AISC Group

  • + 2034283549
Facebook Twitter Youtube Linkedin
Menu
b1
Home
Knowledge
ISO Documents
ISO Documents

ISO Documented Information

Do not be put off by a large number of procedures in ISO 9001, not all of them will be relevant to your company and not all of them are mandatory. The 2015 standard is much more flexible around the documentation requirements. We discuss the types of documents outlined in the standard, and which are mandatory in order for your organization to become certified.

The documented information required for ISO 9001 can be split into two types:

Documents: these include policies or objectives that you have set that can be amended later.

Records: these are evidence of the results achieved. Records should not be changed or revised, as they are proof of an outcome.

There is mandatory documented information that you need to produce to become ISO 9001:2015 certified. These include:

  1. Scope of the Quality Management System (clause 4.3)
  2. Quality policy (clause 5.2.2)
  3. Quality objectives and how these will be achieved (clause 6.2)
  4. The mandatory records needed for ISO 9001 include:
  5. Monitoring and measuring resources (7.1.5.1)
  6. Monitoring and measuring equipment calibration records* (clause 7.1.5.2)
  7. Records of competency in staff (clause 7.2)
  8. Product/service requirements review records (clause 8.2.3.2)
  9. Design and development inputs record (clause 8.3.3)
  10. Records of design and development controls (clause 8.3.4)
  11. Records of design and development outputs(clause 8.3.5)
  12. Record of design and development changes (clause 8.3.6)
  13. Criteria for evaluation and selection of suppliers (clause 8.4.1)
  14. Characteristics of product or service to be provided (clause 8.5.1)
  15. Identification and Traceability records (8.5.2)
  16. Records about customer property including any changes (clause 8.5.3)
  17. Production/service provision change control records (clause 8.5.6)
  18. Release of products and services (clause 8.6)
  19. Control of nonconforming outputs (clause 8.7.2)
  20. Monitoring and measurement results (clause 9.1.1)
  21. Internal Audit results (9.2.2)
  22. Results of the management review (clause 9.3.3)
  23. Results of corrective actions including opportunities for improvement (clause 10.2.2)

These are the mandatory clauses that you need to provide documents and reports in order to become ISO 9001 certified. Your documents and records will take a variety of forms, such as spreadsheets, diagrams, videos, and written content. ISO 9001 requires you have some system in place that controls your documents. Note that retention policies will need to be in place establishing the length of time that records will keep.

ISO 14001 standard BASIC OVERVIEW

Many companies go overboard with documentation in the belief that they need to document every single process that is in place in their organization, without realizing that this is not necessary to meet the requirements of the ISO 14001 standard. In the standard there are several mandatory processes, but

These are not required to be documented procedures. The standard also identifies many records that need to be maintained, which are generated by the processes of the environmental management system.

Below is discussed which documents and records are mandatory, and which are optional.

Which documents and records are required?

Mandatory Documents ISO 14001:2015 Clause
  1. Scope of the Environmental Management System 4.3
  2. Environmental Policy 5.2
  3. Risk and Opportunities to be addressed and Processes needed 6.1.1
  4. Criteria for Evaluation of Significant Environmental Aspects 6.1.2
  5. Significant Environmental Aspects 6.1.2
  6. Compliance Obligations Document 6.1.3
  7. Environmental Objectives and Plans for Achieving Them 6.2
  8. Operational Control 8.1
  9. Emergency Preparedness and Response 8.2
Mandatory Records ISO 14001:2015
  1. Clause Records of Training, Skills, Experience, and Qualifications 7.2 
  2. Evidence of Communication 7.4 
  3. Monitoring Performance Information 9.1.1 
  4. Calibration Records for Monitoring & Measurement Equipment 9.1.1 
  5. Evidence of the Compliance Evaluation Result(s) 9.1.2 
  6. Internal Audit Program and Results 9.2.2 
  7. Management Review Results in 9.3 
  8. Nonconformities and Corrective Action 10.2 

These are the documents and records that are required to be maintained for the ISO 14001 environmental management system, but you should also maintain any other records that you have identified as necessary to ensure your management system can function, be maintained, and improve over time.

Commonly used non-mandatory documents Non-Mandatory Procedures
  1. ISO 14001 Clause Determining Context of the Organization and Interested Parties 4.1, 4.2
  2. Identification and Evaluation of Environmental Aspects and Risks 6.1.1, 6.1.2 Competence,
  3. Training and Awareness 7.2, 7.3
  4. Evidence on EMS Communication 7.4
  5. Control of Documents and Records 7.5
  6. Monitoring & Measurement 9.1.1
  7. Evaluation of Compliance (Legal & Other Requirements) 9.1.2
  8. Internal Audit 9.2
  9. Management review 9.3
  10. Nonconformity and Corrective Action 10.2

While ISO 14001 does not require that you document all of the procedures, several processes are mandatory to have in place in order to create the required records outlined in the first section. Remember these processes and procedures are not required to document;

However, many companies choose to do so. One rule of thumb when deciding if you want to document a process is this: if your organization needs a written document to ensure consistency between employees, then you should document it. In many cases, this is the best way to ensure that your environmental management system is reliably implemented.

What Documented Information ISO 45001 Requires

ISO 45001 allows flexibility in how what, and when to document a health and safety management process element. This is not only to accommodate more modern forms of communication such as video, audio, and other electronic records but to allow an organization the flexibility to re-use appropriate information, maintain current versions easier, provide broader access/distribution, and reduce costs associated with documentation.

