ISO 9001 documentation requirements
ISO 9001 has several requirements concerning 'documented information.'
Concerning the establishment and maintenance of the quality management system:
- the scope of the organization's quality management system (4.3)
- quality system processes (4.4.2)
- quality policy (5.2.2)
- quality objectives (6.2.1)
- the documented information the organization deems necessary for the effectiveness of the quality management system (7.5)
Concerning keeping and retaining information as proof that certain activities have been carried out (registrations). These include:
- Evidence that the processes are operated as planned (4.4.2)
- Fitness for purpose of the monitoring and measurement resources (7.1.5.1)
- The basis for calibration or verification (7.1.5.2)
- Evidence of competence of the persons carrying out work under the authority of the organization affecting the performance and effectiveness of the quality management system (7.2)
- Evidence that processes have been carried out as planned /evidence that the products and services meet the requirements (8.1.e)
- Results of the assessment of requirements for products and services (8.2.3.2)
- Changes to requirements for the products and services (8.2.4)
- Evidence that the design and development requirements are met (8.3.2)
- Design and development inputs (8.3.3)
- Design and development controls (8.3.4)
- Design and development outputs (8.3.5)
- Changes related to design and development (8.3.6)
- Results of assessments of changes related to design and development (8.3.6)
- Authorization of changes related to design and development (8.3.6)
- Measures taken to avoid adverse effects of changes in design and development (8.3.6)
- Control measures applied to externally provided processes, products, and services (8.4.1)
- Characteristics of the products to be produced, the services to be provided or the activities to be performed, and the results to be achieved (8.5.1)
- Identification of outputs when traceability is a requirement (8.5.2)
- What happened if the property of a customer or third party provider was lost, damaged or otherwise considered unsuitable for use (8.5.3)
- Results of the review of changes for production or the provision of services, the person(s) authorizing the change, and any necessary actions arising from the change (8.5.6)
- Release of products and services consist of: a) proof of compliance with the acceptance criteria; b) traceability to the person(s) authorizing the release (8.6)
- Results of nonconforming material handling (8.7.2)
- The results of monitoring, measuring, analyzing and evaluating the performance and effectiveness of the quality management system (9.1.1)
- Evidence of the implementation of the audit program and audit results (9.2.2)
- Evidence of the results of the management review (9.3.3)
- Evidence of the nature of the misstatements and subsequent action taken, and evidence of the results of the corrective action. (10.2.2)
Besides, there are many other actions that the standard requires, but there is no requirement that they are controlled by documented information (unless you decide to record it yourself). As long as the actions are performed, and you can indicate how they take place, you meet the requirements of the standard.
The auditor (internally or externally) may have problems with activities for which no documented information is available to confirm that they have been carried out. That's their problem. The auditor will have to find other ways to confirm implementation.
Concerning the establishment and maintenance of the quality management system:
- the scope of the organization's quality management system (4.3)
- quality system processes (4.4.2)
- quality policy (5.2.2)
- quality objectives (6.2.1)
- the documented information the organization deems necessary for the effectiveness of the quality management system (7.5)
Concerning keeping and retaining information as proof that certain activities have been carried out (registrations). These include:
- Evidence that the processes are operated as planned (4.4.2)
- Fitness for purpose of the monitoring and measurement resources (7.1.5.1)
- The basis for calibration or verification (7.1.5.2)
- Evidence of competence of the persons carrying out work under the authority of the organization affecting the performance and effectiveness of the quality management system (7.2)
- Evidence that processes have been carried out as planned /evidence that the products and services meet the requirements (8.1.e)
- Results of the assessment of requirements for products and services (8.2.3.2)
- Changes to requirements for the products and services (8.2.4)
- Evidence that the design and development requirements are met (8.3.2)
- Design and development inputs (8.3.3)
- Design and development controls (8.3.4)
- Design and development outputs (8.3.5)
- Changes related to design and development (8.3.6)
- Results of assessments of changes related to design and development (8.3.6)
- Authorization of changes related to design and development (8.3.6)
- Measures taken to avoid adverse effects of changes in design and development (8.3.6)
- Control measures applied to externally provided processes, products, and services (8.4.1)
- Characteristics of the products to be produced, the services to be provided or the activities to be performed, and the results to be achieved (8.5.1)
- Identification of outputs when traceability is a requirement (8.5.2)
- What happened if the property of a customer or third party provider was lost, damaged or otherwise considered unsuitable for use (8.5.3)
- Results of the review of changes for production or the provision of services, the person(s) authorizing the change, and any necessary actions arising from the change (8.5.6)
- Release of products and services consist of: a) proof of compliance with the acceptance criteria; b) traceability to the person(s) authorizing the release (8.6)
- Results of nonconforming material handling (8.7.2)
- The results of monitoring, measuring, analyzing and evaluating the performance and effectiveness of the quality management system (9.1.1)
- Evidence of the implementation of the audit program and audit results (9.2.2)
- Evidence of the results of the management review (9.3.3)
- Evidence of the nature of the misstatements and subsequent action taken, and evidence of the results of the corrective action. (10.2.2)
Besides, there are many other actions that the standard requires, but there is no requirement that they are controlled by documented information (unless you decide to record it yourself). As long as the actions are performed, and you can indicate how they take place, you meet the requirements of the standard.
The auditor (internally or externally) may have problems with activities for which no documented information is available to confirm that they have been carried out. That's their problem. The auditor will have to find other ways to confirm implementation.