In part one of our ISO 9001 Requirements article, we debunked some myths surrounding the procedure for obtaining ISO certification.
In this section, we’re taking a specific look at the documentation organizations must provide to prove they are in compliance with ISO 9001 standard requirements.
Before we dive in, we want to reiterate our belief that ISO 9001 certification is worth the extra effort put in by small businesses to ensure they are performing at their highest level. When you achieve ISO certification, you often rise above your competitors, creating processes to better serve your customer and grow your business. When you approach the process with questions other than “how much does it cost to get ISO 9001 certified?” or “how long does it take to get ISO 9001 certification?” you allow yourself to focus on not only on a quick and affordable solution, but on true improvement of your whole business.
A common myth we addressed in part one was the misconception that ISO 9001 requires a lot of extra paperwork that ultimately lands in a never-again-touched binder. With the updates made to the standard in 2015, the ISO Technical Committee (ISO/TC 176) acknowledged the success organizations were having without the prescriptive directives of the standard, and removed many of the unnecessary and cumbersome documentation requirements.
What they left were guidelines to help organizations demonstrate that they have embraced and applied the world-class business practices that ISO is known for.
ISO 9001 Documentation Requirements
So, what are the ISO 9001 standard requirements for documentation? Whether your renewing your certification or obtaining certification for the first time, you’ll find that the standard allows organizations plenty of flexibility in the way they choose to document their quality management system (QMS). Each organization is able to determine for themselves the adequate amount of documented information needed to demonstrate effective planning, operation and control of their processes, and the implementation and continual improvement of the effectiveness of their QMS. The documented information is used to communicate a message, provide evidence of what was planned and what has been done, and for the general sharing of necessary business knowledge.
In preparing for the ISO 9001 audit, keep in mind that the standard does address documentation in two groups:
- Documented information required by the standard;
- Documented information determined by the organization as being necessary for the effectiveness of the quality management system.
Organizations should note that while documentation is required, piles of paper and binders of records are not. The standard allows for flexibility in medium, include paper, magnetic, electronic, or optical computer discs, photographs, and master samples. Each company is given the autonomy to determine what format is most appropriate for their organization to demonstrate processes and compliance to the standard.
The standard lays out specifics regarding documents to be maintained (plans, policies and documents that are subject to change) and documents to be retained (records that are not changed after they are released).
The documented information that organizations must maintain includes:
- The scope of the quality management system (4.3).
- Documented information necessary to support the operation of processes (4.4).
- The quality policy (5.2).
- The quality objectives (6.2).
The documented information that organizations must retain includes:
- Monitoring and measuring equipment calibration records* (184.108.40.206)
- Records of training, skills, experience, and qualifications (7.2)
- Product/service requirements review records (220.127.116.11)
- Records about design and development (8.3)
- Product and Service requirements (8.5.1)
- Records about customer property (8.5.3)
- Change control records (8.5.6)
- Record of conformity of product/service with acceptance criteria (8.6)
- Record of nonconforming outputs (8.7.2)
- Results of the quality objective data that is monitored and measured (9.1.1)
- Internal audit reports (9.2)
- Management review meeting minutes (9.3)
- Results of corrective actions (10.1)
ISO 9001 standard requirements related to documentation can seem lengthy, but, upon close review, it is likely that your organization is already maintaining and retaining these types of records. The procedure for obtaining ISO certification simply guides organizations toward consistent collection and attention to the required information.
Additionally, you will notice that procedures are not included on the required documentation list. Each organization is, again, give the autonomy to determine the best method of organizing and communicating their business conduct practices from top executives to the people who affect how the business runs on a daily basis.
For organizations that already employ standardized processes, cohesive teams, and consistently delivered desired outputs, very little will be required in regard to documentation. Newer businesses (and those new to the standard) will benefit from the close and careful examination of their business practices as they develop the documents and records needed to meet standard requirements. Consultants (like those at Core Business Solutions) can help organizations strategize and determine the minimum amount of documentation required to ensure that the full team understands their roles and responsibilities while also helping businesses use their quality management systems to achieve (and record) consistency in desired outputs.
In addition to the careful examination and documentation of required processes, the standard allows businesses to align strategic business goals with the implementation of their ISO-certified QMS. In developing the context of the organization (4.1), companies will examine their strengths, weaknesses, opportunities, and threats (SWOT) as well as the risks specific to their industry that could negatively affect their business.
Furthermore, the evaluation of employee awareness (7.3) ensures that the entire team understands the organizations Quality Policy and how they fit into the processes defined therein. Creating awareness for how each team member affects outputs and deliverables helps create buy-in and participation in the new QMS.
Ultimately, ISO 9001 certification is about business performance. When the auditor and management representatives dig into the system you have built, they want to see that the effort has been driven by your top management, is understood by your team, and is documented in a way that supports long-term growth, continuity, and success for your business. They want to see that your world-class operations are truly the way of life – not just a pile of carefully organized documents that you keep on a shelf for show and tell.
At Core Business Solutions, our goal is to help you navigate the standard and make your journey to certification simple. We’ll dig into your existing systems and help you outline a path to success with ISO 9001 certification.
Check out our Top 10 ISO Myths Video Series.