Clause 7.5 Document Control
In an ISO Management System, when does a document have to be controlled per the requirements of 7.5?
The standards say when the document is “necessary” or is “required documented information” per the ISO Management Standard.
“Necessary” documents are defined as those documents necessary to ensure the processes and services are controlled. In a quality management system, this might be the purchase order as it is necessary evidence of the agreement made with the supplier.
In a safety management system, this might be instructions on how to safely perform a service.
In an environmental management system, this could be the process map for managing hazardous waste.
Each system’s needs will determine the necessary documentation. Another clue to what is “necessary” is to look at what is used as operational controls in the risk table. If a document is used as an operational control in either the ISO 9001, ISO 14001, or ISO 45001 system, it is necessary and must be controlled.
My simple, sustainable, explanation is, “if someone stole it and you wouldn’t miss it, it doesn’t have to be controlled”. (Ironically, this describes most Manuals for ISO Management Systems.)
This also means that if a document could be stolen and you do not miss it, it is not adding value and is not “necessary”. This means your system is not simple. It is complicated.
Contact us to review your documentation and let us help you determine what must be controlled. Let us help you create a simple, sustainable system that is used to drive continual improvement.
Go to https://www.ce-q.com/ to get a copy, for free, of “Required Documented Information” for ISO 9001, ISO 14001, ISO 45001, ISO 22000, ISO 13485 and others.
Other free documents are available including Corrective Action Form and Management Review. CETC helps you create simple, sustainable, continually improving management systems that work.
Author: Debra Hampton