Featured Product
This Week in Quality Digest Live
Standards Features
Matthew Barsalou
How failure modes and effects analysis became commonplace
Meg Sinclair
100% real, 100% anonymized, 100% scary
Michael Mills
The answer might surprise you
Alonso Diaz
Consulting the FDA’s Case for Quality program
Master Gage and Tool Co.
Why it matters for accurate measurements

More Features

Standards News
HaloDrive Omnidirectional Drive System for heavy-duty operations
Draft publication aims to help measure and evaluate security programs
Progress via sustainability standards
Has played pivotal role in servicing and supporting the conformity assessment industry
Handle document, audit, and concerns management more effectively
Businesses with $300 million or more revenue in Europe must comply
Helps managers integrate statistical insights into daily operations
Providing practical interpretation of the EU AI Act

More News

Bretta Kelly


ISO 9001: It’s About the Records, Not the Documents

Let’s end the confusion about implementing a management system vs. documenting one

Published: Thursday, December 20, 2018 - 12:03

Back in January 2009, I wrote an article for Quality Digest titled “ISO 9001 Documentation Is Like a Box of Chocolates.” Here we are, almost 10 years later, all of the ISO 9001 and related standards have been updated, yet companies still misunderstand what to document, how to document, or why to document procedures for their quality management systems (QMS).

This article offers examples and explanations of where QMS are over-documented and describes ways in which they can be simplified. The purpose is to illustrate how far off many companies are from understanding the difference between implementing and documenting a QMS. When you are getting registered to ISO 9001:2015 (and this includes any standard that is based on ISO 9001:2015), the emphasis should be entirely on the records (i.e., outputs of your processes) showing compliance to the requirements of the standard, not how the system in question is documented. The length of your quality manual and the number of procedures a company has are irrelevant; the primary focuses when getting registered to the standard should be whether the records meet the requirements of the standard, and what the measurable objectives defined by your company may be.

Let’s end the confusion about implementing a management system vs. documenting one.

The latest standard, ISO 9001:2015, does not mandate any required procedures or manual; AS9100D and ISO 9001:2015 mandate only one procedure for control of nonconforming outputs and a quality manual. Despite this, companies continue to write additional procedures, often for the wrong reasons.

ISO standards’ emphasis on control of documents and records

Since I have been auditing and implementing ISO 9001 systems and aerospace systems, the standards have changed significantly. It is amazing how many companies that documented their original QMS 15 or 20 years ago still try to maintain over-documented systems. These systems hold the company captive to requirements that no longer exist. In the past, ISO 9001 required procedures for every element of the standard. It specifically required a master document list for the procedures, and a records matrix of lists of records and procedures specifying where they were located, how they were indexed, and who the owner was. When these requirements were in place, most records and procedures were hard-copy records and were filed in different departments, so having files indexed made sense.

In that early era of the standards, the world was documented solely on paper. Every department, and thus every area of the company, required controlled document books so that procedures could be easily accessible. Documents of the past had a relatively specific format: purpose of document, scope of document, reference to specific forms (with form numbers), reference to related procedures (with the procedure numbers), and the occasional revision of the reference procedure, among other things. Every time an update was made to a procedure the master lists and controlled document books had to be amended with the new procedure. The latest revision of a procedure not being in the controlled document book, an old revision being at someone’s workstation or in their office, or the master document list not being updated with the latest revision were all common nonconformities at that time.

Over time companies began going paperless. Controlling documents was one of the first things that was automated; companies began sharing documents on a server, sites were set up for the documents, and software was developed for the sole purpose of controlling documents. Now there are complete QMS software packages available and related applications to share documents electronically. Not only does this remove the need for controlled document books, master lists, and matrices of records, but the standards themselves have been updated to the point where none of these controls are required, either.

Despite all of the things that have changed over the years, companies are still holding themselves captive to these obsolete requirements. I believe there are two reasons why companies are still over-documented. The first is relatively straightforward: Companies wrote their original system years ago, and each time a standard was upgraded, rather than simplifying or redocumenting their system, they altered the existing system, and over time the system grew. The second reason is that many auditors still have an expectation when they audit that the company should have master lists as well as records matrices and procedures for every section of the standard. If the company is not familiar enough with the updated standards that do not require these procedures, they may have a hard time defending their simplified system to a registrar or customers and resort to keeping the over-documented system to satisfy them.

