ISO 9001, ISO 14001 and ISO 45001 Documentation Requirements

Producing objective evidence is an essential factor to demonstrate compliance to one or more audit schemes. In order to comply with any management systems, you should be able to demonstrate the bare minimum of evidence that fulfills the requirements of the standard. The evidence can be documented or not. There are certain criteria that can impact the level of documentation in an organisation:

1. Legislative requirements

2. Business processes and practices

3. Management systems documented information requirements

This blog is about evidence that has to be documented in order to become comply with ISO 9001, ISO 14001, and ISO 45001. In order to comply with one or all of the referred management systems standards, you should be able to produce the following documented information. The information can be kept in any media, in form of hard or soft copy.

Within the annex of ISO 9001, ISO 14001, and ISO 45001 it is stated that the standard uses the phrase “retain documented information as evidence of…..” to mean records, and “shall be maintained as documented information” to mean documents, including procedures. Therefore it is normally evident when “documented information” relates to “records” as evidence of performed activity/process and when “documented information” relates to how to perform an activity/ process.

This blog addresses where in ISO 9001, ISO 14001, and ISO 45001 there are explicit requirements for documentation. In order to comply with the requirements of the Quality, health & safety and environmental management systems, you should be able to demonstrate the following documented evidence:

Documentation requirements for the quality management systems ISO 9001:2015

Clause

Documentation requirement

4.3
(Scope)

 

 

The scope of the organization’s quality management system shall be available and be maintained as documented information. The scope shall state the types of products and services covered and provide justification for any requirement of this International Standard that the organization determines is not applicable to the scope of its quality management system.

4.4
(Quality management system and its processes)

4.4.2 To the extent necessary, the organization shall:

a) maintain documented information to support the operation of its processes;

b) retain documented information to have confidence that the processes are being carried out as planned.

5.2.2
(Communicating the quality policy)

5.2.2   The quality policy shall:
a)           be available as documented information;

b)           be communicated, understood and applied within the organization;

c)           be available to interested parties, as appropriate;

6.2
(Quality objectives and planning to achieve them)

The organization shall maintain documented information on the quality objectives.

7.1.5.1
(Monitoring and measuring resources – General)

The organization shall retain appropriate documented information as 7f monitoring and measuring devices.

 

7.1.5.2 (Measurement traceability)

When measurement traceability is a requirement, or is considered by the organization to be an essential part of providing confidence in the validity of measurement results, measuring equipment shall be:
a) calibrated or verified, or both, at specified intervals, or prior to use, against measurement standards traceable to international or national measurement standards; when no such standards exist, the basis used for calibration or verification shall be retained as documented information;

7.2
(Competence)

The organization shall:

d)           retain appropriate documented information as evidence of competence.

7.5.1
(Documented information - General)

The organization’s quality management system shall include:

a)       documented information required by this International Standard;

b)       documented information determined by the organization as being necessary for the effectiveness of the quality management system.

NOTE The extent of documented information for a quality management system can differ from one organization to another due to:

-     the size of organization and its type of activities, processes, products and services;

-     the complexity of processes and their interactions;

the competence of persons.

8.1
(Operational planning and control)

e)     determining, maintaining and retaining documented information to the extent necessary

1)     to have confidence that the processes have been carried out as planned;

2)     to demonstrate conformity of products and services to their requirements.

8.2.3
(Review of requirements for products and services)

8.2.3.2 The organization shall retain documented information, as applicable:

a)       on the results of the review;

on any new requirements for the products and services.

8.3.2
(Design and development planning)

In determining the stages and controls for design and development, the organization shall consider:

j)         the documented information needed to demonstrate that design and development requirements have been met

8.3.3
(Design and development inputs)

The organization shall retain documented information on design and development inputs.

 

8.3.4
(Design and development control)

The organization shall apply controls to the design and development process to ensure that:

f) documented information of these activities is retained

8.3.5
(Design and development output)

The organization shall retain documented information on the design and development outputs.

8.3.6
(Design and development changes)

 

The organization shall retain documented information on:

a) design and development changes;

b) the results of reviews;

c) the authorization of the changes;

d) the actions taken to prevent adverse impacts.

8.4
(Control of external provided products and services -

8.4.1 General)

The organization shall retain documented information of the results of these activities and any necessary actions arising from the evaluations.

 

8.5.1
(Control of production and service provision)

 

Controlled conditions shall include, as applicable:

a)       the availability of documented information that defines:

1)       the characteristics of the products to be produced, the services to be provided, or the activities to be performed;

2)       the results to be achieved;

8.5.2 (Identification and traceability)

The organization shall control the unique identification of the outputs when traceability is a requirement, and shall retain the documented information necessary to enable traceability.

8.5.3
(Property belonging to customers or external providers)

When the property of a customer or external provider is lost, damaged or otherwise found to be unsuitable for use, the organization shall report this to the customer or external provider and retain documented information on what has occurred.

 

8.5.6
(Control of changes)

The organization shall retain documented information describing the results of the review of changes, the person(s) authorizing the change, and any necessary actions arising from the review.

8.6
(Release of goods and services)

The organization shall retain documented information on the release of products and services. The documented information shall include:

a)       evidence of conformity with the acceptance criteria;

b)       traceability to the person(s) authorizing the release.

