Control of Documents and Records – Variable Interpretations

Control of documents and records is a phrase that was popularized by ISO.

Document control is core to ISO 9001, and is common to the other management standards.

ISO 9001:2015 –

“Documented information required by the quality management system and by this International Standard shall be controlled”

ISO 9001:2008

Control of documents and records is one of the six procedures that one must document in ISO 9001:2008.

The phrase has been interpreted and misinterpreted by a lot of people who are into ISO 9001 certification.  Even ISO realizes this situation that it tries to remedy and come out with new terms: documented information instead of documents and records and control of documented information instead of documents and records is now seen in the 2015 edition.  It also tries to explain what control activities consist of.

A lot of people, hospital staff and hospital directors included, interpreted “control” to mean a staff cannot show any documents to the public or share them to the public or outsider whatsoever.  They think all hospital documents and records are restricted or confidential, even operation forms and manual of procedures, etc.  This is an example of misinterpretation.

Control in laymen’s meaning is the mechanism (policies and procedures) installed and instituted to guide or regulate the operation of a management system, here, the information management system.

Controlling the documentation materials or documents and records means there are measures to:
  • Ensure adequacy and suitability for use.
  • Protect from loss and destruction.
  • Secure from unauthorized usage.
  • Maintain confidentiality when prescribed as confidential documented information.
  • Actively use the documented information for their established purposes.
  • Ensure easy access and easy retrieval when documented information are needed.
  • Ensure legibility of documented information.
  • Ensure up-to-dateness of documented information.
  • Dispose documented information not to be used anymore.
  • Archive documented information as indicated.

Below are statements from ISO 9001: 2015 on Control of Documented Information:

7.5.3 Control of documented information

7.5.3.1 Documented information required by the quality management system and by this International Standard shall be controlled to ensure:
a) it is available and suitable for use, where and when it is needed;
b) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).

7.5.3.2 For the control of documented information, the organization shall address the following activities, as applicable:
a) distribution, access, retrieval and use;
b) storage and preservation, including preservation of legibility;
c) control of changes (e.g. version control);
d) retention and disposition.

With regards to the misinterpretation mentioned above, “staff cannot show any documents to the public or share them to the public or outsider whatsoever” and “all hospital documents and records are restricted or confidential, even operation forms and manual of procedures, etc.” – it is true that there are certain documents and records in the hospital that are considered restricted or confidential.   These restricted documents and records usually consist of financial documents and records, strategic plan documents and records, minutes of meetings, and patient medical records.  The hospital should declare to its staff which documents and records are to be considered restricted.  These restricted documents and records should be “adequately protected” (7.5.3.1b) and secured from unauthorized usage.

Manuals of governance and operations and forms used for operations (not records yet) which are usually included in the manuals of governance and operations should not be considered restricted documents.  First, they are supposed to be publicized not only to the internal staff or stakeholders (to guide them on what has to be done as well as to facilitate knowledge management system) but also to the pubic (to guide them what are supposed to be done by staff of the hospital and to promote transparency and patient experience).  Second, the ISO 9001:2015 stipulates that they should be always available for use, where and when they are needed (7.5.3.1a).  These manuals of governance and operations should not be stored as restricted information. In fact, they are openly publicized even on the Internet particularly to promote transparency and patient experience.  It is important to note though that these publicized manuals of governance and operations should be suitable for use (7.5.3.1a), particularly on up-to-dateness.


Below are more notes from me in the setting of a medical center:

ROJoson’s Notes on Documented Information and Control of Documented Information in a Medical Center Setting:

The term “documented Information” of ISO 9001:2015 refers to all data and information used by the medical center in or for planning, deployment, implementation, evaluation, review and improvement purposes and which should be “documented” or “recorded” in whatever media and which will be used as references or guides for actions as well as evidences of accomplishment.

Document information requirements refers to all documentation requirements in the medical center.The safest approach to comply with the documented information requirements is to document everything being done in planning, implementation, review and improvement and then control the documentation materials.

