ISO 9001: It’s About the Records, Not the Documents

Let’s end the confusion about implementing a management system vs. documenting one

Thu, 12/20/2018 - 12:03

Back in January 2009, I wrote an article for Quality Digest titled “ISO 9001 Documentation Is Like a Box of Chocolates.” Here we are, almost 10 years later, all of the ISO 9001 and related standards have been updated, yet companies still misunderstand what to document, how to document, or why to document procedures for their quality management systems (QMS).

 …

Want to continue?
Log in or create a FREE account.
By logging in you agree to receive communication from Quality Digest. Privacy Policy.

Comments

Submitted by ChrisParis on Thu, 12/20/2018 - 10:28

But documents and records are all the same thing, now, called collectively "documented information." So....

Yes, the new standard refers to documents and records as documented information. Where it says maintain documented information it is referring to documents and where it says retains documented information it is referring to records. Hope this helps!

Would you expect to see training material controlled as documented information? Or would that be completely separate?

For instance we decide on our method of controlling documents, does training material need to follow this same system, or can it be completely removed from the management system?

If it's part of the management system, does it still count as something that doesn't need to be followed 100%?

There is no requirement to control training material the same as how you would revision control a procedure or work instruction. I actually have a note in the Quality Manual in my templated system that says:

Note: Procedures, flow charts and work instructions identified as training or reference documents are used for training and auditing purposes and are not required to be followed exactly as written.

I hope this helps!

Bretta

You're conflating two issues. First, do training documents need to be controlled? Answer: probably. There's nothing in the standard that excludes "training documents" as part of a QMS, and instead the standard says ALL QMS documents must be controlled. Suggesting documents as critical as those used to TRAIN people are NOT part of the QMS is a serious stretch. I suppose you can do this if you are intent on ensuring your training sucks.

Next, the second issue is whether training documents need to be followed. To suggest they do NOT need to be followed is also a very, very big stretch. What's the point of training, then? Why provide training materials if the end result is "you can do whatever you like, this entire session has been one long suggestion." Again, this is a surefire way of ensuring really, really bad training.

Finally, the term "reference materials" is toxic in any QMS. There's an industry-wide bad habit that suggests if you mark something "reference only" you suddenly don't need to control it. This is wholly false, and is not supported by ISO 9001. Again, ISO 9001 clearly states that QMS documents must be controlled. There's no allowance for "reference" materials, and this is entirely made-up concept. I want to be clear: *ALL* QMS documents are for "reference" because that's LITERALLY WHAT YOU USE THEM FOR. There's no gradation of "referencing" something -- either you use the information to drive your work or you don't. Slapping "reference only" on some documents because you don't want to control them creates fertile ground for audit nonconformities, assuming the auditor knows what they are doing.

If I print a quality inspection procedure and slather "reference only" on it, I don't have to update the procedure later when I find it was rife with errors? I can let my people continue to use it? What if they are making pacemakers or airplanes? Allowing them to use obsolete documents is okay because I stamped "reference only" on the cover?

"Reference only" was invented by lazy people who didn't want to do document control, and then allowed to perpetuate by lazy auditors who never applied any logical thinking to the concept. THERE IS NO SUCH THING AS "REFERENCE ONLY" DOCUMENTS IN A QMS. Simple.

There was definitely a misunderstanding of my reply to training materials. Any QMS documentation used for managing your system or processes is controlled per you process of controlling documented information. Inspection documents, process instructions, quality manual, procedures for how to control nonconforming outputs, etc. must be controlled and audited to ensure they are being followed as written. Performance to objectives and process expectations measure effectiveness of training and competency. My response was talking about guideline materials produced for the intent of training, that is what I thought the question was pertaining to. Training material can be written beautifully, and revision controlled but once trained if the employee is not able to meet expectations of the process, the competency needs to be addressed not the revision control of the training documents. I still stand by statement that documented information required by the quality management system and by the International Standard requires review and control and that materials used for training can be controlled or reference or guideline purposes, because it is about the competency of the person who had the training not the format or controls of the training materials.

I think I have understood you correctly.

What I am planning is to have a range of training material (these are extremely detailed, too much for a procedure I audit in my opinion). These are all document controlled the same as everything else but I have noted them as 'training guide'.

I am still planning process flow diagrams for the high level processes that these guides support, so we can see exactly how everything fits together, and can then be audited to to ensure we are achieving the expected outputs.

What I want to see is, for instance, if step 4 is achieved, does the process then move to the next responsible team member or department, and do we have the records saved somewhere at this point. I want to audit to see that the key points in the system are working.

What I don't want to do is be auditing to see if someone clicked a certain thing before clicking the next one and then clicking 'next' etc.

