{"version":1,"type":"rich","provider_name":"Libsyn","provider_url":"https:\/\/www.libsyn.com","height":90,"width":600,"title":"#249 How To Meet Documentation Requirements Within ISO","description":" Most ISO Standards are designed with implementation flexibility in mind. They set the framework without specifying an exact method to meet requirements, giving businesses the freedom to implement them how they see fit. One of the key requirements you can\u2019t escape, however, is documentation. This is more than a list of key documents you must have in place, it encompasses how you develop, control and store documented information. In this episode, Ian Battersby dispels common myths around documentation in ISO, explains what the requirements actually mean in practice and how you address each one relevant to documented information. You\u2019ll learn \u00b7      Common misunderstandings about documentation within ISO \u00b7      What do current ISO Standards require for Documented Information? \u00b7      How do you determine what should be documented information? \u00b7      How do modern Standards embed a flexible approach? \u00b7      What is considered \u2018documented information?\u2019 \u00b7      Breaking down clause 7.5 Documented information \u00b7      How to address clause 7.5.2 Creating and Updating documentation \u00b7      How to address 7.5.3 Control of documentation \u00b7      A cautionary tale for modern approaches to Documentation   Resources \u00b7      Isologyhub   In this episode, we talk about: [02:05] Episode Summary \u2013 Ian dives into the topic of documentation within ISO, dispelling the myths and breaking down the requirements you need to meet relevant to documented information. [02:40] Common misunderstandings about documentation within ISO: Taking ISO 9001 as the prime example, the most common misunderstanding is that you need a policy manual. This is not true. This may have stemmed from previous versions of ISO 9001 where certain mandatory procedures were required, such as: \u00b7      Control of Documents (Clause 4.2.3) \u00b7      Control of Records (Clause 4.2.4) \u00b7      Internal Audit (Clause 8.2.2) \u00b7      Control of Nonconforming Product (Clause 8.3) \u00b7      Corrective Action (Clause 8.5.2) \u00b7      Preventive Action (Clause 8.5.3) There were also mandatory records such as Management Review, calibration, supplier evaluation, design\/development reviews etc. With the introduction of the 2015 version of ISO 9001, the old terms \u2018Procedure\u2019 and \u2018Record\u2019 have changed into a single term now known as \u2018Documented Information\u2019, which breaks down those previous terms into the following: \u00b7      Documented information to be maintained \u2014 Previously what would have been a procedure (i.e., describing how something should be done) \u00b7      Documented information to be retained \u2014 Previously what would have been a record (i.e., evidence that something was done) [05:10] What do current ISO Standards require for Documented Information? The 2015 version of ISO 9001 received the following updates: \u00b7      Removed the prescriptive language associated with the old terms \u00b7      Gave organisations the flexibility to develop, control and store documented information \u00b7      No longer dictates the form that documentation must take In practice, many people still use the terms procedure and record informally, because they are well understood and conveniently descriptive. But beware using language that reinforces old-fashioned ideas about how we create management systems. This newer language aligns with modern risk-based thinking, with direct references made to this being included in the Standard. But, while that sounds prescriptive, adopting risk-based thinking has allowed a less prescriptive approach to the standards. It allows you to consider what\u2019s significant to you and so you can plan your system accordingly. [07:20] How do you determine what should be documented information? The effort you put into documenting something must be consistent with the risk If, for example, a process is important, if its outcome could be in doubt, if it\u2019s complex to control, if it could lead to damage\/harm, if there\u2019s a regulatory requirement, then you should put some effort into documenting how it\u2019s performed. But, if you maintain that documentation in response to the risk to your organisation and not in response to a prescriptive demand in standard, and if a process attracts less risk, then you can deliver it with less formality and less documentation to be maintained. The same goes for retaining documentation to evidence that you\u2019ve done what you should. In short: more risk, more documentation retained to demonstrate that you\u2019ve controlled it. [08:30] How do modern Standards embed a flexible approach? ISO Standards are deliberately flexible. The extent of documented information required depends on the size of your organisation, the complexity of your processes, your customers\u2019 needs, your regulatory environment and the competence of your people. An organisation of only 10 people will have very different needs compared to one of 10,000, and both can fully conform to the standard. It\u2019s about proportionality, not volume. [09:20] What is considered \u2018documented information? ISO standards don\u2019t care what you call the documents you maintain in order to govern how you deliver your daily work. Other than using the term process (and the process approach) to underpin how systems should interrelate, ISO 9001 doesn\u2019t specify anything else. Would you like to use the term procedure?  