ISO 9001-Clause 4.2

ISO 9001-Clause 4.2 Documentation requirements

4.2.1 General

ISO 9001 requirement:
The quality management system documentation shall include

a) documented statements of a quality policy and quality objectives,

b) a quality manual,

c) documented procedures and records required by this International Standard, and

d) documents, including records, determined by the organization to be necessary to ensure the effective planning, operation and control of its processes.

NOTE 1 Where the term “documented procedure” appears within this International Standard, this means that the procedure is established, documented, implemented and maintained. A single document may address the requirements for one or more procedures. A requirement for a documented procedure may be covered by more than one document.

NOTE 2 The extent of the quality management system documentation can differ from one organization to another due to

a) the size of organization and type of activities,
b) the complexity of processes and their interactions, and
c) the competence of personnel.

NOTE 3 The documentation can be in any form or type of medium.

Explanation:

Clause 4.2.1 specifies all the different types of documentation needed for your QMS. The need to have additional documentation beyond those specified in this standard may depend upon – customer; regulatory and your own organizational requirements. Other factors to consider may include complexity of products and processes, effect on quality,risk of customer dissatisfaction, economic risk, effectiveness and efficiency, competence of personnel. Clause 4.2.1d requires you to have documents needed to ensure the effective planning, operation and control for QMS processes. Each organization must determine what documentation is needed to achieve this based upon complexity of products and processes, effect on quality,risk of customer dissatisfaction, economic risk, effectiveness and efficiency, competence of personnel.You must have documented statements of your quality policy and objectives. A procedure is a specific way to perform an activity or process, and it may or may not be written. If it is established, documented, implemented and maintained, it is called a documented procedure. A document is information that is written or recorded on some medium such as paper or computer. A document may specify requirements for e.g. a drawing or technical specification, may provide direction for e.g. quality plan, or show results or evidence of activities performed for e.g. records.

4.2.2 Quality manual

ISO 9001 requirement:
The organization shall establish and maintain a quality manual that includes

a) the scope of the quality management system, including details of and justification for any exclusions (see 1.2),

b) the documented procedures established for the quality management system, or reference to them, and

c) a description of the interaction between the processes of the quality management system.

Explanation:

The quality manual is a special type of document that describes your QMS. Besides describing your QMS, your quality manual could provide information on organizational background and capabilities. It may be used by customers, regulatory bodies, suppliers and company personnel for a variety of purposes. There are many acceptable ways to document your quality manual.  You must define the scope of your QMS in your quality manual. Your QMS scope should include facilities (manufacturing and support locations), products, processes, Quality Management and other standards, etc. Customers will want to know the extent of your capabilities and the Registrar will want to determine the time and effort needed to audit your organization.Provide details of any clause exclusions from your scope, and justification for it. You must justify all exclusions and remember, exclusions can only be made from clause 7.Your quality manual must include a description of the interaction of your QMS processes.You have flexibility in whether or not to include your procedures and lower level documentation with your quality manual or organize them in some other fashion. You may include all or some of your procedures in your Quality Manual or reference them to your Quality Manual. Keep a listing or index at the front or back of your Manual showing the complete list of your procedures whether included or referenced.As a controlled document, the quality manual is subject to all of the controls in clause 4.2.3.

4.2.3 Control of documents

ISO 9001 requirement:

Documents required by the quality management system shall be controlled. Records are a special type of document and shall be controlled according to the requirements given in 4.2.4.

A documented procedure shall be established to define the controls needed

a) to approve documents for adequacy prior to issue,

b) to review and update as necessary and re-approve documents,

c) to ensure that changes and the current revision status of documents are identified,

d) to ensure that relevant versions of applicable documents are available at points of use,

e) to ensure that documents remain legible and readily identifiable,

f) to ensure that documents of external origin determined by the org to be necessary for the planning and operation of the quality management system are identified and their distribution controlled, and

g) to prevent the unintended use of obsolete documents, and to apply suitable identification to them if they are retained for any purpose.

Explanation:

A document is information that is written or recorded on some medium such as paper or computer. Clause 4.2.1 tells you what documents you must include in your QMS. All documents that you determine under clause 4.2.1 to be needed for your QMS processes must be controlled. This clause 4.2.3 provides requirements on how these documents must be controlled. Documents  outside the QMS need not be subject to these controls. This clause requires you to have a documented procedure. Ensure that your procedure specifically addresses each of the control requirements, in terms of who, what when, where and how as applicable. Your procedure must address new and old as well as internal and external documents used by the QMS. You must approve all new QMS documentation prior to issue. Some degree of checking, examination or assessment is inherent in ‘approval for adequacy’. You must periodically determine if any updating or revisions of any QMS documentation is needed, and if they are changed, they must be re-approved for adequacy.

