ReadSafety.com

ISO 9001 Questions, Answered

What documents are required by ISO 9001?

Quick answer

ISO 9001:2015 explicitly requires only a handful of documents: the QMS scope, quality policy, and quality objectives, plus retained records such as calibration evidence, competence records, design and purchasing records, production release, nonconforming output actions, audit results, management review outputs, and corrective actions. A quality manual has not been required since the 2015 edition.

Documents you must maintain (living documents)

  • Scope of the QMS (clause 4.3), including justification for any requirement you deem not applicable.
  • Quality policy (clause 5.2).
  • Quality objectives (clause 6.2).
  • Any documents you determine necessary for your processes to run effectively (clause 4.4 and 7.5). This is deliberately in your hands.

Records you must retain (evidence)

  • Fitness of monitoring and measuring resources, including calibration basis where traceability matters (7.1.5).
  • Evidence of competence (7.2).
  • Evidence that operational processes ran as planned and outputs met requirements (8.1, 8.5, 8.6), including release authorization and traceability where required.
  • Review of customer requirements, including changes (8.2).
  • Design and development inputs, controls, outputs, and changes, where design is in scope (8.3).
  • Evaluation, selection, and monitoring of external providers (8.4).
  • Control of nonconforming outputs and actions taken (8.7).
  • Monitoring and measurement results (9.1), internal audit program and results (9.2), management review outputs (9.3).
  • Nonconformities and corrective action results (10.2).
Key factThe 2015 edition replaced the terms "documents" and "records" with one phrase, documented information: maintained means kept current (documents), retained means kept as evidence (records). And no, a quality manual is not on the list; keep one only if it earns its upkeep.

The mistake to avoid in both directions

Under-documenters fail audits on missing evidence: the work happened but nobody can prove it. Over-documenters build procedure libraries no one reads, which then contradict actual practice, which is itself a nonconformity (your system must match reality). The auditor's test is simple: does the documentation you chose let your processes run consistently and prove they did. My field advice after hundreds of audits: document what a competent new hire would need to do the job right, retain what a skeptical customer would need to trust the result, and stop there.

Ready to take the next step?

USQC - United Safety Quality Council is an ASC-accredited certification body providing third-party ISO 9001 certification audits, internal and supplier audit services, and auditor training. Since 2015, USQC has automated audit planning, reporting, and decision support, cutting audit man-days that other certification bodies bill for and placing USQC pricing in the lower quartile, with highly experienced lead auditors on every audit.

Talk to USQC