Or management procedure? Or SOP? Work instruction? Process map, guide, playbook, manual. Or is your activity embedded in an online system? A workflow? A board? It doesn\u2019t matter, you can call it what you want, and as long as it\u2019s controlled to the extent that it needs to be. [11:05] Breaking down clause 7.5 Documented information: ISO 9001 states: \u201c7.5.1 General: The organization\u2019s quality management system shall include: a) documented information required by this International Standard; b) documented information determined by the organization as being necessary for the effectiveness of the quality management system. NOTE The extent of documented information can differ from one organization to another due to: \u00b7      the size of organization and its type of activities, processes, products and services; \u00b7      the complexity of processes and their interactions; \u00b7      the competence of persons.\u201d This reinforces the fact that there is no \u2018one size fits all\u2019 approach. [12:15] How to address clause 7.5.2 Creating and Updating documentation: The Standard states: \u201cWhen creating and updating documented information, the organization shall ensure appropriate.\u201d Note that word, \u2018appropriate\u2019.  It doesn\u2019t indicate specifics, it indicates that you should choose certain things according to your own circumstances So the appropriate things which you should ensure are: Identification and description:(e.g. a title, date, author, or reference number) One trap many fall into, is the use of reference numbers. In most cases they are unnecessary. Only use them if they mean something or make life easier. Having reference numbers with department numbering can reinforce the silo mentality; \u2018that\u2019s their procedure, not ours\u2019, so it\u2019s best to avoid creating that situation by foregoing reference numbers if possible. What matters is that any users are able to easily verify that they have the right document, this can be done with a descriptive title, version numbers and a date for the version. Online documents may have details embedded in metadata or an information box that can make this process easier to implement.   Format and media: You\u2019ll need to consider language required for certain documentation, as international systems where there are multiple languages used by the workforce, may require additional versions. You\u2019ll also need to establish which templates or layouts to use. Look and feel will likely be important in the organisation, so you\u2019ll want to keep documents on brand. Other considerations include: \u00b7      The use of process maps, flowcharts, diagrams, tables, or written text. \u00b7      The software or application it is created in (e.g. Word, PDF, SharePoint) \u00b7      Whether the document is paper-based or electronic Review and approval for suitability and adequacy: Documented information requires appropriate review of content, this is to make sure it does what it should and that all of the above is covered. You will also need sign-off by someone with the appropriate authority, and that authority is determined based on risk related to that document. [18:00] How to address 7.5.3 Control of documentation: Let\u2019s break down each part of this clause: \u201cTo ensure that a)    it is available and suitable for use, where and when it is needed;\u201d - It must be circulated, hosted, displayed or whatever, so that those people who are required to see it, use it, know of its content can act on it. \u201cb) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).\u201d - It must be protected so that only the right people see it, so that any confidential information is not inappropriately shared, and no one can use or amend it without the appropriate authority. This is to ensure it remains in the manner it was intended and that its content can\u2019t be altered, corrupted or destroyed. \u201c7.5.3.2 For the control of documented information, the organization shall address the following activities, as applicable: a) distribution, access, retrieval and use; b) storage and preservation, including preservation of legibility; c) control of changes (e.g. version control); d) retention and disposition.\u201d This clause adds some meat to the ideas discussed already \u201ca) distribution, access, retrieval and use;\u201d \u2013 This refers to who receives a document and by what means, whether the right people can access it and know what to do with it at the time they need it, while also considering the sensitivity. \u201cb) storage and preservation, including preservation of legibility;\u201d - The physical or electronic location of storage and its usefulness over time. You\u2019ll need to ensure that physical things are safe from damage (fire, flood etc) and that electronic formats are protected from obsolescence. \u201cc) control of changes (e.g. version control)\u201d - Who is allowed to edit, authorise, publish, issue and host a document. Establish a method of ensuring only relevant, current information is accessible by the right people, and record the history of changes where necessary. \u201cd) retention and disposition.\u201d \u2013 Ask yourself: how long should documented information be kept? What\u2019s useful? What\u2019s regulatory? What does the customer want? What do you do when you don\u2019t need it any more? What do you do to prevent access to obsolete information? [22:30] A cautionary tale for modern approaches to Documentation: These days, we\u2019re seeing more and more systems relying solely on electronic documentation.  This brings big advantages, but also risks. While there are excellent methods for document control in all sorts of hosting, sharing, collaboration platforms, they still need to be managed. Too often we see systems with multiple versions of similar documents, naming disasters, obsolete versions, poor formatting, lack of authority, breaches of confidentiality, and the simple inability to find what you want! Modern systems can help with documented information, but they don\u2019t remove the need for managing documentation. We\u2019d love to hear your views and comments about the ISO Show, here\u2019s how: \u25cf     Share the ISO Show on Twitter or Linkedin \u25cf     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List ","author_name":"The ISO Show","author_url":"https:\/\/blackmoresuk.com","html":"