That's what I gathered from what you said anyway.

I'm a little uncomfortable with this.. 

I get the no requirement thing for work instructions and all that, however... in AS9100D 8.1.2 b we have to ensure that documented information is consistent with the actual attributes of the products and services.. which relates to the identification and traceability 8.5.2 to ensure we shall maintain the identification of the configuration.. between actual configuration and the required configuration. 

How can you do that without revision controlled technical documented information? 

You do have to revision control those type of docuemnts, my comment and reply was about reference training materials used for training purposes to support competency, not confirguration control or any other docuemnted informtaion used for control of production and service operations.

Hi,

I have captured another potential confusion in this Extract below:

""...The latest standard, ISO 9001:2015, does not mandate any required procedures or manual;

AS9100D and ISO 9001:2015 mandate only one procedure for control of nonconforming outputs and a quality manual....

So, manual and procedures are required/mandated or not? what do you mean exactly ?

thanks for your feedback.

Cheers

Nathalie

Hi Nathalie,

In the AS9100D Standard there are bold requirements that include a requirement for a Quality Manual and a procedure for Control of Nonconfoirning Outputs. In the ISO 9001:2015 Standard Alone there is no requirement for a manual or procedure. Sorry if that came out confusing hope this clears it up.

Bretta

Hi Breta, 

Great article BTW... 

There are requirements for documented information for organisational activity, however the call for a quality manual is a 'note' and these are not auditable right? 

plus the quality manual 'can' be compiled, and 'can' indicates a possibility or capability right? 

I'm currently cleaning up an AS9100D organisation BMS and I am looking to present a Business Manual to contain process maps, turtles etc to explain how they meet the requirements of 4.4. Its not mandated to be called a 'quality manual' per say, as far as I read the clause or have I missinterpreted the clause. 

Thanks

Paul

Submitted by Ayeh (not verified) on Thu, 03/28/2019 - 23:09

I would like to ask if what can we do with the documents ( drawing/work instructions) that is already 9 years on file , after 9 years our client ordered for the same item , my question is are we going to treat it as new document and issue new drawing or we can still use the old drawing on file? 

It is about the revision of the print versus how old it is. So, if the order calls out the same revision of the orint that you have on file from 9 years ago then it is fine to use. If the revision does not match you must get an updated print. Hope this helps.

Bretta

Submitted by Anonymous (not verified) on Sun, 04/07/2019 - 19:49

Hi Bretta,

It sounds basic but i am not sure if it is.

Say, I receive a document update. In the revision history, the revision content exists but approver's name is empty.

The related member say that they can't trace as the last revision was 11 years ago.

Does it violate the ISO 9001 standard or not? i am trying to link it to a specific ISO clause.

The revision content would be the most important part, there is no ISO 9001 requiremetn to know who was the approver 11 years ago when the prior change was made. What is important and required is the approver of the current change and are they authorized to make the change.

Submitted by Anonymous (not verified) on Tue, 04/09/2019 - 20:04

So... we actualy do not need to have Master List of Documents. I have a lot of master lists. Form, Procedure, File, Work Instruction even Obselete Document.

My company using Document Management System (DMS). If I want to get rid all the master lists can I say if its on the DMS then its current? Or do you have better idea on

how I can get rid all the master lists?

Thanks in advance :)

You can definitely eliminate your Master Lists, especially if you have a DMS. The statement you have "Most current version of documents is on DMS" is perfect.

Submitted by Anonymous (not verified) on Thu, 05/02/2019 - 04:18

Hi Bretta

We had an ISO 27001 audit yesterday, and one of our minor non-conformities was that I hadn't included what we do with documents of external origin. The minor was purely that it was missing from the procedure, not that we didn't control these documents.

I asked the auditor why it mattered given that I didn't need a procedure at all going by the standard and he said it was because we had set the rules and there was then a gap in our rules. I said if we hadn't done a procedure then it wouldn't have mattered, to which he replied yes, we would just be testing to see if you meet the standards requirements.

What is your opinion on this? Is he right, or is this really picky?

Submitted by Anonymous (not verified) on Thu, 06/27/2019 - 00:29

In what clause of  ISO 9001 stating the minimum years to retain the record? Is it possible I would keep it only for 3 years?

Submitted by rberna3486 on Tue, 04/28/2020 - 16:00

Hi Bretta,

In my group, we are having a debate on the document revision date vs effective date vs Upload date. 

One side believes that QMS procedures document "revision date" must equal the procedure "effective date" and the "upload date" when formally published.

The other side believes that QMS procedures document "revision date" is based on when the change was done and the "effective date" is the only date we should be a focus when we formally published. 

Thanks! 

Add new comment