It’s a testament to just how screwed up ISO is that, some 35 years after ISO 9001 was published, readers continue to be entirely baffled by the requirements for control of documents and records. This is not rocket science, but ISO consistently fails to explain a simple thing in simple terms. Chaos ensues.
In 2015, things got much worse after ISO’s home office mandated that all standards adopt an entirely new term to replace words that humans had been using, happily and without confusion, for thousands of years. Instead of using the terms “document” or “record,” everything is now combined into a single bucket of “documented information.”
The intent was to allow readers to decide when to satisfy a requirement with a document or a record. Oversensitive Dutch people (yes, I’m blaming the Dutch) felt ISO was being too mean by telling people what to do in a standard that exists literally to tell people what to do. So they have created a “requirements” standard that features lots of vague suggestions instead and now no one knows how to satisfy any requirement.
Why Control Documents & Records?
So even though the standard came out in 1987 — and that version, itself, was based on a standard from the 1950s! — people still don’t understand document control. I blame this partially on the fact that ISO doesn’t include a justification for each clause in the standard. Other standards from publishers outside of ISO often include a rationale preceding each requirement, explaining its intent; for ISO standards, paragraphs just pop up, without any context, and thus without the reader knowing why a given thing matters. (It’s something we’re adding to the next version of Oxebridge Q001.)
What would the intent of “documented information” be, then? Because “DI” is to tackle two separate concepts which are totally not the same thing — documents vs. records — there will always be two simultaneous answers:
- The intent of having control over documents is to ensure that people within the organization have access to the latest, approved information. If people use obsolete or incorrect information, they will do their work wrong. That’s it.
- For records, the intent is to ensure that records are filled out properly and then retained so that you can go back and see what happened in the past, should you need to. Again, that simple.
The Dutch invention of “documented information” mangles this all up, so now you don’t know when you’re talking about reading something (like a document) or recording something (for a record.) Now, the entire clause 7.5 jumps, without any warning, from words describing controls that apply to documents, to those that apply to records — with that jump sometimes happening in the same sentence!
Here’s a snippet from the standard; I’ve color-coded it to illustrate the rapid changes in subject.
The real-world impact of this word salad is that readers become totally confused. For example, since the 2015 edition of ISO 9001, I am routinely asked if a user must change the revision number of a form every time it’s filled out. On its face, that idea is ludicrous; imagine every time you made an entry in your Receiving Log you had to increment the revision on the Receiving Log. By next week your form would be at revision 1,466! But as crazy as that sounds, a lot of people reading ISO 9001:2015 have no prior experience in management systems or document control, so they make crazy assumptions — because the standard leads them there. If you read 7.5, it certainly looks like ISO 9001 is saying that both documents and records must undergo “control of changes (e.g. version control)“, since they lumped everything into a single concept called “documented information.”
Wrapping Your Head Around It
To properly implement clause 7.5, you take one absolutely crucial step first, and mentally break the clause in half. You will apply one set of controls to documents, and an entirely different set of controls to records. With that done, implementing 7.5 becomes much easier.
An even better approach is to go back and read the original 1987 ISO 9001 text since it explained everything you’d need to do, and still fully complies with the 2015 language. Here’s what they required for documents in that version:
And here are the record requirements.
Simple, right? It reveals that it made no sense for Dick Hortensius and his Dutch pals to have gone in and tinkered with these clauses to the point of incomprehensibility, given we had perfectly good text over 30 years ago, that still works today.
But if you’re still confused, stay tuned. The next two articles in this series will discuss practical methods for the controls for both documents and records.
About Christopher Paris
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001 and Surviving AS9100. He reviews wines for the irreverent wine blog, Winepisser.
In his book “Understanding the New ISO Management System Requirements,” Dr. David Brewer claims that the reason for changing the terminology was for the ISO to adapt to modern technology. He and the TMB were concerned that if a company in today’s modern age used a web page, the web page could contain both records and procedures. The ISO decided to use a single item to cover both documents and records.
In my opinion, Annex SL changed the universally accepted, thirty-year-old terminology of documents and records to satisfy the very few companies that might use the internet to manage their “documented information.” The overarching principle in documentation should be to formalize what is needed to ensure that users of the documentation have a source for information and instructions that are accurate and timely, providing consistency in managing the business.
Quality, environmental, and safety records provide evidencece of conformance to a specification or requirement. Records are the cornerstone to all management systems. Retaining “documented information” as an alternate term for records is both valueless and potentially confusing to employees and management alike.
The TMB of ISO had a “justification” for using “documented information”. From my Annex SL Whitepaper;
“Documented Information” Terminology Change
Under Annex SL, a new term “documented information” was created to describe what were
formerly referred to as documents and records. As described by Annex SL, if the organization
needs to prepare information and instructions for describing what needs to be done, they are
maintaining “documented information”. This information had formerly been described in the
ISO terminology as procedures, work instructions, SOPs and forms. According to Annex SL, if
the organization needs to provide information validating performance or results, they are
retaining “documented information”, which was formerly defined as records.
The ISO/TMB Joint Technical Coordination Group in their advisory JTCG/TF4/N28,
issued 3 December 2013 JTCG – “Frequently asked questions (FAQ)” describes the need for the
new term “Documented Information” with the following answer to a FAQ:
13. Why is the term “Documented information” used instead of “Documentation” or
“The standard has been updated to reflect current technology. Data, documentation and
records are now frequently processed electronically. Therefore the new term
“documented information” has been created to describe and take account of this
situation. The term *subsumes the previous concepts of documentation, documents,
documented procedures and records.”
The Merriam Webster dictionary defines *subsume: to include or place within something larger or
more comprehensive: encompass as a subordinate or component.
The new management system
standards do not require organizations to replace their existing documents and records
terminology with “documented information”.
Annex A.1 “Structure and terminology” of ISO
“There is no requirement in this International Standard for its structure and terminology
to be applied to the documented information of an organization’s quality management.