The new standard allows flexibility in the way organizations choose to document their QMS. The term “documented information” was introduced to replace “document, documented procedures and records needed”; however, it’s still important to distinguish between documents and records, which are very important in the aviation, space and defense industry. When the standard discusses “maintaining” documented information, it is referring to procedures and documents. When it mentions “retain” documented information it refers to a form, form record or data.
Documented information must be retained by an organization for the purpose of providing evidence of results achieved (records). The new standard enables each individual organization to determine the correct amount of documented information needed in order to demonstrate the effective planning, operation, and control of its processes and the implementation and continual improvement of the effectiveness of its QMS.
An organization’s need for, and the extent and type of, documented information will vary greatly due to the context of the organization, its size, culture, nature of products and services, applicable statutory and regulatory requirements, customer requirements regarding the risks on products, etc. Although the new standard does not specifically require any of these, here are some examples of documents that can add value to a QMS:
- Organization Charts
- Process maps, flow charts, and descriptions
- Work and/or test instructions
- Documents containing internal communications
- Production schedules
- Approved supplier lists
- Test and inspection plans
- Quality plans
- Quality manuals
- Strategic plans
Documented information is the basis of the objective evidence presented during an audit or assessment of an organization to show that effective means are in place and compliance to the standard can be determined. Many organizations choose to manage all or most of its documented information in electronic formats. This is acceptable, but certain provisions have to be taken and shown to be effective. Such provisions include loss prevention (i.e. back-ups and data recovery), demonstration that the organization’s personnel can readily access the documented information necessary to perform their tasks and understand the processes they execute, and change control assurance that ensures documentation is effectively communicated.
While the change to the term documented information is new to the standard, there is no change to the expectations of the documentation needed for the quality management system definition. As well, there is no change to the objective evidence required for proof that all activities were carried out as required per the requirements of the standard, the process or the product being delivered to the customer.
Coming up next week:
Stay tuned for the next blog in our AS9100D series on Operational Risk Management.
If you missed the blog from last week on Risk-Based Thinking, click here.