Best Tips for Document Management in a QMS and comply with ISO 9001:2015 • Genebra Quality Management Blog
Foto: Carl Heyerdahl
Share your knowledge about quality
7 de May de 2019
Project Coordinator Felipe Setlik and Marketing specialist Ana Carolina Joska
Why quality people still suffer with document review control
31 de May de 2019
Show all

Best Tips for Document Management in a QMS and comply with ISO 9001:2015

Foto: Antonino Visalli

Foto: Antonino Visalli

What does the ISO 9001 standard tell us?

7.5.3 Control of documented information

7.5.3.1 Documented information required by the quality management system and by this International Standard shall be controlled to ensure::

a) it is available and suitable for use, where and when it is needed;
b) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).

7.5.3.2 For the control of documented information, the organization shall address the following activities, as applicable:

a) distribution, access, retrieval and use;
b) storage and preservation, including preservation of legibility;
c) control of changes (e.g. version control);
d) retention and disposition.

Documented information of external origin determined by the organization to be necessary for the planning and operation of the quality management system shall be identified as appropriate, and be controlled.
Documented information retained as evidence of conformity shall be protected from unintended alterations.
NOTE Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.

The requirements of the standards are very specific, but they do not tell us exactly how to comply with them for our organization. A frequent problem in organizations that are certified or implementing the ISO 9001 standard, is the control of the documents generated. To facilitate the control of documented information, we propose the following:

1. Establish a documented procedure for

  • Approve documents for adequacy prior to issue (Who is responsible for approving)
  • Review, update and re-approval of documents.
  • Identify changes and the current revision status of the document.
  • Make relevant docum ents available.
  • Ensure documents are legible and easily identifiable.
  • Identify external documents and control their distribution.
  • Prevent the use of obsolete documents, and properly identify if they are preserved.

2. Identify the documentation

Design a header that can be used in all documentation, including the logo or organization name, document name, code, date, and version number.

The code of the document will serve to quickly identified it, and the organization is free to choose how it will encode its documents.

The version is a number that is altered each time you make a change to the document, you can start at 00 when you create it and increase it by 1 each time a change is approved. This serves to let the reader know if you are using the latest version of the document or if you have an outdated version.

3. Create a master list or document map

Create a record in which all the documents of the quality management system are listed with basic information about them. (Name + code + responsibilities + version + guard time + format + location). Remember to also add the external documents.

4. Controlled copy

Nowadays, most organizations decide to gradually eliminate paper, replacing printed documents with digital files. The recommendation is to concentrate all the documents in a shared network folder and save them in PDF format, so that they can not be modified by mistake.

Even so, it is often necessary to print copies of the documents so that they are available for those who do not have access to a computer. These copies should contain a “controlled copy” stamp or footer in each of its sheets..

Even if the documents have a controlled mark it does not guarantee a good control or ensures that available documents are updated, so in turn, a document must be made where all the copies that are delivered are registered, with their respective code, version number, copy number, in which area delivery is made and who is responsible and the position held.

This will make the document replacement easier when there is a modification and version change.

5. Obsolete documents

Many times the storage of obsolete documented information may be required by the organization such as for claims investigation many years after they are generated, or for different purposes like organizational knowledge management. One of the ways to save the obsolete digital documents history is to compress the documents and protect them with a password to prevent inadvertent use.

If the organization desires to eliminate obsolete and unnecessary documented information, it must consider the control of sensitive data, such as personal or confidential information, during the elimination process.

In both cases it should described the activities developed for the storage, the elimination (or both) of obsolete documents and in what way the involuntary use of these will be ensured. It is recommended to identify obsolete copies (watermark / stamps) either in digital or physical format, separate them from current documents and, in case of elimination describe in the procedure how the process will be carried out.

6. Document management software

The benefit of using a document management software, is that all the control of documents from the creation, modification, distribution, approval, accessibility, recovery, use, storage, printing of copies, obsolete, map of documents, among others activities, are controlled in one place.

GENEBRA software is an example. It simplifies the management of critical documents, from automating key processes such as revision tracking to exceeding compliance requirements. Automates document review and approval processes with email notifications of review tasks that minimize the time it takes to track, review and approve documents.

We can also designate specific permissions to access or print documents, even to download them. With GENEBRA we can control the documents visualization to certain people, and keeps all users updated with notifications about modified documents or when they are about to expire.

GENEBRA is designed to meet the requirements, and it will be much easier to demonstrate compliance to auditors. For example in point 7.5.3.2 for the control of documented information, the organization must address the following activities:

a) distribution, access, retrieval and use;

The DISTRIBUTION and the ACCESS to the system are controlled by password. The RETRIEVAL is done through the query screen using the available filters.

b) storage and preservation, including preservation of legibility;

STORAGE is found in servers of the software, so we do not have to worry about keeping a backup, we will have all the information available without risk of losing it. The documents PRESERVATION is guaranteed according to contract and daily backups are made by the same software.

c) control of changes (e.g. version control);

CONTROL OF CHANGES, each time a document is modified, the same software increases the code of the version by +1, so that no document will be outdated, in turn the software will notify the modifications via email to those responsible.

d) retention and disposition.

The RETENTION and DISPOSITION is done in the same software, such as its disposition, all the documents can be replaced, inactivated or eliminated from the system.

With GENEBRA, it is not necessary to keep a map of documents in spreadsheets, which must be updated. During an audit it will be much more comfortable to show the auditor all the updated documents, where you can also filter the documents you want to see by its  process, category, distribution, etc.

You can try GENEBRA for free by  clicking here.

Note: Remember that one of the most common points of nonconformity in all organizations is documentation. The adoption of good practices for the control of documented information is a major step both in implementing the ISO 9001:2015 and its maintenance.

The documented information does not necessarily have to be abundant or scarce, it will depend on each organization.

With the correct documentation, an organization can demonstrates its compliance to the standard. Communicate what we do and how we do things, as well as what happened and what results were achieved. It is, essentially, a tool for communication.

Victoria Pollock
Victoria Pollock
Quality Management Consultant

Leave a Reply

Your email address will not be published. Required fields are marked *

four × one =