ISO 9001:2008 identified required documents as being the quality policy, objectives, and a manual, and there were six required documented procedures. They consisted of Control of Documents (4.2.3), Control of Records (4.2.4), Internal Audit (8.2.2), Control of Nonconforming Product (8.3), and Corrective (8.5.2) and Preventive (8.5.3) Action.
At the time of writing, the ISO 9001:2015 quality management system committee draft refers to “documented information” to refer to both documents and records. The new standard at this time does not identify any documented procedures as being required, but refers to requirements for documented information. It does, however, outline “documented information” requirements such as the scope, policy, and objectives.
The ISO 14001 environmental standard and OHSAS 18001 occupational health and safety standards can be integrated into your quality management system following the generic numbering system, as outlined in the IMS manual content example.
Work instructions provide specific information on operational activities, assist personnel in performing their tasks, and give direction on quality, environment, and health and safety concerns tied to operations. Instructions may cover outlines of assembly, inspections, or even packaging instructions.
More and more companies today have use of computers at work stations, which provide visuals that help people understand requirements. This now supports the concept that a picture is worth a thousand words. Incorporated into this can be someone giving instructions on the video.
Documented procedures are helpful to inform employees about step-by-step tasks so there is no misunderstanding as to how things are to be done and by whom. This helps to avoid confusion and minimizes duplication, but only if the procedures are kept up to date.
Having documented procedures in place but not providing the adequate training or updates to employees will result in ineffective operations, which can result in nonconforming product/service, costing companies money.
Companies need to monitor and measure their processes to ensure that procedures are being followed. This is done through the internal audit process, as well as monitoring through inspections.
The ISO 9001 standard identifies the need for “evidence” related to monitoring and measuring devices, competence, review of goods and services prior to commitment to supply, relevant personnel being aware of changed requirements for amendments, supplier evaluations, external provider information, and monitoring, as well as information describing the characteristics of goods and services, traceability requirements, and authorization of release of goods and services. Another example is nonconforming goods and services. The standard states that documented information must be maintained on the nonconformity, subsequent actions, and concessions. Evidence is also needed for the implementation of the audit program and its results, the nature of nonconformities, and actions taken, with the results of corrective action and management reviews.
Document control is key to any organization, and where and how it is managed can cost a company. Later we will introduce ERP, business management software.
The development of documents can be costly; however, misfiled documents can be a company's worst nightmare. Many corporations use SharePoint, which provides document and file management with intranet portals, searches, and business intelligence. The information, however, is only as good as the setup of the filing systems and categories that can be used by employees. Searches based on keywords, if not refined, can locate hundreds or sometimes thousands of documents, if setup is not done for current and archived documents and records.
SharePoint can centralize locations for storing records and documents. Check to see where in your organization documents and records are being stored, as many companies have not only SharePoint but also databases, software programs, and other drives where individual records are kept. In some cases this information may be lost if systems go down and backup information is not part of the document management system.
The intranet portal can increase employee engagement and centralize need-to-know information.
Documented procedures need to be approved, reviewed, and kept current. Records management is so important for not only business transactions but also documented proof or evidence for compliance and reduction or mitigation of risk. Proper systems for security, retrieval, and disposal are important.
When employees leave, does the organization know where to locate documents and records that have been used by them? Are special passwords required to access these documents and is there a listing of what they are? Does the organization have a records storage plan for short- and long-term housing of records and digital information?
Many external documents and records not generated by the organization have in the past been kept in file folders in an individual's desk or filing cabinets and cannot easily be found. Does the organization have a policy for paper documents to be scanned to electronic form and maintained online?
Records management today includes access of information for not only the company but also its customers and the public, which now requires controls for confidentiality, data protection, privacy, and identity theft.
Another concern is the ability to access and read electronic records over time, as sometimes software used in creating the documents has become obsolete and new systems cannot access the information.
Around the world today, more and more disasters are occurring. Has your organization prepared a disaster recovery plan to restore critical business records and systems? The Enron/Andersen scandal brought about corporate records compliance with the US Sarbanes-Oxley Act.