Control of Documented Information Procedure

ISO 45001 requires that Documented Information be Controlled (7.5.3)

A control system ensures that users have the most current information to do their job, that any changes are controlled and authorized, and that they are stored in a logical way for easy recall.

Determining which of the documents you need to control isn’t always that easy. A good rule of thumb is: If the documented process/record/etc. was not up to date, could it keep you from meeting your OH&S requirements?

Because ISO 45000 requires the control of documented information, organizations must control, maintain and retain this information better than they normally would. The primary concerns are business objectives, statutory and regulatory requirements, and OH&S system requirements.

Documents (paper, electronic, or otherwise) are everywhere, from the structure of your processes to the recordkeeping forms. The ISO 45001 standard requires an organization to control documented information relevant to its OH&S. It has removed the distinction between documents and records, and both are now called documented information.

You will need to set up access/permissions and protect them based on a hierarchy of who can read them, who can revise them, and the appropriate distribution. This includes many external documents like Engineering change notices and permissible deviations.

The 45001 Store has written a procedure for Control of Documented Information which meets these requirements, and we also have several tools to help you manage your documentation.

Purchase the Control of Documented Information Procedure and related record keeping forms.

• Document Control Software

ISO 45001 Documented Information Considerations

It is critical to control your documents to ensure good communication and consistent process execution.

ISO 45001 section 7.5.3 requires that you maintain Control of Documented Information, which can be a binder of papers or an enterprise-wide document management system.

• Read about document control techniques on our free Control of Documented Information PPT

The key is that any document critical to having a safe and healthy workplace, as well as the delivery of your products and/or services is controlled. This ensures that everyone in your organization is using the most recent (and correct) instructions, keeping the correct records, understanding the policies and procedures that allow you to operate.

Here are some items to consider about document control:

• Location – Where will documents be stored? Options include:

• Documented Information control on a budget – see below

About Document Control Software

• Electronic Files stored on Common servers
• Doc Control Software
• Creation – How are documents created?
• Distribution – Who is responsible for Distribution to appropriate parties?
• Document Life – How long should documents be kept, i.e. retained?
• Filing – How will documents be filed for easy retrieval?
• Filing – How will documents be filed for easy retrieval?
• Permissions – Who decides the hierarchy?
• Protection – How can documents be recovered in case of destruction?
• Retrieval – How will users find the documents they need?
• Security – How do you keep documents and assure secure revisions?
• Validation – How do you determine the document’s authenticity?
• Version Control – How can you tell whether you have the current revision?

Documented Information Control on a Budget

ISO 45001 requires that Documented Information be Controlled (7.5.3)

Here are some key items you should track, and some basic storage/control tips:

You can use a tabbed binder or MS Word/Excel for these basic functions:

• Risks and Opportunities, a file or tab for each OH&S risk analysis and assessment will aid in quick retrieval of information.
• Management Reviews, a file or tab for each review will aid in quick retrieval of information.
• Design Reviews should record each of the ISO requirements including timeline, specs, validation, and verification as appropriate for your organization.
• Internal Audits do not need to be maintained on a daily basis.
• Personnel Training Records can be maintained in a notebook but an Excel spreadsheet is probably more practical to create a matrix of training and personnel.
• Maintenance and calibration records are best in a database to ease report generation.
• Revision and Documentation Control information should be maintained in a database. The 45001 Store Master Document List (Excel) is an easy way to track revisions. If you put it on a server (read-only) then people can access it anywhere in your organization.
• Bids/Orders/Changes are best in a database for easy access over time.
• Non-Conforming Material, Traceability issues, and customer property information should be maintained in a database due to the liability.