8.7.2
(Control of nonconforming outputs)

 

The organization shall retain documented information that:

a)       describes the nonconformity;

b)       describes the actions taken;

c)       describes any concessions obtained;

identifies the authority deciding the action in respect of the nonconformity.

9.1
(Monitoring, measurement, analysis and evaluation -9.1.1 General)

The organization shall retain appropriate documented information as evidence of the results.

 

9.2
(Internal Audit)

 

9.2.2 The organization shall:

f)        retain documented information as evidence of the implementation of the audit programme and the audit results.

9.3.3 (Management review)

The organization shall retain documented information as evidence of the results of management reviews.

10.2 (Nonconformity and corrective action)

10.2.2 The organization shall retain documented information as evidence of:

a)       the nature of the nonconformities and any subsequent actions taken;

the results of any corrective action.

Documentation requirements for the environmental management systems ISO 14001:2015

Clause

Documentation requirement

4.3
 (Scope)

The scope shall be maintained as documented information and be available to interested parties. 

5.2
 (Policy)

The environmental policy shall be maintained as documented information.

 

6.1.1
(General)

The organization shall maintain documented information of its:

-        risks and opportunities that need to be addressed;

-        process(es) needed in 6.1.1 to 6.1.4, to the extent necessary to have confidence they are carried out as planned.

6.1.2
(Environmental aspects)

The organization shall maintain documented information of its:

-        environmental aspects and associated environmental impacts;

-        criteria used to determine its significant environmental aspects;

-        significant environmental aspects

6.1.3
(Compliance obligations)

The organization shall maintain documented information of its compliance obligations.

 

6.2.1
(Environmental objectives)

The organization shall retain documented information on the environmental objectives.

 

7.2

(Competence)

The organization shall retain appropriate documented information as evidence of competence

7.4.1
(Communication – General)

The organization shall retain documented information as evidence of its communications, as appropriate.

 

7.5.1
(Documented information – General)

The organization’s environmental management system shall include:

a)       documented information required by this International Standard;

b)       documented information determined by the organization as being necessary for the effectiveness of the environmental management system.

 

NOTE The extent of documented information for an environmental management system can differ from one organization to another due to:

-        the size of organization and its type of activities, processes, products and services;

-        the need to demonstrate fulfilment of its compliance obligations

-        the complexity of processes and their interactions;

-        the competence of persons.


8.1
(Operational planning and control)

The organization shall maintain documented information to the extent necessary to have confidence that the processes have been carried out as planned.

 

8.2
(Emergency preparedness and response)

The organization shall maintain documented information to the extent necessary to have confidence that the process(es) is (are) carried out as planned.

9.1.1
(Monitoring, measurement, analysis and evaluation – General)

The organization shall retain appropriate documented information as evidence of the monitoring, measurement, analysis and evaluation results.

 

9.1.2
(Evaluation of compliance)

The organization shall retain documented information as evidence of the compliance evaluation result(s).

 

9.2.2
(Internal audit programme)

The organization shall retain documented information as evidence of the implementation of the audit programme and the audit results.

 

9.3
(Management review)

The organization shall retain documented information as evidence of the results of management reviews.

 

10.1
(Non-conformity and corrective action)

The organization shall retain documented information as evidence of:

·       the nature of the nonconformities and any subsequent actions taken;

·       the results of any corrective action.

Documentation requirements for the occupational health and safety management systems ISO 45001:2018

Clause

Documentation requirement

4.3

The scope (the boundaries and applicability of the management system)

5.2

The OH&S policy

5.3

Organizational roles, responsibilities and authorities

6.1.1

The process(es) and actions needed to determine and address its risks and opportunities to the extent necessary to have confidence that they are carried out as planned

6.1.1-6.1.2-6.1.4

Methodology and criteria for assessing OH&S risks

6.1.2.2

Information to show applicable legal requirements and

other requirements have been considered and evidence of the

compliance evaluation results

6.1.3-9.1.2

OH&S objectives and plans to achieve them

6.2.1-6.2.2

Appropriate documented information as evidence of competence

7.2

Evidence of communication (as appropriate)

7.4.1

The process(es) and plans for responding to potential emergency situations

8.2

Evidence of: • the results of monitoring, measurement and analysis of performance evaluation; and • the maintenance, calibration or verification of measuring equipment

9.1.2

Evidence of the results of compliance evaluation

9.2.2

Evidence of the implementation of the internal audit programme and audit results

9.3

Evidence of the results of management reviews

10.2

Evidence of: • the nature of incidents or nonconformities and any subsequent actions taken; and • results of any action and corrective action, including effectiveness

 

Who We Are

LMS TRG is an Exemplar Global Recognized Training Provider for courses in Management Systems Auditing. We come together from various specialist backgrounds to produce unique online learning experiences. Our team is composed of auditors, management systems consultants and providers, with over fifteen years of experience in delivering high-level quality training. We were founded with the policy of being pioneers in fully online and smart training solutions. To learn more, click here.

 

Join The Community

Our email content is full of value, void of hype, tailored to your interests whenever possible, never pushy, and always free.

Close

50% Complete

You are almost there! 

Kindly complete the form below and confirm your email address. We will keep you updated with news, articles and promotions.