The Changed Nature of ISO Documentation

The ISO 45001 standard has removed the distinction between documents and records. Both are now called documented information.

  • As defined in the terms and definition section 24, “documented information” is the information required to control and maintain by an organization and the medium on which it is contained.
  • It, therefore, expects that you also maintain and control the medium as well as the information.
  • This “documented information”, documents and records used as evidence of conformance.
Having It Your Way (Sort of)

ISO 45001 essentially allows the organization to tailor the completeness or complexity of documentation to its own situation, as long as it still achieves its overall objectives. As noted in the standard, “documented information” can be required:

  1. When information needs to be disseminated or shared.
  2. To prove and retain that proof, that a process has been completed and if intended results were achieved.
  3. To retain knowledge relevant to the organization, including:
  • Processes
  • Specifications/Revisions
  • Goals/Expectations
  • Monitoring/Measurements
  • Analysis/Reviews/Evaluations /Validations
  • Terminology
  • Decisions Made
  • Negotiations
  • Notifications
  • Authorizations
  • Actions taken
  • Assets/Inventories/Property Management
  • Position Descriptions/Qualifications…etc.

So What Is Required?

According to ISO 45001 clause 7.5.1, requires that:
  • The OH&S management system includes the documented information required by the standard and documented information determined to be necessary for an effective OH&S management system.
  •  The extent of documented information created and updated will vary from one organization to another and will depend on the size, type of processes, products, and services.
Guidelines on what to document can include:
  • Documenting critical portions of the OH&S management system, such as its scope, key operational processes, policies, and objectives
  • Documenting important, but perhaps less critical information that supports the OH&S such as process flow charts, specific health and safety, and operational procedures, schedules, information collection approaches, such as record-keeping forms, surveys) business plans, etc.
According to ISO 45001 clause 7.5.3, requires that:
  •  Documented information required by the OH&S management system and the standard controlled to ensure that it is available and suitable for use when and where it is needed, and it is properly protected from loss of integrity or improper use.
Will an OH&S Manual be required?

The short answer is that under ISO 45001 an OH&S manual will not be mandatory. The ISO/DIS 45001 standard does not specify requiring a formal OH&S manual. However, a document that can be named a manual can still satisfy the requirement for documented information concerning:

  •  Your OH&S policy and objectives
  •  The scope of the OH&S
  • Information to support related health and safety activities and processes

In many cases, the information required by the OH&S will still be most convenient and accessible if collected, published, and maintained through a traditional manual format.

Document Maintenance / Retention

As noted in section 7.5, the standard still applies traditional rigor in updating, protecting, and retaining documents for information that has been deemed a critical part of the OH&S (and other related management systems, such as OHSAS 18001). In ISO 45001, there are many clauses that specifically call for documented information.

Required Documented Information
  1. The scope of OH&S available as documented information4.3
  2. The OH&S policy available as documented information5.2
  3. The responsibilities, accountabilities, and authorities for relevant roles maintained as documented information5.3
  4. Maintain documented information of the OH&S risks and OH&S opportunities and the processes needed to address risks and opportunities6.1.1
  5. The methodologies and criteria for assessing OH&S risks are defined, maintained, and retained as documented information6.1.2.2
  6. 6.1.3Information on applicable legal and other requirements are maintained, retained, and updated as documented information 6.2.2 The OH&S objectives and plans to achieve them are maintained and retained as documented information.
  7. Documented information retained as evidence of competence of workers7.2
  8. Relevant OH&S communications are received and maintained as documented information7.4
  9. Documented information to provide confidence that processes have been carried out as planned and determining where the absence of documented information could lead to deviations from the OH&S policy and the OH&S objectives kept 8.1.1
  10. Information on the process and on the plans for responding to potential emergency situations are maintained and retained as documented information8.6
  11. Evidence of the monitoring, measurement, analysis, and evaluation results retained as documented information 9.1.1 
  12. Results of the compliance evaluation retained as documented information 9.1.2
  13. Evidence of the implementation of the audit program and the audit results retained as documented information 12.2.2
  14. Evidence of the results of management reviews retained as documented information 12.3
  15. Evidence of the nature of incidents or nonconformities and actions taken with results and effectiveness of correction is retained as documented information and communicated to relevant workers other relevant interested parties 10.1 
  16. Evidence of the results of continual improvement efforts retained as documented information 15.2.2 

While ISO 45001 documentation requirements are less restrictive than in previous standards such as with OHSAS 18001:2007 (for 4.4.5 control of documents, and for 4.5.4 control of records), there are still specific instances where documented information must be recorded and retained by the organization as evidence of achieved results as noted above.

What Is Most Important

Whether the organization has existing OH&S or is just starting with the new ISO 45001, the key is to let the processes that are used determine the documentation requirements.

If the documentation that exists can show to support the OH&S processes effectively, then it can and should continue to use. If not, then the appropriate level of effort to transform or re-purpose that documentation into the proper function should be applied.

This flexibility does not relieve the organization able to prove that it is meeting its OH&S management goals. As noted above, the standard has many instances where it calls for specific evidence of conformity. Documentation must accordingly be accurate, objective, and current in this regard, and in practice, must stand up to the scrutiny that a properly executed external audit will demand.

Please note that certain text from the ISO 45001 standard is only used for instructional purposes. Standard Stores recognizes and respects the International Organization for Standardization (ISO).