To perform GAP analysis and verify compliance with Clause 7.5 on Documented Information, you’ll need to systematically check that your organization has established, updated, and maintained documented information as specified in the ISO 9001 standard. Here’s a breakdown of how to verify each requirement of this clause:

1. Documented Information Requirements (7.5.1 General)

Check Required Documentation

Begin by verifying that the organization maintains all documented information specifically required by ISO 9001. Review the QMS documentation to ensure it includes mandatory documents, such as a quality policy, objectives, and any other required procedures.

Evaluate Additional Necessary Documentation

Determine if there is additional documented information that the organization has identified as necessary for the effectiveness of the QMS. Review any analysis or assessments (like risk assessments) used to justify the inclusion of additional documents. Compliance here is demonstrated by having all necessary documents that contribute to effective QMS management.

2. Creating and Updating Documented Information (7.5.2)

Examine Identification and Description Controls

Check that each document has appropriate identification, such as titles, dates, authors, or reference numbers. Review document templates or examples to see that identification details are consistently applied across QMS documentation.

Review Document Format and Media

Confirm that documents are created in a suitable format (e.g., electronic, paper) and include any necessary graphics, language, or software versioning. Look for standards in place regarding how information is formatted and stored.

Verify Review and Approval Processes

Ensure there’s a process for reviewing and approving documents for suitability and adequacy. Look for evidence of sign-offs, approval records, or other forms of validation that documents meet quality requirements before being finalized.

3. Control of Documented Information (7.5.3)

Verify Availability and Suitability Controls

Confirm that documents are available and accessible to relevant personnel as needed. Review any systems or procedures that control document distribution and verify that employees can access documents where and when necessary.

Check Protection Measures

Check that documented information is protected from loss, misuse, or unauthorized alterations. Look for security measures like restricted access, data encryption, or physical storage protections that prevent unintended access or damage.

4. Control of Documented Information Activities (7.5.3.2)

Review Distribution and Access Controls

Verify that the organization has defined processes for distributing, accessing, retrieving, and using documented information. Look for controls around permissions and distribution methods, such as restricted access folders or limited access rights in digital systems.

Evaluate Storage and Preservation Procedures

Check that documented information is stored in a way that preserves legibility and integrity over time. Compliance can be shown by examining storage practices and any routines for checking the readability and preservation of documents.

Confirm Version Control and Change Management

Review procedures for controlling document changes, including version control mechanisms. Look for evidence of version tracking, change history, or version labeling, showing that updates are managed in an organized and traceable manner.

Examine Retention and Disposition Policies

Confirm that there’s a process for retaining documents according to regulatory or operational requirements and that obsolete documents are disposed of responsibly. Review retention schedules or policies and disposal logs if available.

5. Control of External Documented Information

Identify Controls for External Documents

If the organization uses external documents critical to the QMS (such as customer standards or regulatory documents), verify that these are identified and controlled appropriately. Check that any external documents are tracked, and their updates are monitored to ensure relevance and accuracy.

By thoroughly examining these areas, you can confirm if the organization complies with the documented information requirements of ISO 9001. Compliance evidence should include clear records of controlled document creation, updates, storage, accessibility, and appropriate retention and disposition of all relevant QMS documentation.