Documented information to be maintained. Procedures required for ISO 9001:2015. Six procedures that were required in ISO 9001:2008.
The new version of the quality management standard no longer requires any specific procedures, as there were in the previous version (ISO 9001:2008).
There are only three pieces of required documentation:
and none of these are procedures.
Under clause 4.4 Quality management system and its processes, the standard now states:
The organisation shall:
a) maintain documented information to the extent necessary to support the operation of processes
b) retain documented information to have confidence that the processes are being carried out as planned
Notice the key words - 'maintain' and 'retain'. Documented information to 'retain' is what was previously called records. Information to 'maintain' is what was called documents.
The phrase "to the extent necessary" means you get to decide what is required for your business and what documentation provides value. This phrase appears in three places:
To work out what documentation is needed or useful for a process in your business, you might use risk based thinking, e.g., how important is this activity?, how likely is it to go wrong?, what could happen if something was missed?
If you choose to have no other documentation, you will need to be able to show your auditor that your quality management system is effective without it.
ISO 9001:2015 still has plenty of requirements for documented information that must be "retained" (i.e. required records.
ISO 9001:2008 required "documented procedures" for the following six activities: * Control of documents (4.2.3) * Control of records (4.2.4) * Internal audit (8.2.2) * Control of nonconforming product (8.3) * Corrective action (8.5.2) * Preventive action (8.5.3)
Any further documentation required in your business for your Quality Management System to function effectively, could be decided by you.