent of the QMS documented information can differ from one organization to another due to the:
a) size of organization and its type of activities, processes, products and services;
b) complexity of processes and their interactions
c) competence of persons”
But document control is still mandated
So, while having document controls in place (as outlined in Section 7.5.3) is still a vital and mandatory part of your ISO 9001:2015 obligations - the exact way those controls need to be implemented is unspecified and can be commensurate with the size and scale of your operations - plus the complexity of the tasks your business needs to perform.
For some start-ups and SMEs, therefore, using a ‘heavy weight’ digital eQMS (one designed for a company with thousands of employees and a mature and complex product suite) may introduce layers of unnecessary bureaucracy to their daily operations. At the same time, using a paper-based solution, or trying to structure a QMS using Windows File Server, Dropbox or Google Drive may prove inadequate to achieve the required levels of document control within a business.
So, what are the ‘controls of documented information” required by the standard and is your current QMS equal to imposing them?
Here are 7 required document control elements drawn from ISO 9001:2015:
1.Can you approve documents for adequacy prior to issue?
Does your Quality Management System have a procedure for approving the documents which reside in it and ensuring they are correct and adequate prior to issue (i.e. they serve the purpose for which they were designed)? Is approval by certain key stakeholders mandated before issue? Can you create workflows that guarantee the right people have seen and approved a document prior to release?
2.Can you identify the changes and control current document revision status?
Does your QMS track the changes made to quality documentation and record a version history of the document for auditing purposes?
3. Can you make relevant documents available at points of use?
How is your Quality Management System and the documents that comprise it, accessible to your employees? Can your employees (and third party suppliers) who need to adhere to its principles and procedures access it when and how they need to?
4. Can you ensure the documents remain legible and readily identifiable?
Is your Quality Management system clearly presented, labelled and easily searchable? The requirement for legibility and searchability will be more easily catered for in a digital, rather than a paper based QMS format.
5.Can you identify external documents and control their distribution?
Where standards, instruction manuals and other operational information necessary to your quality processes are contained within external documentation they should be accessible and controlled within your QMS. These documents should be labelled, dated and subject to the same approval and publication processes as the ones you author internally.
6. Can you prevent obsolete documents from unintended use?
Controls within a QMS should ensure that documents that have been superseded (previous drafts and iterations of quality documentation) are clearly labelled as such. A good QMS should be able to show the difference between ‘issues’ and ‘drafts’ of documentation.
7. Can you apply suitable identification if obsolete documents are retained?
Again, the document controls you embrace should ensure that version histories are labelled as such, with steps taken to ensure they cannot be mistaken for current issues. This might include automatic renaming or digital watermarking of obsolete documentation.
ISO 9001: 2015 clearly requires a QMS to have robust document controls, but it is mindful of the varying needs of different types and sizes of organisation who may have various levels of resource available to them, but still need to be compliant.
There is scope to meet the demands of the standard by deploying more flexible and lightweight digital solutions than the kind of eQMS typically deployed by larger corporate entities.
In a world of smaller, more agile, digital business bringing extra value and innovation to a global market place, ISO 9001 allows companies to develop QMS solutions that help them focus on quality outcomes rather than prescribing particular quality processes and procedures that may inhibit their commercial flexibility.
The careful selection of a digital QMS powered by a process-driven intranet, can help a business achieve these standards in a scalable way, through better document control.
This, in turn, can lead to fewer operational errors, greater efficiencies and a company-wide focus on continual quality improvement.