• Andrew Thornhill

What Documents do we need in our ISO management System?

In this video, we're going to identify the mandatory documentation you need to support a management system. If you're implementing one of the management systems such as quality, safety, or food safety then this video is for you.


In order to meet any of the certification standards, you need to identify what mandatory documents or records are needed. In order to do this, you may want to look for the phrase "Documented Information".

To work out whether they mean a document or a record, you've got to look at the prefix, the word that comes before that.

Where they mean a document, they'll use the prefix 'maintainers'. For things like your policy, objectives, or scope of your system still needs to be documented and it'll have the phrase 'maintainers'.

Where they mean a record, they now use the prefix ‘you need to retain documented information’.

ISO's made a change in the terminology there. As an example, around the performance evaluation requirements, monitoring, measuring internal auditing, management review, you need some record as evidence that you've actually done that.

ISO Clauses and Documented Information

In quite a number of clauses, there's no documented information required, and the example would be some of the newer clauses in the standard:

  • 4.1. Determining the Context of the Organisation

  • 4.2 Needs and Expectations of Interested Parties

What you can see in the latest revisions of the standard, ISO's made a little bit of a move away from mandatory documentation,

In the latest revisions of the standard, we can see that ISO has made a move away from mandatory documentation, which raises the question of "how can we demonstrate conformance if we haven't documented our approach?" In a previous video series, we've got a whole video on exactly that kind of topic.

Your task is to read through the standard and look at where it requires documented information. There is a clause on documented information that says:

The documented information you need is:

A) Any documented information that ISO has deemed as mandatory, but under that

B) Documentation to support your processes where you feel you need it.

Demonstrating Conformance to External Auditors:

A common question we are getting in a lot of training we run is "How do we demonstrate conformance to external auditors if it's not mandatory to document our approach?"

We always say in response to that, ISO doesn't write standards to make the job easy for auditors, they write these standards to help you improve your safety or your environmental outcomes.

If you read any of these standards carefully, they're actually asking you to focus on your processes for certain things, whether that be:

  • Corrective action

  • Traceability

  • Accident & incident reporting

You need to focus on understanding your processes and how you plan, manage, monitor, evaluate and improve those processes. That kind of thinking is totally consistent with what ISO are advocating.

Using a software approach to management systems

There's different ways you can approach a management system, with pro's and con's to each approach. One thing people don't always realise with a software approach is that there is actually a growing range of software you can use, which immediately gives you consistency around some of your critical processes.

It is notoriously hard to get consistency in accident incident reporting if you are a multi-site business. If you use a software application, you can decide on your workflow and how you're going to approach it.

Free Resource to make your life easier: Documented Information Required

  • LinkedIn Social Icon
  • YouTube

© IRM Systems 2019