ISO 9001 Clause 7.5
This clause requires the organisation to ensure that documented information is included in the quality management system that is required by the standard, and any information required to ensure the effectiveness of the quality management system.
What Does ISO 9001 Clause 7.5 Require?
Clause 7.5 of ISO 9001:2015 covers the management of documented information across three sub-clauses. Clause 7.5.1 sets out what documented information the QMS must include. Clause 7.5.2 covers what must be in place when creating or updating documents. Clause 7.5.3 covers how documented information must be controlled.
It is worth noting that ISO 9001:2015 uses the term "documented information" rather than the older terms "documents" and "records" used in previous versions. The standard distinguishes between documented information that is maintained (procedures, policies, manuals - documents) and documented information that is retained (completed forms, records, evidence).
Clause 7.5.1 - What the QMS Must Include
The QMS must include documented information required by the standard, and documented information that the organisation has determined is necessary for the QMS to operate effectively. The volume of documented information will vary depending on the size and complexity of the organisation, the nature of its processes, and the competence of its people - a small, experienced team delivering a simple service will need less documentation than a large manufacturer with complex processes.
Clause 7.5.2 - Creating and Updating Documents
When creating or updating documented information, the organisation must ensure it is appropriately identified and described (title, date, author, reference number or version), that the format and media are appropriate, and that it has been reviewed and approved for suitability. In practice this means documents should be version-controlled, have an issue date, and carry some indication of who approved them.
Clause 7.5.3 - Controlling Documented Information
Documented information must be available and suitable for use when needed, and adequately protected from loss of confidentiality, improper use or loss of integrity. The organisation must address how documents are distributed, accessed and used; how they are stored and preserved; how changes are controlled; and how long documents are retained and how they are disposed of when no longer needed.
Externally sourced documented information - supplier specifications, regulatory requirements, customer drawings - that is necessary for QMS planning and operation must also be identified and controlled.
When I'm auditing against Clause 7.5, I look at individual documents to see whether basic document control has been applied - is there a version number, a date, an indication of who approved it? I'll also check the document register to see whether the organisation has a clear picture of what documents exist and where they are held. Records are the other side of this - I need to see that completed forms, inspection records, audit reports and similar are being retained and are accessible. A document register combined with clear document control fields on the documents themselves covers most of what is needed.
The key practical step for Clause 7.5 is establishing a document register that lists all controlled documents in the QMS, along with their current version, location and review date. The F-IMS20 Document Register does this well. Beyond the register, applying consistent document control fields to all documents - title, reference, issue number, date, approved by - creates the evidence trail that auditors look for. For electronic document management, access controls and version history features in most file storage systems provide additional evidence of control.
Document control sounds more complicated than it is. Every document in your management system should have a title, a version number and a date. Keep a register of what documents you have and where they are. Make sure old versions aren't floating around creating confusion. Review documents periodically and update the version when they change. The F-IMS20 Document Register makes this simple - it's essentially a list of all your documents with their current issue status.
Practical Compliance Guidance
To comply with Clause 7.5, the organisation needs a document control approach that covers identification, approval, version control, access, storage and retention of all documented information in the QMS. A document register provides the central reference point for this.
To formally outline document control arrangements, such as document creation, approval, use and information classifications, these can be covered by the IMS1 Manual Section 1.5.
The alphaZ documents and system below support compliance with Clause 7.5.
| alphaZ document | How it supports Clause 7.5 |
|---|---|
| ISO 9001 Management System Toolkit | The complete toolkit for implementing an ISO 9001 compliant management system. All documents are issue-controlled and structured to meet document control requirements. |
| F-IMS20 Document Register | The primary tool for documenting and controlling all QMS documents. Lists all controlled documents with their current version, location and review status - directly evidencing Clause 7.5.3 compliance. |
| PP-1-08 Management Files Documents Records Policy Procedure | Policy-procedure on management of files, documents and records. |
Note - all the above files can be downloaded with an alphaZ subscription