During the past 20 years, I have audited many different QMS in different industries. I have found myself in situations where a company’s processes are excellent, it has clear records that show compliance to all the requirements in the standard, customer satisfaction is excellent, and it has perfect performance to objectives. Until I have to ask if the company has any procedures or documents that define their processes, the audit often goes smoothly. It is important to note that in the latest ISO 9001:2015 standard, there are no required documents, not even a requirement for a quality manual. In the latest AS9100D/ISO 9001:2015 standard, only a quality manual and a procedure for how to control nonconforming outputs is required. If the company has procedures outside of these requirements, they become part of the audit. Hypothetically, a company could meet all of the requirements of the standard, have a very high level of performance to objectives, and very clear records, but if it doesn’t meet the requirements of its own internal documents, I am forced to write a nonconformity. Sometimes the error is something minor; it is not uncommon for the company to claim it keeps a records matrix but hasn’t added the record in question to the matrix; or it might claim the record is kept in a purple folder for 24 hours, but along the way it was changed to a blue folder for 48 hours, among other things. It is nonconformities like these that have become extremely saddening to me.

When I am consulting with a company, we are either implementing an ISO or AS system, or simplifying an existing system that is over-documented. The first thing we do is review what is required and what is not, so the company understands the latest requirements of the standard. Then we agree that every document should have a purpose. Depending on the company’s history, this can be a difficult topic to agree on. On occasion I have the company retrieve its entire documented system and do what I call “spring cleaning.” Regardless of the season, I have companies do the following with their documents:

Three piles are made (or categories if we are doing it electronically). One pile is for required procedures (e.g., required per the standard the company is compliant with, required by a customer, required by the company, and it wants that included in the audit).

The next pile is for any documents that are not required and do not have to be followed exactly as written but could be useful for reference, or if the company was training a new person. You can identify these documents by asking the question, “When is this document used?” If the answer is, “Only when we are being audited” or, “Only if we are training a new person,” then it goes in this second pile.

The final pile is for documents that are no longer valid, have no value, or have become unused. You can identify these documents by asking the question, “Does anyone ever use or look at this document?” The documents in pile three are obsolete. The documents in pile two can be identified as training/reference/guideline documents, and by definition do not have to followed exactly as written and therefore do not require any updates. The first pile, the required documents (required by your company, the standard, or a customer), are now considered your quality and/or business management system. Further simplification of only the documents in this pile should be done to take out any information or requirements that should not be in there.

For example, I have audited systems or simplified them for companies that have very specific, 10-page procedures for how they do purchasing. When I interview the purchasing personnel, many times the person doing purchasing has been doing it for more than 15 years. Not only do veteran purchasers commonly fail to reference the purchasing procedure when they are doing the purchasing process, they are most likely the people who wrote the procedure in the first place. If the company wants to have a procedure or instruction for purchasing in the required pile, my suggestion would be a one-page work instruction or flowchart that describes the basics for purchasing. Otherwise, it should go in the pile containing the training documents.

Just as every document should have a purpose, every training, audit, and data collection initiative should have a purpose. A company should never write a document, conduct an audit or training, or collect data unless there is a clear objective. Audits should be done only on processes that are not performing, have new people, or are high risk. Don’t audit for the sake of auditing. Never write a document for the sake of writing a document, either; write only what is required and what makes processes simpler. Remember to identify the process and its purpose. There is no reason why any company can’t choose to work smarter rather than harder.

Documented information (documents and records in the ISO 9001:2015 standard)

This note comes straight from Section 7.5 of ISO 9001:2015:

Note: The extent of documented information for a quality management system can differ from one organization to another due to:
• The size of organization and its type of activities, processes, products and services;
• The complexity of processes and their interactions;
• The competence of persons.

