Document Scanning for ISO 9001: What UK Manufacturers Need to Know

For the full scanning workflow setup, see our scan documents to SharePoint guide. This article covers the ISO 9001 requirements specifically — what clause 7.5 requires, and how a scan-to-DMS workflow meets those requirements in practice.

What ISO 9001 Clause 7.5 Actually Requires

ISO 9001:2015 clause 7.5 (Documented Information) requires organisations to control documented information to ensure it is:

• Available and suitable for use: The right version, accessible where and when needed
• Adequately protected: From loss of confidentiality, improper use, or loss of integrity
• Distributed, accessed, retrieved, and used appropriately
• Stored and preserved including legibility
• Controlled for changes (version control)
• Retained and disposed of according to defined periods

Paper-based document systems struggle with almost every one of these requirements. A paper job card in a filing cabinet is not "accessible where and when needed" when a customer calls with a quality query. A paper quality procedure is not "controlled for changes" if staff have printed copies at their workstations that don't get updated.

The Three Document Types ISO Auditors Focus On

Quality procedures and work instructions

These are "documented information to be maintained" — they define how work is done and must be version-controlled, approved before issue, and current versions clearly identified. Previous versions must be archived (not deleted) but prevented from unintentional use. In a DMS: version history is automatic, approval workflow can be configured, and a "Status" column (Draft/Approved/Obsolete) makes current versions immediately identifiable.

Quality records

Inspection sheets, test results, non-conformance reports, calibration records — these are "documented information to be retained" as evidence of conformance. They need to be retrievable by product, batch, or date. In a paper system, retrieving a specific inspection sheet from 8 months ago for a customer quality query can take hours. In a DMS with barcode-indexed records, it takes 10 seconds.

External documents

Customer specifications, supplier standards, regulatory requirements — documents you don't create but must control. The current version must be identifiable, and obsolete versions must not be inadvertently used. A DMS handles this with version control and the ability to mark documents as superseded.

How Scan-to-SharePoint Meets ISO 9001 Requirements

Version control

SharePoint's built-in versioning creates a new version every time a document is edited. The version history shows who changed what and when. You can roll back to any previous version. The current version is always the one displayed in the library — no ambiguity about which revision is current.

For quality procedures: configure major versioning (v1.0, v2.0) with required check-in comments. Each major version represents an approved revision. Previous versions are accessible for reference but clearly labelled as superseded.

Availability where needed

Documents in SharePoint are accessible from any device with internet access — office PCs, shopfloor tablets, mobile phones. A QA engineer on the shopfloor can pull up the current work instruction on a tablet without leaving their station. An auditor can access the full quality record archive from a laptop in the boardroom.

Retention and disposal

SharePoint retention labels automate the document lifecycle. Assign a retention period to each document type — quality records: 10 years; calibration certificates: 5 years; non-conformance reports: 7 years. The system automatically flags or deletes documents at expiry. No manual calendar reminders, no risk of premature deletion or indefinite retention.

Access control and integrity protection

Library-level permissions ensure only authorised staff can modify quality procedures. Read-only access for production staff, edit access for quality engineers, admin access for the QMS manager. The audit log records every view, edit, and download — meeting the ISO requirement for "protection from loss of integrity."

The Shopfloor Scanning Workflow for ISO 9001

The practical implementation for a manufacturing business:

1. Job card completed → scanned at shopfloor eScan → barcode reads job number → files to "Job Cards" library tagged with job number, machine, operator, date
2. Inspection sheet completed → scanned in batch → QR code splits and files each sheet to "Quality Records" library tagged with batch number, product, inspector, pass/fail result
3. Non-conformance raised → paper NCR form scanned → files to "Non-Conformances" library → triggers approval workflow for disposition decision
4. Calibration certificate received → scanned and filed to "Calibration Records" library tagged with equipment ID and calibration date → retention label applied automatically

What an ISO Auditor Will Ask For

In a typical ISO 9001 surveillance audit, expect requests like:

• "Show me the inspection record for batch X from last month" — search by batch number: result in 5 seconds
• "Show me the current version of your welding procedure" — filter by Status = Approved, one result
• "Who approved the last revision of this work instruction and when?" — version history: name and timestamp immediately visible
• "Show me all non-conformances raised in the last 12 months" — filter by document type and date range: complete list in seconds

Organisations that prepare for audits by spending days printing and organising paper folders will find this approach transformative. Everything an auditor might request is retrievable in under a minute.