The frequency of this review, responsibility and method must be defined in your procedure. This will be determined by events within your organization and how mature or recent your QMS is. Auditors will explore this if they find that your documents have not changed in years, while the nature of your business has changed significantly. Identify changes made to documents so users know exactly what has changed. There are many ways of doing this on printed as well as computerized documents.  Have a method for revision control such as a revision log and master-list of documents which identifies the current revision status. Again, there are other ways of doing this as well.

Not all documents need to be available everywhere within your organization. You must determine what document is applicable (i.e. needed to assure product or process quality) to a specific process or activity and make the relevant version of that document available to that activity, e.g. providing current packaging and shipping work instructions to the shipping department.Once you determine that certain documents need to be made available at various locations, implement some form of distribution control. There are many ways to do this. One way would be to keep a distribution log.

Documents can take a beating in very harsh environments (covered in oil, dust, acid eaten, weather-beaten, etc.) to the point of being illegible. You must regularly review the condition of frequently used hard copy documents to determine whether they need to be replaced. Documents must also be readily identifiable as to its purpose and scope. A simple heading may suffice, (e.g. In-process Inspection Sheet). Computerized documents are sometimes given file names that don’t identify its contents and this might require numerous files to be opened before you find the right one. Identification also implies effective filing for timely retrieval, whether manual or computerized. A frequent nonconformity is not being able to retrieve a document or record because of poor filing procedures. External documents (such as customer drawings or supplier material/part specifications) must be identified. There are many ways to do this. One way would be to keep a manual or computer list of these documents. Determine who needs these documents and have some form of distribution control. Don’t overlook supplier, regulatory or industry documents. Apply applicable controls to these as well.

Obsolete documents can cause many problems if not controlled. There are many ways to do this. One way would be to provide computerized documents in read-only mode and make only the current version accessible at workstation computer screens. Obsolete hard copy documents can be removed through distribution control. Ensure your procedure a covers methods to disallow unauthorized and unapproved or incorrect documents from being created, used or distributed.If documents are archived, make sure that all such documents are properly identified, indexed and filed, and preferably have controlled or restricted access to them. Nonconformities against the document control process are one of the most frequent audit findings. Develop appropriate performance indicators to demonstrate effective implementation of your document control process. Examples include – number of obsolete or unauthorized documents found being used; number of unauthorized changes found; number of instances documents were not available at points of use; etc. Track trends in these indicators and use this information to tighten your controls and continually improve your document control process.  Use the PDCA to plan, implement, measure and improve your document control process.

4.2.4 Control of records

ISO 9001 requirement:

Records established to provide evidence of conformity to requirements and of the effective operation of the quality management system shall be controlled.

The organization shall establish a documented procedure to define the controls needed for the identification, storage, protection, retrieval, retention and disposition of records.

Records shall remain legible, readily identifiable and retrievable.

Explanation:

A record is a special type of document that provides written evidence of results achieved or activity performed (e.g. an inspection record). Records provide one of the strongest forms of evidence of maintaining and demonstrating the effectiveness of your QMS.  Ensure that your documented procedure for control of QMS records addresses each of the control requirements specified in this clause, in terms of who, what when, where and how. These controls apply to all QMS records whether they are hard copy or computerized.ISO 9001 calls for many records. Some records are specified, while others are implied. The onus is on you to demonstrate or provide evidence (records) of conformity to requirements, whether the specific clauses ask for records or not. Requirements for records may originate from the customer, regulatory, industry, or within your organization. Ensure you maintain records to conform to all of these as applicable. Records may also come from suppliers and vendors. All these records are subject to the above controls. The comments under document control regarding legibility, being identifiable and retrievable apply equally to QMS records.

Readily identifiable – relates to easily determining the purpose and scope of the record, e.g. an inspection record for a product at final inspection. The design of QMS records must prevent confusion or ambiguity in the completion and use of records. Records must be written legibly to be useful. Also make sure that they are not exposed to unauthorized change or alteration. For the duration that they are kept, store records in locations and mediums that will protect against unauthorized access and environmental damage – (covered in oil, dust, acid eaten, weather-beaten, etc.). Regularly review the condition of records. The indexing and filing of records (hardcopy or computer) must ensure easy retrieval. Keep a listing of all the different categories of records and define the retention times associated with each category (inspection and test; sales and purchasing; management review; calibration; training; etc). Retention times are typically determined by customer, regulatory, industry or organizational requirements and policies.

Records must eventually be disposed off once past their defined retention times. Disposition could range from permanent destruction of records to permanent storage in a secure onsite or off-site archive. The intent here is to remove the risk of inadvertent use and availability for current activities and unauthorized access. Depending upon the industry, specific records may be kept indefinitely.