The most recent standard, ISO 9001:2015, is divided into 10 sections. The first three sections are introductions and definitions. Section 4 of the standard is titled “Context of the Organization” and includes requirements for defining the scope of your business management system (BMS); understanding your company and the needs and expectations of interested parties (interested parties are internal and external, for example, your employees, suppliers, and customers). Section 5 is titled “Leaders” and is about management commitment and responsibilities. This section also includes requirements for customer focus and defining your quality policy. Section 6 is titled “Planning” and includes requirements for taking actions to address risk and opportunities, setting measurable objectives and planning to achieve them, or to make changes to your BMS. Section 7 is titled “Support” and includes requirements for resources (e.g., people, infrastructure, environment, calibration, tribal knowledge), competence and awareness, and documented information (the new terminology for documents and records). Section 8 is titled “Operation” and includes requirements for planning, producing, and controlling whatever product or service the company provides.

Finally, sections 9 and 10 are titled “Performance Evaluation” and “Improvement.” Section 9 includes requirements for how to measure customer satisfaction, conduct internal audits, and perform management reviews. Section 10 defines what to do when processes do not meet the desired result; these are control of nonconformance and corrective action.

In the prior standards, there was a section for preventive action; this small section at the very end of the standard has been removed and has now been replaced with “Actions Taken to Address Risk and Opportunities” and is now sprinkled throughout the entire standard. This is very important. Instead of just looking at preventive action as a project or something separate you do to prevent something bad from happening (e.g., late delivery, customer dissatisfaction), ISO 9001:2015  encourages you to evaluate risk in every action you take, and always be aware of taking actions that prevent risk or create an opportunity for improvement. If a company is spending a lot of time conducting processes that generate data, but does not analyze those data, set objectives and goals, and take actions to address risk or act on opportunities to improve, then it is a waste of time to collect the data in the first place.

Are QMS templates good or bad?

Using templates to implement or simplify a company’s QMS is dependent on the type of templates and level of experience in the company with the given standard. If the templates basically plug in the company name and merge it in a generic QMS that is “compliant” with the standard, this would make for a difficult audit process and probably not be very value added, unless there is a high level of experience within the company about the standard. If the templated system forces you to customize it so it specifically describes how your company’s processes work, and the template complies to the given standard, your chances of success in an audit are much more probable. The same holds true for companies that use a software program to maintain their management systems.

A set of documents alone doesn’t make a company compliant to ISO 9001 or AS9100, and neither does a software package by itself. There’s a significant difference between saying, “We use a quality management software system and therefore meet all the requirements of the standard,” and, “We use software to execute processes more efficiently, track data more effectively, and simplify the overall compliance process.”

Misconceptions of implementing a QMS

There are many different interpretations of the ISO 9001 standard. In an effort to highlight some common misunderstandings, some of the myths, urban legends, or misperceptions about requirements will be examined.

Perception: Implementing and maintaining ISO 9001 is expensive.
False: It does not have to be expensive. A company simply needs to document its management system based on what it already does and put in place the programs required to improve on its processes.

Perception: The ISO 9001 system is a quality system (i.e., it belongs in the quality department or is the responsibility of the quality manager). Many organizations feel they need to hire somebody full-time to manage the ISO 9001 system (for example, internal audit coordinator, corrective action coordinator, ISO coordinator).
False: The ISO 9001 system covers an entire business, starting with customer requirements, review and acceptance of those requirements, executing those requirements, measuring and monitoring processes to ensure requirements are being met, and ultimately, delivering a product or service that meets those requirements to ensure customer satisfaction.

Because ISO 9001 is based on the process approach of plan, do, check, and act, it is important that the company learn and understand the standard before implementing or documenting a management system. One way to accomplish this is to send key employees to an ISO 9001 course or hire a trainer or consultant.

A consultant’s role is to teach employees the requirements of the standard and help them define their management system. The foundation of the management system needs to be based on the company’s culture, products, and services, and how it will meet and continually improve on these requirements.

The common-sense approach to documenting a management system

There are many requirements in the standard that say one must “define” a process. Defining a process is not the same as documenting a process; it can be defined verbally, with pictures, in a video, or in a document. If a company has a process and it is deciding if it needs a procedure, flowchart, or work instruction to “define” it, the following questions should be asked, and the management systems should be documented according to the answers:
• In order to perform this process consistently and correctly, does the company need step-by-step instructions to be used by the operator while performing the process? If the answer is yes, then document the steps of the process to be used by the operator.
• In order to train employees on this process, are step-by-step instructions needed? If the answer is yes, the process can be documented as an instruction or as a training or guideline document that is used only for training new employees and not for conducting the process. Consider training videos in this instance.
• Did the last auditor say a process needed to be documented? This is not a valid reason to document a process.

