ISO 9001 Compliance
A Core Business Solutions article in the ISO Explained series
February 17, 2006
4.2.3 Document Control
Keeping your QMS Current
by scott dawson
THE IMPORTANCE OF DOCUMENT CONTROLA cornerstone of the quality management system (QMS) is the control of documents. While not a particularly glamorous activity, document control is an essential preventive measure ensuring that only approved, current documentation is used throughout the organization. Inadvertent use of out-of-date documents can have significant negative consequences on quality, costs and customer satisfaction.
"It behooves those responsible for managing their organization’s QMS to design a document control process that is simple to use, easy to monitor and effective to prevent the use of incorrect documentation."
Because of its importance, companies often invest heavily in dedicated staff, detailed procedures and specialized software programs to keep control of their QMS and other business documents. Auditors (internal and external) also pay particular attention to document control disciplines resulting in frequent audit nonconformances (it is commonly reported that document control generates the most nonconformances in and ISO 9001 QMS). It behooves those responsible for managing their organization's QMS to design a document control process that is simple to use, easy to monitor and effective to prevent the use of incorrect documentation.
DESIGNING YOUR DOCUMENT CONTROL PROCESSBefore reviewing the specific ISO 9001 document control requirements, let's briefly discuss essential design criteria for an effective document control process.
Less is often better than more.
Navigation, hierarchy & structure
This logical arrangement clarifies the authority, scope and interrelationships of each document. Lower-level documents must agree with requirements of related higher-level documents. Higher-level documents generally reference lower-level documents for easy navigation.
The mixed blessing of cross-referencing
Alternatives to intra-document referencing might include:
Reviews & approvals
Document approvals are mandatory and must be kept as a record as well. When determining who should approve a particular document you must balance the desire for gaining buy-in and accountability by affected departments with the need for efficiency of the document control process. Often it is helpful to ask, "what value does each signature add to the document?" and limit approvals to those with direct knowledge or responsibility for the document.
Generally, the more signatures you require, the longer the approval process will take. An alternative to a long approval list would be to include more individuals in the review process, giving everyone a chance to comment on the document before it is released.
REQUIREMENTS FOR DOCUMENT CONTROLThe ISO 9001 standard includes specific document control requirements that will be subject to all internal and external audits (ref. 4.2.3).
Documents required by the quality management system shall be controlled.
This includes all policies, procedures, work instructions, forms, specifications, and other company documents affecting quality or customer satisfaction.
Records are a special type of document and shall be controlled according to the requirements given in 4.2.4.
A documented procedure
A documented procedure shall be established to define the controls needed
A document control procedure is one of six mandated procedures in the ISO 9001 standard and it must include the company's processes for the following requirements:
a) to approve documents for adequacy prior to issue,
Approval signatures must be recorded prior to the release and use of the document. Approvals may be in the form of a written signature or a password-protected electronic approval record. The date of all approvals must precede the document's release date.
While not explicitly stated, this requirement also applies to temporary memos or postings that are used to communicate QMS or product-related requirements. Any temporary documents must be clearly identified, signed and dated. It is advisable to include an expiration date on temporary documents to ensure they are removed from use when intended.
b) to review and update as necessary and re-approve documents,
All documents must be reviewed periodically and updated and re-approved if needed. This review can be tied to a company's internal audit process, management review or scheduled on some periodic (annual?) basis. A record of such reviews must be kept.
c) to ensure that changes and the current revision status of documents are identified,
When a document is updated, a record must be kept of the change (the reasons for and nature of the change). In addition, current revision status must be maintained. This includes the current development stage (draft, review, approval, etc.) and the date or revision level (number or letter) identifying the current version of the document.
d) to ensure that relevant versions of applicable documents are available at points of use,
The storage and access of documents must easily allow individuals to find the appropriate version of a document to use where needed. Note that older versions of a document that are still needed (e.g. specifications for an older product) may remain active if necessary, but the revision level must be made clear.
You should consider where designated controlled locations of your documents will be established and whether short-term reference copies of controlled documents will be permitted. Typically, the easier it is for employees to access controlled copies when needed, the fewer times they will feel the need to use an uncontrolled copy of a document. Ensuring timely and convenient access to documents is frequently the source of high costs and repeated discrepancies.
e) to ensure that documents remain legible and readily identifiable,
The format and storage of your documents must protect a document from being rendered unreadable due to wear or damage and that every document can be clearly identified through a title, document number or other suitable identification.
f) to ensure that documents of external origin determined by the organization to be necessary for the planning and operation of the quality management system are identified and their distribution controlled, and
Documents that do not originate within your organization, but are necessary for ensuring quality and meeting customer requirements must also be controlled. These can include customer, supplier or industry documents (including your copy of the ISO 9001 standard). However, the extent of control is limited to clear identification and controlled distribution. A log or other record would suffice to track external documents.
g) to prevent the unintended use of obsolete documents, and to apply suitable identification to them if they are retained for any purpose.
Out-of-date documents or older versions of revised documents must be protected from unintentional use. This usually requires segregation or disposal of obsolete documents. Any obsolete documents that are kept for reference or other purposes must be clearly identified through markings, separate storage areas, or other means.
MEASURING SUCCESSHow can you measure the performance of your document control process? Here are some suggested metrics:
Results of the performance measures of your document control process can help you determine how to drive continual improvements into your entire QMS.