Controlling the documentation materials means there are measures to:

  • Ensure adequacy and suitability for use.
  • Protect from loss and destruction.
  • Secure from unauthorized usage.
  • Maintain confidentiality when prescribed as confidential documented information.
  • Actively use the documented information for their established purposes.
  • Ensure easy access and easy retrieval when documented information are needed.
  • Ensure legibility of documented information.
  • Ensure up-to-dateness of documented information.
  • Dispose documented information not to be used anymore.
  • Archive documented information as indicated.

Documentation, quality manual, documented procedures, records  (2008) = Documented information (2015) – ROJoson’s Notes



Below are lifted from ISO 9001:2015:

9001:2015 Edition on Documented Information

7.5 Documented information

7.5.1 General

The organization’s quality management system shall include:
a) documented information required by this International Standard;
b) documented information determined by the organization as being necessary for the effectiveness of the quality management system.

NOTE The extent of documented information for a quality management system can differ from one organization to another due to:
— the size of organization and its type of activities, processes, products and services;
— the complexity of processes and their interactions;
— the competence of persons.

7.5.2 Creating and updating
When creating and updating documented information, the organization shall ensure appropriate:
a) identification and description (e.g. a title, date, author, or reference number);
b) format (e.g. language, software version, graphics) and media (e.g. paper, electronic);
c) review and approval for suitability and adequacy.

7.5.3 Control of documented information

7.5.3.1 Documented information required by the quality management system and by this International Standard shall be controlled to ensure:
a) it is available and suitable for use, where and when it is needed;
b) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).

7.5.3.2 For the control of documented information, the organization shall address the following activities, as applicable:
a) distribution, access, retrieval and use;
b) storage and preservation, including preservation of legibility;
c) control of changes (e.g. version control);
d) retention and disposition.

Documented information of external origin determined by the organization to be necessary for the planning and operation of the quality management system shall be identified as appropriate, and be controlled.

Documented information retained as evidence of conformity shall be protected from unintended alterations.

NOTE Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.




Clarification of new structure, terminology and concepts (ISO 2008 – ISO 2015)

There is no requirement in this International Standard for its structure and terminology to be applied to the documented information of an organization’s quality management system.

The structure of clauses is intended to provide a coherent presentation of requirements, rather than a model for documenting an organization’s policies, objectives and processes. The structure and content of documented information related to a quality management system can often be more relevant to its users if it relates to both the processes operated by the organization and information maintained for other purposes.

There is no requirement for the terms used by an organization to be replaced by the terms used in this International Standard to specify quality management system requirements. Organizations can choose to use terms which suit their operations (e.g. using “records”, “documentation” or “protocols” rather than “documented information”; or “supplier”, “partner” or “vendor” rather than “external provider”).

Documentation, quality manual, documented procedures, records  (2008) = Documented information (2015) – ROJoson’s Notes

A.6 Documented information

As part of the alignment with other management system standards, a common clause on “documented information” has been adopted without significant change or addition (see 7.5). Where appropriate, text elsewhere in this International Standard has been aligned with its requirements. Consequently, “documented information” is used for all document requirements.

Where ISO 9001:2008 used specific terminology such as “document” or “documented procedures”, “quality manual” or “quality plan”, this edition of this International Standard defines requirements to “maintain documented information”.

Where ISO 9001:2008 used the term “records” to denote documents needed to provide evidence of conformity with requirements, this is now expressed as a requirement to “retain documented information”. The organization is responsible for determining what documented information needs to be retained, the period of time for which it is to be retained and the media to be used for its retention.

A requirement to “maintain” documented information does not exclude the possibility that the organization might also need to “retain” that same documented information for a particular purpose, e.g. to retain previous versions of it.

Where this International Standard refers to “information” rather than “documented information” (e.g. in 4.1: “The organization shall monitor and review the information about these external and internal issues”), there is no requirement that this information is to be documented. In such situations, the organization can decide whether or not it is necessary or appropriate to maintain documented information.


 ROJ@17nov5

Advertisements
This entry was posted in Documents, Records and Documented Information. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s