A management system should not be documented for the sake of documenting a management system. If a document is written that nobody ever looks at or uses, and it is collecting dust on a shelf or taking up space on a computer, then it should be eliminated. The reason to document a process of any kind is so there is a clear understanding of the roles, responsibilities, tasks, inputs, outputs and—most important—measurable criteria of the process.

For example, if a company says that all forms will have a form number and revision on them, then all forms must have this. The standard does require forms to be controlled or to have a number or revision. This would be an example of a company adding a requirement beyond the requirements of the ISO 9001 standard. Requirements should only be added when it will benefit the company by ensuring better processes. Do not add this type of requirement based on a perception of the standard or advice given by an outside party—including an auditor.

How to decide if you need a documented procedure

The number and comprehensiveness of the documents written for a company should be directly related to the company’s size, complexity of its processes, and maturity of its workforce. ISO 9001:2015 refers to documents and records as “documented information.” Although the required procedures are no longer mandated by the standard, retaining documented information (records) is still in place and the most important part of implementing a QMS. A new requirement in the standard requests specific care related to documents managed electronically using a software system because most documented information is in digital form. This has a direct relationship on the level of documentation required in modern QMSs. Many processes are automated, and the records are maintained electronically, which in turn removes the need to write a document for it.

The internal audit process is an excellent program to use to determine if a process requires a documented procedure or not. For example:
• As an auditor, you must evaluate if the process is being performed consistently, with consistent and acceptable results.
• An auditor can do this by asking questions of several people performing the process.
• Ask the people the questions individually.
• If the answers are consistent, a documented procedure is not necessary
• Some sample questions: Can you explain the steps to this process? What records do you need to complete for this process?
• The need for a procedure will generally depend on the complexity of the process and the training of the people responsible for the process.
• Often, companies using a complete QMS software will have less need for procedures due to the clarity and simplicity of managing their processes within the software.
• In many organizations, an excellent training program eliminates the need for procedures.
• If, by contrast, there is not consistency among the people observed or interviewed, or there is not consistency in the records resulting from the process between the people being observed or interviewed, then a documented procedure may be appropriate.

Implementations gone bad

Some of the horror stories about ISO 9001 implementations include companies that have binders of procedures, work instruction, and forms and have been trying to implement ISO 9001 unsuccessfully for years. Some have spent $50,000 and others more than $200,000 on internal resources or consultants. Some have had a prior quality manager who wrote a management system and then left the company, and no other employee knew how to continue the management system requirements. Some have gone through three quality managers, each defining, adding to the last management system, or adding confusion by changing requirements.

In many instances, companies that have invested considerable time and money in the process of certification have a hard time letting go of it even when it has proven ineffective or useless. A company must decide if it wants to chase bad money with good money when faced with this problem. It must consider letting the existing management system go and documenting a new and effective management system from scratch. An important part of the ISO 9001 standard is taking action to address risk and opportunities. Therefore, it is simple common sense to change or improve a management system and the associated philosophy when that management system is found ineffective.

Why do companies over-document their management systems?

Some companies have over-documented their management systems to the point where they are useless, based on misperceptions or an inadequate understanding of ISO 9001. Nowhere in the standard does it say how a company is required to do a process; it simply says that a company needs to meet a requirement—generally the customer requirements.

It is the company’s prerogative to decide how it defines processes and how it meets requirements. This is important and the main reason why companies often struggle and fail to create a cost-reducing, effective ISO 9001 program. Many companies, when trying to implement an ISO 9001 program, define it based on what they think the standard implies or what an auditor may expect to see. If not for ISO 9001 requirements, most companies would never implement something they did not need to succeed in business. However, when it comes to implementing an ISO 9001 system, companies define many of the programs based on perception and not on the company’s actual processes or culture.

