ISO 9001 DocumentsWhat documented information the standard requires
ISO 9001:2015 uses the term "documented information" to cover everything from policies and procedures through to completed records and evidence. Understanding what the standard requires, and the difference between documents and records, is essential for certification readiness.
ISO 9001:2015
What Is Documented Information?
ISO 9001:2015 replaced the earlier concept of 'documents and records' with the single term 'documented information.' This covers any information an organisation is required to control and maintain, in any format or media.
The standard distinguishes between documented information that must be maintained (living documents describing how things should be done) and documented information that must be retained (completed records proving what was done).
- Policies.
- Statements of intent that set direction and commitment. The Quality Policy is an explicit requirement under Clause 5.2.
- Procedures and work instructions.
- Defined methods for key processes that ensure work is performed consistently. ISO 9001 does not prescribe a specific set of procedures, only those necessary for effective QMS operation.
- Forms and templates.
- Structured tools for capturing data consistently. Blank forms are documents; completed forms become records.
- Records.
- Completed evidence of what happened: training logs, inspection results, audit reports, management review minutes, corrective action records. Records cannot be altered and must be retained for defined periods.
Required by the Standard
Mandatory Documents and Records Under ISO 9001:2015
While ISO 9001:2015 does not mandate a fixed list of procedures, these documents and records are explicitly required by the standard. Certification auditors will expect to see each of them.
- Scope of the QMS
The boundaries and applicability of the QMS must be documented. This defines what products, services, and locations the certificate covers. Required by Clause 4.3.
- Quality Policy and objectives
The Quality Policy must be documented, communicated, and available to interested parties. Quality objectives must be documented, measurable, and monitored. Clauses 5.2 and 6.2.
- Risk and opportunity register
Organisations must determine risks and opportunities that could affect the QMS and plan actions to address them. The basis for risk-based thinking under Clause 6.1.
- Competence and training records
Evidence that personnel performing work affecting quality are competent. Includes qualifications, experience, and training records. Clause 7.2.
- Internal audit programme and reports
The audit programme, audit criteria, scope, frequency, and results must all be documented. Findings and any corrective actions must be retained. Clause 9.2.
- Management review records
Minutes or records demonstrating that top management has reviewed QMS performance and made decisions about improvement. Required by Clause 9.3.
Clause 7.5
Document Control: What ISO 9001 Requires
ISO 9001 requires documented information to be controlled. This does not mean bureaucratic complexity. It means ensuring that the right information is available, current, protected, and accessible to the people who need it.
- Approved before use.
- Documents must be reviewed and approved for suitability before being issued. This ensures accuracy and prevents unauthorised or draft versions entering use.
- Current and under version control.
- Documents must be kept up to date. Version numbers, revision dates, and change history help organisations and auditors identify the current version and understand what changed.
- Available where needed.
- Documented information must be available at the point of use. People cannot follow procedures they cannot access.
- Protected from unintended changes.
- Controls must prevent unauthorised alteration of documents or loss of records. This applies equally to paper and digital systems.
Documentation Guidance
Common Questions About ISO 9001 Documentation
Answers to the documentation questions that come up most often before and during certification audits.
Ready for Your ISO 9001 Certification Audit?
MSCGlobal's Stage 1 audit reviews your documented information and confirms readiness before the on-site assessment. Our auditors provide clear findings so you know exactly what is expected.
Ready to get certified? Start your compliance journey today.
Get expert guidance through ISO certification with our proven process. Fast, transparent, and hassle-free. Let's make compliance simple.