More on Document Control for an ISO9001:2000 Quality Management System

Documents required by your ISO9001:2000 quality management system must be controlled. This is a requirement of ISO9001. See Section 4 of the quality standard. No ifs, ands or buts about it. But like most elements of ISO9001:2000, you have tremendous leeway in how you accomplish it.

By quality system documents, I mean your quality manual, quality procedures, and any work orders and forms you may have that are part of your quality system.

As you can tell from my previous posts, I’m a big fan of electronic document control where possible. With computers so reliable and prevalent, most companies should be able to control their documents electronically. This will save you lots of paper and avoid some headaches too.

Some old-school companies are still around, not fully computerized. Paper hard-copy quality documents might be the only option for such companies.

There must be a method of approving documents prior to issue. And, of course, you have to be able to prove that your documents were approved by the appropriate person in your organization.

There must be a method of updating your documents and re-approving them. Yes, you have to have a way to prove they were re-approved.

You must have a way to ensure that any document changes are identified, and a way to know the current revision status.

Your controlled, updated, current quality documents must be available to people who need them. You must have a way to ensure that obsolete documents are not used. If you have some reason to retain obsolete documents, they must be identified as such to prevent accidental use.

Your quality system documents must be legible, and easily identifiable.

Any documents from external origin (drawings from a customer, for example) must be identified and their distribution controlled.

An electronic document control system has several advantages. You can easily protect an electronic document with a password known only to authorized personnel. As long as the password is secure, it would be quite difficult for an unauthorized person to change a document.
And as long as you can prove you have a secure password system, you can prove that only authorized people have made any changes. And if changes were made only by an authorized person, you’ve also accomplished “approval for adequacy” at the same time.

In an electronic system there are no controlled paper copies of documents. I recommend you state “uncontrolled if printed” on every document, informing any reader that if they’re looking at a paper copy, it may not be the current revision. Every user has immediate access to the latest revision within seconds of the revision being made. No having to wait for copies to be made and distributed. No more going through reams of copy paper every time a small revision is made. No more trying to track down a binder that’s supposed to be in a particular place in your factory, but always gets lost. No more trying to read documents through coffee and jelly-doughnut stains.

You must also have a written procedure for occasional review of your documentation. I suggest you include this during your periodic management review. On your management review agenda (one of your controlled forms) include on your checklist “review quality system documentation and re-approve for adequacy, or identify changes that must be made”. Something to that effect.

Similar Posts:

3 Responses to “More on Document Control for an ISO9001:2000 Quality Management System”

  1. Rose Ann Sinclair says:

    I have a question – Is it necessary to name every item with an alpha numerical value such as QAP-015A, or can you generalize and name it “Form 1, 2, etc?

  2. Timothy says:

    No, its not necessary to use any particular method of naming your documents. ISO9001:2000 gives us quite a bit of leeway to meet the standard, and does not specify your naming system. Heck, you could name your documents Bob, Jane, Bill and Pat if you like!

  3. Eva says:

    ISO 9001:2000 / 2008 do not require any specific metod of naming your documents.
    But you may normally want a ISO 9001 Quality Management System and / or your certification to facilitate your acknowlegement as a supplier.
    Your customers’ requirements will always depend on your common field of activity and the rules and regulations (legal, standards, organizations etc.) which apply there.
    One example: If you want to work for the oil industry in the North Sea, UK and / or Norwegian law may apply, as well as the NORSOK standard, the ISO standards for your products and services and, at your choice, the codes and guidelines of your organizations, e.g. IMCA. In addition, your customers may have extra requirements.
    There are both NORSOK and ISO standards for document names, and it will be smart to implement the rules into your quality management system – your customers will most likely use them too.
    One definition of quality is: Do things right at first attempt…

    We will always have to comply with a whole bunch of quality requirements – at minimum ISO 9001 plus the laws of our home country.
    A quality management system which takes this into account, will produce realistic descriptions of business processes which most likely will work in practice.

Leave a Reply