Perception: It is mandatory to have a document—for example, work instruction, flow chart, procedure—for every process in the company.
False: ISO 9001 states, “NOTE the extent of the quality management system documentation can differ from one organization to another due to the size of organization and type of activities, the complexity of processes and their interactions, and the competence of personnel.”

Perception: It is mandatory to have form numbers and revision or date control on all forms.
False: Nowhere in the standard does it even talk about forms or controlling forms.

Perception: It is mandatory to have a master list of documents or a master list of records that states information such as where they are stored and how long they are kept.
False: Nowhere in the standard does it talk about master lists.

So many companies write 30- to 60-page manuals that have so much detail and often refer to outdated processes or requirements. When written correctly, the manual could be a perfect marketing tool to send to customers that simply tells them the scope of the management system and provides a picture of the interrelation of processes. The interrelation of processes can be as simple as an overall picture of how a company’s processes flow.

The standard does not dictate how to do any of the company’s processes; it simply provides guidelines and states that a company must define how it performs its processes and measures the effectiveness of them. A company should not document processes or procedures based on perceptions of the standard or what an auditor looks for. A company must document its management system based on how it conducts business.

Any other work instructions—flowcharts or procedures that a company feels it needs to effectively produce the given product or service—should be done in a format that best suits the purpose controlling these processes. The most important part of documenting any type of process—management process or product process—is to define the inputs, outputs, and measurements of the process. The better a company defines how to measure each process, the easier it will be to monitor the outputs (data) and pinpoint the areas that require improvement.

The level of complexity or volume of a documented management system has nothing to do with the size or complexity of the processes of a company. The only direct relationship that would be found regarding the level of documents a company requires would be the effectiveness of training programs. The more effective the training programs are, the fewer documents one would expect to see. For example, a work instruction may be needed to teach an employee how to do something (training guideline/reference document), but after training, there is no more requirement for that document.

A few simple rules

The following rules should be considered when documenting your management system:
• A written procedure isn’t necessary for every process and program. You may write some procedures if they are required by a customer or the given standard.
• Don’t write a procedure for the sake of writing one. Learn and understand when a procedure is required or needed.
• Don’t write a procedure around how you want to do a process or think a process should be done. The procedure should reflect what you actually do. Often it can be as simple as referencing the software that you use to manage that process.
• Create the documentation in a format that makes the most sense for the process or people using the document. (Don’t be afraid of pictures and videos, and don’t be afraid to call them “training materials.”)
• Don’t forget that the majority of audit nonconformances are cited because the procedure didn’t reflect the actual process, not because the process didn’t comply to the standard.
• If an instruction manual is used for training, it’s acceptable to say so. Be specific in saying that it’s not a document describing an operational process. Most documented processes exist to train personnel. When personnel are trained and competent in a process, the document loses its importance until new employees are hired.
• Appearance and formatting aren’t important. It’s content that matters!


About The Author

Bretta Kelly’s picture

Bretta Kelly

Bretta Kelly is the owner/operator of Business Management Systems Consulting LLC (BMSC). Kelly began consulting in 1999, implementing, managing, training, and auditing ISO 1994, ISO 9001:2000, and AS 9100 programs for semiconductor, aerospace, chemical, cosmetic, and distribution companies. Currently Kelly conducts third-party audits for several registrars; she conducts internal audits and facilitates management reviews as well. Kelly also provides seminars for internal process auditing and how to conduct management reviews and set measurable objectives. Kelly holds bachelor’s and master’s degrees in industrial engineering, and certifications for Exemplar-QMS Lead Auditor, Probitas-AS 9100 Auditor, HACCP, and SQF 1000 and 2000 auditing and expert training.


Love it!

Thank you for the perspective!

Glad you liked the article

Thank you for the feedback.


Question about QMS Document Revision Date vs Effective Date

Hi Bretta,

In my group, we are having a debate on the document revision date vs effective date vs Upload date. 

One side believes that QMS procedures document "revision date" must equal the procedure "effective date" and the "upload date" when formally published.

The other side believes that QMS procedures document "revision date" is based on when the change was done and the "effective date" is the only date we should be a focus when we formally published. 


How to create record identification no.

Hi Bretta,

Seeking your advice on how to do record identification no.

