Document Control info - What is required on a controlled form/document for ISO 9001: 2015?

[GreatNate]

This probably exists in a thread somewhere, but don't have time to comb through and find it. With that being said, whats all required on a controlled form/document for ISO 9001: 2015 standards? Title, author, rev, and date?

Our company is starting to "control" our documents per the standard. I just want to know what its going to take to meet the requirements. How simple can the document number be?

Can someone be kind enough to show me some examples.

Thanks

 

[Marc]

ISO 9001 does not proscribe specifics. You would be best to learn about GDP (good documentation practices). E.g.: Read through Document Control: The Good, the Bad and the Ugly

And Document Control Features (Document Content Requirements) and 21 CFR 820.40

As @Pancho says: "As you say, there is no requirement for those specific fields in 21 CFR 820.40, nor ISO 9001. So as quality system documents typically contain them, they must assist in fulfilling other requirements in those standards.

ISO 9001 4.2.3e and c, for example, require you to determine the controls needed to identify documents, their changes and their revision status. Seems obvious that having a title, a version or revision number, and effective dates on a document are simple controls that help meet those needs. "

 

[John Broomfield]

The objective of controlling documents is to ensure valid information is available to authorized persons. Per your assessment of risk your controls may prevent use of invalid information and exclude people who are not authorized.

Normally, document controls apply only to documents that are subject to revision.

With hyperlinks your organization (and suppliers of externally controlled docs) may limit access to specific versions of electronic docs according to each user’s credentials.

 

[Tagin]

Think of this from a risk perspective: how does your organization need to control your documents to ensure that the appropriate people have access to them, prevent/minimize risk of people using outdated documents, ensure people can find the right documents when they need to, and documents are retained for as long as they are required, etc.?

Document ID numbers can be helpful in many cases, but aren't required. You might find it easy to just create and maintain a list of documents, with incrementing ID# like QMS-12345, QMS-12346, etc. Or maybe use category codes+numbers, such as MFG-12345, CAL-34567, MGT-54321, etc. to group the docs and give give people a sense of what the doc applies to. If you use MS Word or similar, create a template document that has a table in the header, with entries for title, doc ID#, revision, etc. The more you can standardize, the easier it will be.

But note that document control also applies to things like customer-supplied documents (how do you control them?, where are they stored? how is access controlled? how long must you keep them? how do you dispose of them?), and "documents" in an ERP system, like sales orders, purchase orders, etc. How are those identified and controlled?

So, document control is a pretty broad topic, covering quite a bit. The standard prompts us to have to take a risk-based approach based on our specific organization and needs. The needs of a small, single-site company is much different from a multinational conglomerate, and the document controls for a defense contractor is much different for an online store selling bird feeders, but the standard can be applied to all of them.

 

[tony s]

Can someone be kind enough to show me some examples.

Here are two examples. One is a procedure template and another is a form. Typically, procedures have the document identification codes on the header while forms have them on the footer.

 

[Tagin]

This guidance may be useful:

https://www.iso.org/iso/documented_information.pdf