ISO 9001:2015 – Newsletter – Issue 90

Issue 90 – Does every QMS document need to be controlled?

ISO 9001:2015…

Does every QMS document need to be controlled?

I appreciate receiving emails with questions and/or comments from readers of this Newsletter… please continue to do so since it provides me with ideas on what these publications should cover.  In my last Newsletter (ISO 9001:2015 Newsletter Issue 89) we discussed the topic of  “Publicly offered training or onsite training, which one is better?”, and now in this Newsletter we will discuss “Does every QMS document need to be controlled?“.

The ISO 9001:2015 Element numbering…

Element 4 – Context of the organization
Element 5 – Leadership
Element 6 – Planning
Element 7 – Support
Element 8 – Operation
Element 9 – Performance evaluation
Element 10 – Improvement

Does every QMS document need to be controlled?… Let me begin by saying that this question continues to come up with both my Clients and Newsletter subscribers… and that’s why I wanted to try and answer it as best I can.  First of all, I need to be clear what I mean by the word “documents”.  I am talking about the top three (3) layers of the QMS pyramid (Manual/Policies; Procedures; Work Instructions/Forms/etc).  For those who remember the 2008 version of ISO 9001, it was those things covered under the Clause “Control of Documents” (not “Control of Records”; the 4th level of the QMS pyramid).   The “documents” I am referring to in this Newsletter topic are those things that are instructional to the reader/employee.  This is different then other items that captures or records what took place.  A blank form would be a “document” and a filled out form would be a “record”.  By the way, people will automatically assume I am talking about a paper/hardcopy form but it can be in electronic format as well, one that is filled out on a digital display or input device/screen (eg. database fields/screens, etc).

Where in the ISO 9001:2015 Standard does it say to “control” documents?…  It’s always good to find out where exactly are the requirements stated within the ISO 9001:2015 Standard, no matter what the topic of discussion.  In this case, Clause 7.5.1 [b], Clause 7.5.2 and Clause 7.5.3 explicitly state that if you’ve included a “document” within your QMS then it must be controlled.  Not much wiggle room there.  The logic is that if you think it’s important enough to write it down then it’s worth making sure that it is approved by someone in authority, and that everybody is using the same version of that document.  The complaint I hear most often is: “If I had to control every piece of paper in this company I’d go out of business”.  So let’s take a look at how much time and effort it takes to “control” a document.  If it’s a document that rarely changes then most of your time “controlling it” is spent ONCE, upfront at the beginning… after that it gets on a 3 year “review” cycle, at which time it probably won’t change its content, so then only the date/rev level needs updating.  If it’s a document whose content changes very frequently then you will spend time initiating a revision to it each time, in order to change its content (as well as updating its date/rev level), but in this case the time invested should be worth it since you don’t want Employees using an old form/document, and not collecting/entering/following the right information, do you?  In addition, the revising of a document may be one way to “lock-in” an improvement that’s been made to the process so that the gains can be sustained over time.

I also occasionally hear during audits that some documents are more important then others and because of that, “control” is only applied to these critical documents, with the other “uncontrolled documents” left for an Auditor to stumble upon.  I guess my question is:  Who decides which documents are critical and which ones are not?… and do you define this “critical criteria” anywhere? …or is it subjective and left up to the discretion of each Manager/Supervisor?