For e.g document no was set - OP-QMS-001

How about record?

Thanks in advance.


storage of records

In what clause of  ISO 9001 stating the minimum years to retain the record? Is it possible I would keep it only for 3 years?

Document Control Procedure

Hi Bretta

We had an ISO 27001 audit yesterday, and one of our minor non-conformities was that I hadn't included what we do with documents of external origin. The minor was purely that it was missing from the procedure, not that we didn't control these documents.

I asked the auditor why it mattered given that I didn't need a procedure at all going by the standard and he said it was because we had set the rules and there was then a gap in our rules. I said if we hadn't done a procedure then it wouldn't have mattered, to which he replied yes, we would just be testing to see if you meet the standards requirements.

What is your opinion on this? Is he right, or is this really picky?

Master List of Documents

So... we actualy do not need to have Master List of Documents. I have a lot of master lists. Form, Procedure, File, Work Instruction even Obselete Document.

My company using Document Management System (DMS). If I want to get rid all the master lists can I say if its on the DMS then its current? Or do you have better idea on

how I can get rid all the master lists?

Thanks in advance :)

Master Lists

You can definitely eliminate your Master Lists, especially if you have a DMS. The statement you have "Most current version of documents is on DMS" is perfect.


Hi Bretta,

It sounds basic but i am not sure if it is.

Say, I receive a document update. In the revision history, the revision content exists but approver's name is empty.

The related member say that they can't trace as the last revision was 11 years ago.

Does it violate the ISO 9001 standard or not? i am trying to link it to a specific ISO clause.

Revision Hisotry

The revision content would be the most important part, there is no ISO 9001 requiremetn to know who was the approver 11 years ago when the prior change was made. What is important and required is the approver of the current change and are they authorized to make the change.

Old but still active documents

I would like to ask if what can we do with the documents ( drawing/work instructions) that is already 9 years on file , after 9 years our client ordered for the same item , my question is are we going to treat it as new document and issue new drawing or we can still use the old drawing on file? 

9 year old print

It is about the revision of the print versus how old it is. So, if the order calls out the same revision of the orint that you have on file from 9 years ago then it is fine to use. If the revision does not match you must get an updated print. Hope this helps.


But wait...

But documents and records are all the same thing, now, called collectively "documented information." So....

Hi, I have captured another


I have captured another potential confusion in this Extract below:

""...The latest standard, ISO 9001:2015, does not mandate any required procedures or manual;

AS9100D and ISO 9001:2015 mandate only one procedure for control of nonconforming outputs and a quality manual....

So, manual and procedures are required/mandated or not? what do you mean exactly ?

thanks for your feedback.



Documented Info

Hi Nathalie,

In the AS9100D Standard there are bold requirements that include a requirement for a Quality Manual and a procedure for Control of Nonconfoirning Outputs. In the ISO 9001:2015 Standard Alone there is no requirement for a manual or procedure. Sorry if that came out confusing hope this clears it up.


AS9100D Quality manual

Hi Breta, 

Great article BTW... 

There are requirements for documented information for organisational activity, however the call for a quality manual is a 'note' and these are not auditable right? 

plus the quality manual 'can' be compiled, and 'can' indicates a possibility or capability right? 

I'm currently cleaning up an AS9100D organisation BMS and I am looking to present a Business Manual to contain process maps, turtles etc to explain how they meet the requirements of 4.4. Its not mandated to be called a 'quality manual' per say, as far as I read the clause or have I missinterpreted the clause. 



Documented Info

Yes, the new standard refers to documents and records as documented information. Where it says maintain documented information it is referring to documents and where it says retains documented information it is referring to records. Hope this helps!

Training material

Would you expect to see training material controlled as documented information? Or would that be completely separate?

For instance we decide on our method of controlling documents, does training material need to follow this same system, or can it be completely removed from the management system?

If it's part of the management system, does it still count as something that doesn't need to be followed 100%?

Documented Info - Training Material

There is no requirement to control training material the same as how you would revision control a procedure or work instruction. I actually have a note in the Quality Manual in my templated system that says:

Note: Procedures, flow charts and work instructions identified as training or reference documents are used for training and auditing purposes and are not required to be followed exactly as written.