Nonconformities against the process for control of records arise frequently. Develop appropriate performance indicators to demonstrate effective implementation of your record control process. Examples of indicators could include – number of instances of inability to retrieve records; amount of time spent looking for records; number of instances of incomplete records; number of instances of damaged records found; etc. Track trends in these indicators and use this information to tighten your controls and continually improve your record control process. Use the PDCA to plan, implement, measure and improve your process for record control.

Audit Checklist

An audit checklist should cover these areas:

  • Does the documented Quality Management System (QMS) include a Quality Policy, Quality Objectives, Quality Manual, Procedures, Work Instructions and Records?
  • How does the Quality Manual address the ISO requirements? Does it show the the exclusions which are not applicable? Does it have the all the procedures or reference of  Procedures?
  • Does it covers the mandatory 6 Procedures and 19 Records, as required by ISO 9001 std?
  • How are QMS controlled documents identified? (Master List?)
  • Are personnel using up-to-date “instructional” QMS documents?
  • How are these QMS documents kept current? What triggers a review?
  • How was the last new QMS document issued? How was the last change or revision handled? Who approved these changes?
  • How are new/ changed QMS documents communicated? Was any training done?
  • Is there a list of QMS records that are controlled? Verify through sampling that they exist, are legible, are retained, and kept in a secure/safe location. Look at both electronic and paper records.

Mandatory Procedure:
Clause 4.2.1: Not applicable
Clause 4.2.2: Quality Manual
Clause 4.2.3: Procedure for control of Document

pdf Example of Procedure for control of documents of Shah promoters & Developers
pdf Example of Procedure for control of documents of Devdatt Industries

Clause 4.2.4: Procedure for control of  Records.

pdf Example of Procedure for control of record of Shah promoters & Developers
pdf Example of Procedure for control of records of Devdatt Industries

Mandatory record: Not applicable
Clause 4.2.1: Not applicable
Clause 4.2.2: Not applicable
Clause 4.2.3: Not applicable
Clause 4.2.4: Not applicable
Evidence/Implementation document ( Not mandatory but helps in fulfillment of requirement):
Clause 4.2.1:

A document may specify requirements (e.g. a drawing or technical specification), provide direction (e.g. quality plan), or show results or evidence of activities performed (e.g. records).

Clause 4.2.2: Quality Manual

pdf Example of quality manual of DEVDATT INDUSTRIES
pdf Example of quality manual of Shah Promotors & Developers
Clause 4.2.3:

Have a method for revision control such as a revision log and master-list of documents which identifies the current revision status. Distribution log for distribution control, in process inspection sheet-readily identifiable.Some of the documents for external control may be standards such as ISO standards or Engineering specification and also customer drawing

pdf Example of format for Documentation Distribution record
pdf Example of format for Revision status record
pdf Example of format for List of Standards
pdf Example of format for List of Customer drawing

Master list of operating procedures, Master list of  Work Instruction, Master list of  Quality Manual

pdf Example of format for Master list of  Quality Manual
pdf Example of format for Master list of operating procedures
pdf Example of format for Master list of Work Instructions

Clause 4.2.4: Master list of records.

pdf Example of format for Master list of  Forms and Formats

Your Donation can make a difference

We have chosen to make our Resources freely and openly available on the web with the hope that it touches the life of thousands of readers who visits us daily. We hope our blog has helped in enhancing the knowledge of our readers and added value to organization and their implementers. We would request you to make donation large and small, so as to provide us the resources needed to distribute, collect, digitize as it is becoming extremely difficult for us to afford the full cost of updating and enriching our site content. Your contribution will ensure that we can keep our blog  up-to-date and add more of the rich resources — such as video — that make a difference for so many worldwide.
Your donation will demonstrate your commitment to knowledge as a public good and is an important part of our overall sustainability plan. Your donation is also important in demonstrating to us how much you value the site and motivates us to devote more of our time towards developing this blog.

Previous-ISO 9001 Clause 4.1

Next-ISO 9001 Clause5.1,5.2,5.3

Back to Home Page

If you need assistance or have any doubt and need to ask any question  contact me at: preteshbiswas@gmail.com  or call at +971569882663. You can also contribute to this discussion and I shall be happy to publish them. Your comment and suggestion is also welcome.


2 Comments

  1. Very good explanation however it does not cover the 800 lb elephant in the room. That elephant is computer software driven instruction. ISO-MSSs are not clear related to this subject and neither are TC-176 interpretations of document control.

    PLCs for instance, provide instruction to both machines and humans, however they are not audited as document control issues, even though the TC176 interpretation of document control clearly spells out knowledge via information and electronic and magnetic media.

    There are literally hundreds of other cases where software (SAP, Oracle etc) provide instruction to operators, however that provision of information is treated as infrastructure and not document control.

Leave a comment

Your email address will not be published. Required fields are marked *

Pretesh Biswas

Pretesh Biswas

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 746 other subscribers