Changes in New Standard ISO 9001:2015 - Documented Information

Documented information is the information required to be controlled and maintained by an organization and the medium on which it is contained.

Note 1: Documented information can be in any format and media and from any source. 

Note 2: Documented information can refer to:

- the quality management system, including related processes;

- information created in order for the organization to operate (documentation);

- evidence of results achieved (records).

Structure and Terminology

There is no requirement for the terms used by an organization to be replaced by the terms used in ISO 9001:2015 to specify quality management system requirements. Organizations can choose to use terms which suit their operations, e.g., records, documentation, protocols, etc. rather than documented information.

Documented Information

As part of the alignment with other management system standards, a common clause on Documented Information has been adopted without significant change or addition. Where appropriate, text elsewhere in ISO 9001:2015 has been aligned with its requirements. Consequently, the terms documented procedure and record have both been replaced throughout the requirements text by documented information.

Where ISO 9001:2008 would have referred to documented procedures (e.g., to define, control, or support a process), this is now expressed as a requirement to maintain documented information.

ISO 9001:2015 - Required Documents

Number	“Maintain” as Documented Information	ISO 9001
01	Documented information stating the scope of quality management system	4.3
02	Documented information to extent necessary to support operation of processes	4.4
03	Documented information available for quality policy	5.2.2.a
04	Documented information required by this International Standard	7.5.1.a
05	Documented information determined by the organization as being necessary for the effectiveness  of the quality management system	7.5.1.b
06	Documented information of external origin determined by the organization to be necessary for the planning and operation of the quality management system	7.5.3.2

Where ISO 9001:2008 would have referred to records, this is now expressed as a requirement to retain documented information.

ISO 9001:2015 - Required Records

Number	“Retain” as Documented Information	ISO 9001
01	Documented information to extent necessary to have confidence that processes are being carried out as planned	4.4
02	Documented information on the quality objectives	6.2.1
03	Documented information as evidence of fitness for purpose of monitoring and measurement resources	7.1.5
04	Documented information on basis used for calibration or verification where no such standards exist	7.1.5
05	Documented information as evidence of competence	7.2.d
06	Documented information required by this International Standard	7.5.1.a
07	Documented information determined by the organization as being necessary for the effectiveness  of the quality management system	7.5.1.b
08	Documented information to the extent necessary to have confidence that the processes have been carried out as planned	8.1.e
09	Documented information to the extent necessary to demonstrate conformity of products and services to requirements	8.1.e
10	Documented statement of customer requirements (or confirmation)	8.2.3
11	Documented information on results of requirements review	8.2.3
12	Documented information to confirm that design and development requirements have been met	8.3.2.g
13	Documented information resulting from the design and development process	8.3.5
14	Documented information on design and development changes	8.3.6
15	Documented information on the results of the evaluations, monitoring of the performance, and re-evaluations of the external providers	8.4.1
16	Documented information that defines the characteristics of the products and services	8.5.1.a
17	Documented information that defines the activities to be performed and the results to be achieved	8.5.1.b
18	Documented information necessary to maintain traceability	8.5.2
19	Documented information describing the results of the review of changes, the personnel authorizing the change, and any necessary actions	8.5.6
20	Documented information to provide traceability to the person(s) authorizing release of products and services for delivery to the customer	8.6
21	Documented information of actions taken on nonconforming process outputs, products and services, including on any concessions obtained and on the person or authority that made the decision regarding dealing with the nonconformity	8.7
22	Documented information as evidence of the results of monitoring and measurement activities	9.1.1
23	Documented information as evidence of the implementation of the audit program and the audit results	9.2.2.f
24	Documented information as evidence of the results of management reviews	9.3.2
25	Documented information as evidence of the nature of the nonconformities and any subsequent actions taken	10.2.2.a
26	Documented information as evidence of the results of any corrective action	10.2.2.b

7.5 Documented Information

7.5.1 General

The organization’s quality management system must include:

a) documented information required by this International Standard;

b) documented information determined by the organization as being necessary for the effectiveness of the quality management system.

NOTE: The extent of documented information for a quality management system can differ from one organization to another due to the:

a) size of organization and its type of activities, processes, products, and services;

b) complexity of processes and their interactions;

c) competence of persons.

7.5.2 Creating and Updating

When creating and updating documented information the organization must ensure appropriate:

a) identification and description (e.g., a title, date, author, or reference number);

b) format (e.g., language, software version, graphics), and media (e.g., paper, electronic);

c) review and approval for suitability and adequacy.

7.5.3 Control of Documented Information

7.5.3.1 Documented information required by the quality management system and by this International

Standard must be controlled to ensure it is:

a) available and suitable for use, where and when it is needed;

b) adequately protected (e.g., from loss of confidentiality, improper use, or loss of integrity).

7.5.3.2 For the control of documented information, the organization must address the following activities, as applicable:

a) distribution, access, retrieval, and use;

b) storage and preservation, including preservation of legibility;

c) control of changes (e.g., version control);

d) retention and disposition.

Documented information of external origin determined by the organization to be necessary for the planning and operation of the quality management system must be identified as appropriate, and controlled.

NOTE: Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.