I hope this helps!


AS9100D Work Instructions

I'm a little uncomfortable with this.. 

I get the no requirement thing for work instructions and all that, however... in AS9100D 8.1.2 b we have to ensure that documented information is consistent with the actual attributes of the products and services.. which relates to the identification and traceability 8.5.2 to ensure we shall maintain the identification of the configuration.. between actual configuration and the required configuration. 

How can you do that without revision controlled technical documented information? 

Documented Info

You do have to revision control those type of docuemnts, my comment and reply was about reference training materials used for training purposes to support competency, not confirguration control or any other docuemnted informtaion used for control of production and service operations.

Wait, what?

You're conflating two issues. First, do training documents need to be controlled? Answer: probably. There's nothing in the standard that excludes "training documents" as part of a QMS, and instead the standard says ALL QMS documents must be controlled. Suggesting documents as critical as those used to TRAIN people are NOT part of the QMS is a serious stretch. I suppose you can do this if you are intent on ensuring your training sucks.

Next, the second issue is whether training documents need to be followed. To suggest they do NOT need to be followed is also a very, very big stretch. What's the point of training, then? Why provide training materials if the end result is "you can do whatever you like, this entire session has been one long suggestion." Again, this is a surefire way of ensuring really, really bad training.

Finally, the term "reference materials" is toxic in any QMS. There's an industry-wide bad habit that suggests if you mark something "reference only" you suddenly don't need to control it. This is wholly false, and is not supported by ISO 9001. Again, ISO 9001 clearly states that QMS documents must be controlled. There's no allowance for "reference" materials, and this is entirely made-up concept. I want to be clear: *ALL* QMS documents are for "reference" because that's LITERALLY WHAT YOU USE THEM FOR. There's no gradation of "referencing" something -- either you use the information to drive your work or you don't. Slapping "reference only" on some documents because you don't want to control them creates fertile ground for audit nonconformities, assuming the auditor knows what they are doing.

If I print a quality inspection procedure and slather "reference only" on it, I don't have to update the procedure later when I find it was rife with errors? I can let my people continue to use it? What if they are making pacemakers or airplanes? Allowing them to use obsolete documents is okay because I stamped "reference only" on the cover?

"Reference only" was invented by lazy people who didn't want to do document control, and then allowed to perpetuate by lazy auditors who never applied any logical thinking to the concept. THERE IS NO SUCH THING AS "REFERENCE ONLY" DOCUMENTS IN A QMS. Simple.

Training material

There was definitely a misunderstanding of my reply to training materials. Any QMS documentation used for managing your system or processes is controlled per you process of controlling documented information. Inspection documents, process instructions, quality manual, procedures for how to control nonconforming outputs, etc. must be controlled and audited to ensure they are being followed as written. Performance to objectives and process expectations measure effectiveness of training and competency. My response was talking about guideline materials produced for the intent of training, that is what I thought the question was pertaining to. Training material can be written beautifully, and revision controlled but once trained if the employee is not able to meet expectations of the process, the competency needs to be addressed not the revision control of the training documents. I still stand by statement that documented information required by the quality management system and by the International Standard requires review and control and that materials used for training can be controlled or reference or guideline purposes, because it is about the competency of the person who had the training not the format or controls of the training materials.

I think I have understood you

I think I have understood you correctly.

What I am planning is to have a range of training material (these are extremely detailed, too much for a procedure I audit in my opinion). These are all document controlled the same as everything else but I have noted them as 'training guide'.

I am still planning process flow diagrams for the high level processes that these guides support, so we can see exactly how everything fits together, and can then be audited to to ensure we are achieving the expected outputs.

What I want to see is, for instance, if step 4 is achieved, does the process then move to the next responsible team member or department, and do we have the records saved somewhere at this point. I want to audit to see that the key points in the system are working.

What I don't want to do is be auditing to see if someone clicked a certain thing before clicking the next one and then clicking 'next' etc.

That's what I gathered from what you said anyway.

Training material

Yes, I think you definitely get it! Good luck with your training and auditing.


Thank you, this whole article

Thank you, this whole article was a big help actually!

Thank you

Thank you, glad it helped.