top of page

Clause 7 Support

7.5 Documented Information

Clause Criteria

There are 3 sub-clauses:
Clause 7.5.1 General - The organization’s management system shall include:
a) documented information required by this document;
b) documented information determined by the organization as being necessary for the effectiveness of the management system.
Clause 7.5.2 Creating and updating documented information - When creating and updating documented information the organization shall ensure appropriate:
identification and description (e.g. a title, date, author, or reference number)
format (e.g. language, software version, graphics) and media (e.g. paper, electronic
review and approval for suitability and adequacy
Clause 7.5.3 Control of documented information:
Documented information required by the management system and by this document shall be controlled to ensure:
a) it is available and suitable for use, where and when it is needed;
b) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).
For the control of documented information, the organization shall address the following activities, as applicable:
distribution, access, retrieval and use;
storage and preservation, including preservation of legibility;
control of changes (e.g. version control);
retention and disposition documented information of external origin determined by the organization to be necessary for the planning and operation of the management system shall be identified as appropriate, and controlled.
NOTE Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.

Explanation

The intent of this clause is to provide a description of the types of information that must be created, controlled, and maintained in a management system.

This includes that which is:
required for all Management Systems Standards (as presented in clause 7.5.1 and in the respective clauses of Annex SL),
required by a particular Management Systems Standard, and
any additional information the organization determines necessary to be documented.
The phrase “documented information as evidence of ...” implies the former term “record”.
It is the responsibility of the organization to determine what documented information it needs beyond that which is required by the Management Systems Standard.
The factors it should take into account are listed in the note.
The term “documented information” refers to information that a Management Systems Standard determines is necessary to control and maintain in any format or media (see Clause 7.5.3)
Documented information is created and controlled in accordance with the requirements of Clauses 7.5.2 and 7.5.3.
The intent of Clause 7.5.2 Creating and Updating Documented Information is to specify the requirements for uniquely identifying the information, defining the format and media it will be maintained in, and for its approval.
The intent of the clause on Control of documented information is to specify the internal controls that need to be considered and implemented for information that is required to be documented.
Not all internal controls are applicable to all types of documented information. In addition to internal information that is required to be documented, information created by external parties may be required for the Management Systems Standard.
The identification and control of such information is also required.

Chief Explainer:

Phil Byrne

bottom of page