Understanding The New Requirement 'Control of Documented Information' (7.5.3 in 9001:2015)

​The new ISO 9001:2015 has introduced updated management system standards that override the requirements presented in its predecessor, ISO 9001:2008. In particular, the original standards identified in ISO 9001:2008 under 4.2.3 Control of Documents and 4.2.4 Control of records have been overridden by the new standards in the 2015 version under 7.5.3 Control of documented information.
 
As part of the alignment with other management system standards a common clause on ‘Documented Information’ has been adopted. The terms “documented procedure” and “record” have both been replaced throughout the requirements text by “documented information”. Where ISO 9001:2008 would have referred to documented procedures (e.g. to define, control or support a process) this is now expressed as a requirement to maintain documented information. Where ISO 9001:2008 would have referred to records, this is now expressed as a requirement to retain documented information.
 
To better understand the changes presented in section 7.5.3 over the previous standards outlined in 2008, it is important to identify the difference between Documents and Records:

• A document is information used to support an effective and efficient organizational operation. A document consists of any information you use to run your company.
• A record is evidence about a past event.  Records consist of any data you collect during the operation of your business QMS. Records are facts and should not change. If new facts arise that contradict the old facts (an error), then you should strike through the old fact and record the new fact.

 
ISO 9001:2015 outlines the Control of Documented information in section 7.5.3 and is broken down into two separate requirements:
7.5.3.1 Documented information required by the quality management system and by this International Standard shall be controlled to ensure:
a) it is available and suitable for use, where and when it is needed;
b) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).
 
7.5.3.2 For the control of documented information, the organization shall address the following activities, as applicable:
a) distribution, access, retrieval and use;
b) storage and preservation, including preservation of legibility;
c) control of changes (e.g. version control);
d) retention and disposition.
 
With the new standard structure in place, don't get confused by this "new requirement" as it really isn't new.  We used to have "documents" and "records" and now we "maintain" (i.e document)  and "retain" (i.e. record) documented information. 

---