The basic requirements of ISO 9000:2000 in terms of document control?


Andy Bassett

I was asked to give a plain English summary of the ISO 9000:2000 documentation guidelines. So here it is, i would be very happy if anybody has time to read it and make any comments before i ship it.



What are the basic requirements of ISO 9000:2000 in terms of document control?

First of all what can be defined as a Document and what can be defined as a Record?

My own definition of a document is something (in paper or electronic format) that has the possibility to influence the quality of the product. The obvious item is of course a drawing, or maybe a Job Card, but in fact it could include many other items such as the Customers Orders, any changes to the customers orders, Delivery Notes etc. Also included in this area are documents related to the Quality Management System ie Procedures and Work Instructions etc. This may seem like hard-work to some companies whose QMS describes just the outline of the processes, and any possible influence on the product quality is hard to see, but it cannot be escaped.

My own definition of a record is something (in paper or electronic format) that shows the result of a product inspection. The obvious item is an Inspection Report, but there are many other possibilities, including Test Reports, Analysis Reports etc,

It was once explained to me that essentially a blank cheque could be classed as a Document, whilst a filled-out cheque would be a Record.

Section 5.6.6a asks that documents are 'approved for adequacy prior to release'
This suggests some sort of checking or controlling system ie some qualified person must be saying; Yes, the content of this document is correct. It does not always have to be a second person, it could also be the creator, it depends on the competence of the person checking and how complex the product is.
The proof that this has happened is normally a signature on the document, but it could also be some form of electronic approval. A good system here is too create 'controlled folders' on the server which means that only a specified person can enter documents into the folder, hence any documents appearing in this folder must have been approved by the specified person.

5.6.6b asks that 'documents are reviewed, updated as necessary and re-approved'. Quite what they want here is not clear, if they are simply asking that when documents are updated, this should somehow be seen on the document, and that any changed documents go through the same checking procedure, then this is no big problem.
It really is good practise to show on nearly all of your company documentation the revision/issue level ie 'this document has been revised twice and is now at level 3, or revision C'. What can happen is that a drawing is quickly changed without noting the issue level and no one knows if they are working with the correct drawing or not.
Re-approving the document means that either the new issue has to collect a new signature, or the new document should reappear in the 'controlled folder'.
The problem I have here is with the word Review. Are they suggesting that documents should somehow be periodically reviewed. If they are (and some auditors will) you don’t have much choice except assigning somebody the responsibility of going through the documents at a regular interval and pulling out the unused/irrelevant documents.
I try to avoid this because it is a discipline thing (and therefore difficult). In each 'protected folder' I create an area for 'old/unused documents', the idea being that the specified person throws into this area the changed or old documents.

5.6.6c requires that 'relevant versions of the documents are available at locations where activities essential to the effective functioning of the QMS are performed'.
This in theory is relatively simple, all the more so if you have a computer network, in this case you just simply set-up an area on the server where all the documents are and inform your staff where to find them.
If you are working with hardcopies life is a little more difficult, you have to define where the hardcopies should be, and in all probability make sure that they are kept in these areas and no-where else.

5.6.6d You have to ensure that 'obsolete documents are removed from all points of issue, or otherwise controlled to prevent unintended use'. Again no problem if you are using a computer system, simply put the new documents into the relevant folder, and put the old ones into the 'old/unused' folder. If you are using hardcopies somebody will probably have to physically remove the old copies and insert the new ones, again this can be a discipline problem.

5.6.6e It is requested that 'any obsolete documents retained for legal or knowledge-preservation purposes are suitably identified'. If you are using a computer system simply ensure that obsolete documents are moved into a folder marked 'obsolete documents'. If you are using hardcopies you will need to ensure that the obsolete documents are marked in some way and filed in a 'Obsolete Folder'.

And here is the clincher; A master list or an equivalent document control procedure, identifying the current revision status of documents, shall be established and be readily available to preclude the use of invalid or obsolete documents.
Most companies here rush to create a 'Document Matrix' that lists all the documents, their revision status and much other information like the creator and creation date etc. If you are working with hardcopies creating a 'Document Matrix' is unavoidable, if you are working with a computer system it should be possible to argue that your folder shows clearly which documents are the latest status (and much other information besides; the 'properties' will give you for example creator and creation date).
If you are unlucky your auditor will ask how you know where your external documents are (Delivery Notes, Customer Orders, if you are very unlucky also Supplier Catalogues etc) As these are not in your computer system it is hard to avoid the fact that you might have to invest time to create a 'Document Matrix', albeit a simplified one.

The problem with a Document Matrix is that it is never read by company personnel, and only ever updated the day before the audit.

Lastly it is requested 'that documents shall be legible, readily identifiable and retrievable. Applicable documents of external origin shall be identified and recorded'.
There is not a lot that can said to that, it stands to reason that documents should be legible. It is not clear what their expectations are in terms of identifying and recording external documents. It is however very likely that most auditors will be satisfied if these documents appear in a document matrix.



Only a sugg. regarding the doc. matrix. We can easily do this using Excel or Access and using links to made an automatic update of the revision. (no need to make it the night before audit - hehe).

And I think this is one of the most comprehensive explanation regarding this particular point.

Smile...tomorrow will be worse

Phil Saunders

Document: information and its support medium.

Record: a document stating results achieved or providing evidence of activities performed.

[This message has been edited by Phil Saunders (edited 01 July 2000).]


Good summary.

One suggestion on the cheque example.
The blank check is a form, The filled out check is a document (it tells the band clerk what to do and is properly approved with a signature and date).

The cancelled check is the record (it is proof that the operation took place).

To carry it one step further, the statement is a report not a record (only one record of each transaction) and doesn't have to be controlled.

Top Bottom