Controlling external documents in your ISO9001:2000 Quality Management System

Do you use external documents? External documents are those generated and (usually) updated by organizations outside your company. Documents such as government standards, MIL-SPEC documents, Federal Aviation Regulations, drawings created by your customers or vendors, etc. are considered external documents. Chances are your organization is not responsible for, or allowed to, modify external documents.

If you don’t want to control external documents, you must specifically state in your quality manual, and on the documents themselves, that they are “For Reference Only” and are not updated.

External documents that you depend on, and are updated occasionally, must be controlled in your quality management system. Revision is usually controlled by the publisher. You are responsible to ensure that you have a means to receive updates from the publisher (such as a current subscription) and that you periodically check to make sure that you have the latest revisions.

As part of your document control, you must also devise a way to withdraw the obsolete documents and prevent their accidental use, and also issue the new updated documents to the necessary personnel in your organization. Whatever process you use to make sure you have the latest revisions, you must document this in your quality manual.

Similar Posts:

6 Responses to “Controlling external documents in your ISO9001:2000 Quality Management System”

  1. Ed Bones says:

    The problem is not primarily one of control, but of identification. The external documents pertinent to the management of a business extend well beyond the obvious Standards and Specifications relating to product and include all the regulatory documents that concern or impact on the running of the business. Identification is made worse for this larger group of documents when it is possible for individuals (rightly) to obtain their own copy.


  2. Fredrik says:

    The management system in our organization is accredited against a specific standard. Part of our organization is certified against another standard due to specific technical demands but otherwise part of our management system. Is it correct to consider documents from the accredited organization being external when used in the certified organization?


  3. Timothy says:

    If the “accredited organization” you’re talking about is the organization that wrote the other standard, then the answer to your question is yes. If the accredited organization is another part of your company, then those documents should be treated as any other internally generated, controlled documents in your company.

  4. Fredrik says:

    Our organization is divided into 9 departments. We have a common management system accredited against ISO 15189. One department is also certified against ISO 13485. In their separat management system this departement refer to common routines. According to an external audit those common routines has to be concidered being of external origin. Unfortunatly we have two different ways of controlling documents from depending of its origin (from the department or from the common management system). We are now implementing the same controlling routine to all documents.
    If I understood your answer correctly then we can concider documents from the common management system being internally generated.


  5. Timothy says:

    This blog is related specifically to ISO9001 quality systems, and my previous reply was from an ISO9001 viewpoint. I’m sorry but I have no experience with ISO13485 or ISO15189.

  6. anabelle villanueva says:

    my company is certified ISO 9001, how can i control the externally generated documents for me to ensure that the latest version of EGD is used by the Institution

Leave a Reply