Forum Discussion

atagios's avatar
atagios
Copper Contributor
Dec 17, 2021

SharePoint ISO Management System

Hi everyone, we are thinking to build (Using SharePoint online ) a site or a Documents library for keeping our company’s’ ISO 9000 Documents, policies etc.… The initial idea is to have all Documents ...
Document Library
SharePoint Online
Sites
Dennis-Scherrer's avatar
Dennis-Scherrer
Brass Contributor
Apr 23, 2024

Hi atagios

I had decided on a structure with three libraries for the SharePoint QMS: one library for processes, one for work instructions, guidelines and procedures - the "production" library and one to store analyses, reports and evaluations. Everything else for ISO 9001, such as actions, requirements, risks, and quality objectives, is stored in SharePoint lists.

You can find the detailed https://www.bluesite.de/Services/System-for-Quality-Management-based-on-SharePoint.html#Howto-Setup in my guide.

Maybe that will help,

Dennis

Kirsty600's avatar
Kirsty600
Copper Contributor
Aug 16, 2024

Hi Dennis-Scherrer, Did you use the ISO 9001 Purview Compliance template as part of your solution? I would be interested to hear how that went for you, I have a client with the same requirements.

Thanks Kirsty

  • Dennis-Scherrer's avatar
    Dennis-Scherrer
    Brass Contributor
    Aug 21, 2024

    Hi Kirsty600

    year´s ago I wrote an technical article and gave several lectures, including at the University of Klagenfurt and about Windows Rights Management Service (RMS), known today as Purview.

    Protecting company information is req 7.5.3.1 b) ISO 9001:2015 described as "..adequately protected (e.g. from loss of confidentiality, improper use..". 

    For the target audience of my solution, this is (still) not interesting, so I did not include Purview as part of this solution. I am very familiar with the benefits of Purview and have had also inquiries about it, but ultimately it is always a matter of risk management for the respective company.

    I am convinced that atagios original case above can be solved without Purview and that version control with draft item security is sufficient. 

    Dennis

    PS: You may have a look at my https://bluesite.consulting/Services/SharePoint-QMS-Microsoft-365.html#ISO-9001-document-control 

    • Kirsty600's avatar
      Kirsty600
      Copper Contributor
      Aug 21, 2024
      Hi Dennis
      Thanks for answering. I face similar challenges with Purview and the companies I consult for, even though they genuinely need it, from a data loss perspective. Many of them have legislative and regulative requirements for their content and are not even close to meeting them. They can meet most of the requirements with Purview and some solutions like yours if they slow down for a minute and think about the risk properly.
      Thank you for the clause that is actually what I was looking for. I don't have the full standard, anymore and the company I am working with is very vauge on what they have to do. I used to have a copy of the standard and the requirements but I think I have it stored on a randam external drive.
      I really liked your solution when I had a look at your article. I had some thoughts around centralisation and then reporting and sharing metadata but that can be managed in multiple ways. I think I will use it and add Purview as the company requires defense level content marking and sharing retrictions on top of the ISO9001.
      Thanks
      Kirsty

Resources