What is documented information?

In the previous ISO 9001:2008 version of the International Standard, it was known as the Control of Documents and the Control of Records and was two separate clauses.

Within the superseded version of the ISO 9001:2015 International Standard, it is now formally known as Documented Information and is one clause.

 Documented Information consists of two aspects: 

• The creation and updating of documentation relating to your business’s processes or Quality Management System, i.e. Procedures, Work Instructions, Standard Operating Procedures, Forms (Templates), etc., and
• The control or filing/archiving of completed documentation (forms/templates), electronically-generated documentation derived from software operating systems, external documentation, i.e. Supplier Invoices, Customer Orders, Certificates of Compliances (COC’s), etc. It basically means that you should have an organized system in which you file or archive documented information, both manually and/or electronically (on your computer/a server/the cloud), in order for it to be readily retrievable by identifying it in a user-friendly and easily traceable manner.

So, in a nutshell, documents, apart from Procedures, Work Instructions, and Standard Operating Procedures, are forms (templates) that have not yet been completed. Records are completed forms (templates) that contain essential information.

Part of this includes documents of external origin, which basically means any statutory and regulatory requirements, i.e. Standards, Specifications, Laws, Regulations, etc. and/or customer-provided documentation such as drawings, acceptance criteria, policies/procedures, etc. that needs to be adhered to by law and/or your customers’ requirements. This needs to be controlled by ensuring the latest versions are always being used and the old revisions are removed and replaced upon the replacement of previous versions. Records must be kept of who received copies so that when a new version comes out, it can be easily determined who in the Organisation has copies of it to retrieve the old versions in order to issue the new versions.

Two other aspects of the documented information process is: 

• The archiving of records, and
• The backup of electronic data (documented information)

Records need to be archived for certain periods of time in accordance with your own requirements, your customers’ requirements, and/or by law (if medical or financial records). This also needs to be done in an organized manner in order for it to be readily retrievable by identifying it in a user-friendly and easily traceable manner. After the archive period, it must be disposed of in a suitable manner beyond recognition. 

Electronic documented information, i.e. software system-generated information, e-mails, information on computers and servers, etc. needs to be backed up at planned intervals. This can be done by the Organisation itself or Information Technology (IT) Service Providers. When done by IT Service Providers, automated back-up logs are normally sent by the Service Provider and/or the software they use to indicate that the back-ups were done successfully. However, what is extremely important here is to not assume that back-ups were done successfully although the log/s indicate that it was. It is your responsibility to establish and implement a formal process of randomly checking your back-ups physically against your actual information reflected up until the date and time indicated on the log/s received from your IT Service Provider. This can be agreed upon between yourself and your IT Service Provider in a formal Service Level Agreement (SLA) to ensure it gets double-checked by them physically instead of assuming or merely relying on the log/s. 

The above-mentioned makes reference to your Organisation’s own documentation that provides evidence of the conformity of your product or service provision. Information is key and is intellectual property that needs to be protected from any damage, deterioration, or from going missing. Without information, no argument can be won, no facts can be stated, and can prevent or hamper effective product and service provision. 

Protect your documented information! Use suitable experts like 9001 Consult to assist you in establishing and implementing an effective Documented Information Process as part of your Quality Management System!!