Chapter 2: Document Hierarchy: Policy, Procedure, Work Instruction, Form, Record (Cross-Standard Mapping)
A QMS document hierarchy has five tiers — policy (the why), procedure (the what and who), work instruction (the how), form (the structure for capturing data), and record (the evidence of activity). All 10 ISO management-system standards (9001, 14001, 45001, 13485, 22000, IATF 16949, AS9100, FSSC 22000, 17025, 22301) recognize this hierarchy in their clause 7.5 requirements, though terminology varies. PinnacleQMS clients use a single five-tier hierarchy across all standards in their scope, eliminating duplicate documentation.
The hierarchy is the spine of every certified management system. When it collapses — when work instructions get treated as procedures, when forms float without records, when policies contradict the procedures beneath them — auditors raise nonconformities and the system loses credibility internally. This chapter maps the five tiers across every ISO standard a North American manufacturer or laboratory is likely to hold, shows what accredited auditors verify at each level, and lays out the structural mistakes that turn a clean hierarchy into a documentation swamp. PinnacleQMS implementations enforce one shared hierarchy across all standards in scope — the alternative (separate hierarchies per standard) is what produces the 600-document, 40-binder QMS that no one trusts.
The five-tier QMS document hierarchy
Each tier serves a distinct purpose. Policy declares intent and management commitment. Procedure defines who does what, in what sequence, with what inputs and outputs. Work instruction details the how — the step-by-step actions a competent operator follows. Form provides the standardized structure for capturing data during execution. Record is the completed form (or system entry, log, certificate, photograph) that proves the activity occurred.
A common failure mode is conflating tiers — embedding work-instruction detail inside a procedure, or treating a blank form as a record. The distinction matters because each tier has different approval authority, different revision frequency, and different audit scrutiny.
| Tier | Purpose | Example | Typical owner | Retention period |
|---|---|---|---|---|
| Policy | Declares intent, scope, and management commitment | Quality Policy, Environmental Policy, Information Security Policy | CEO / Top Management | Life of system + 7 years |
| Procedure | Defines responsibilities and process flow (who, what, when) | Internal Audit Procedure, Document Control Procedure, Nonconformity & CAPA Procedure | Process Owner / Department Head | Life of process + 3 years |
| Work Instruction | Details step-by-step execution for a specific task | Calibration of Mitutoyo Caliper SOP, CNC Setup Sheet, Glove Box Sanitization WI | Subject Matter Expert / Supervisor | Until superseded + 3 years |
| Form | Provides standardized structure for data capture | Internal Audit Checklist, NCR Form, Calibration Record Template, CAPA Form | Process Owner | Until superseded |
| Record | Evidence that an activity was performed and the result | Completed audit report, signed CAPA, calibration certificate, training record | Department of origin | 3-30 years (standard-dependent) |
Retention periods vary sharply by standard. ISO 13485 medical-device records often follow FDA 21 CFR Part 820 retention (life of device + 2 years, minimum). IATF 16949 production-part records follow customer-specific requirements (often 15 years for safety-related parts). ISO 17025 calibration records typically follow ANAB or SCC accreditation rules. PinnacleQMS retention schedules embed these standard-specific rules at the form level, so each record inherits the longest applicable retention automatically.
How each ISO standard names the tiers (terminology mapping)
The hierarchy is universal; the vocabulary is not. ISO 13485 uses "Medical Device File" as a near-equivalent to a top-tier policy/manual hybrid. AS9100 introduces "Configuration Management" documents that span procedure and work-instruction tiers. FSSC 22000 layers HACCP and Food Safety Plans into the procedure tier. ISO 17025 carries "Method" documents at the work-instruction tier with stricter validation rules.
Mapping vocabulary upfront prevents the most common multi-standard implementation failure: writing the same document twice under two different names because two standards labelled it differently.
| Standard | Tier 1 (Policy) | Tier 2 (Procedure) | Tier 3 (Work Instruction) | Tier 4 (Form) | Tier 5 (Record) |
|---|---|---|---|---|---|
| ISO 9001 | Quality Policy | Documented Procedure / Process | Work Instruction | Form / Template | Record |
| ISO 14001 | Environmental Policy | Operational Control Procedure | Operational Control Instruction | Aspect/Impact Form | Environmental Record |
| ISO 45001 | OH&S Policy | Operational Control / Hazard Procedure | Safe Work Procedure (SWP) / JSA | Hazard ID Form | Incident/Inspection Record |
| ISO 13485 | Quality Policy | Documented Procedure | Work Instruction / SOP | Device Master Record (DMR) Template | Device History Record (DHR) |
| ISO 22000 | Food Safety Policy | HACCP Plan / Operational Procedure | Hygiene Work Instruction | Monitoring Form / CCP Log | Verification Record |
| IATF 16949 | Quality Policy | Documented Process (per APQP) | Job Instruction / Setup Sheet | Control Plan / FMEA Template | PPAP / Run-at-Rate Record |
| AS9100 | Quality Policy | Documented Procedure | Work Instruction / Process Sheet | Configuration Item Form | First Article Inspection (FAI) Record |
| FSSC 22000 | Food Safety Policy | Prerequisite Programme (PRP) / HACCP | Sanitation SOP (SSOP) | Monitoring Form | CCP Verification Record |
| ISO 17025 | Quality Policy / Manual | Management Procedure | Test Method / Calibration Method | Test Worksheet | Test Report / Calibration Certificate |
| ISO 22301 | Business Continuity Policy | BCM Procedure | Recovery Work Instruction / Runbook | BIA / Risk Form | Exercise Record / Incident Log |
Companies certified to multiple standards in manufacturing or automotive sectors regularly carry 4-6 of the rows above simultaneously. A single procedure — Internal Audit, for example — should satisfy all of them with one document, not six. The PinnacleQMS platform enforces this by tagging each document with the standards it satisfies, so one approved procedure shows up in the audit trail for every applicable certificate.
What auditors check at each tier
Accredited auditors from registrars certified by IAF members (iaf.nu) — including ANAB, SCC, and equivalent bodies — apply consistent verification logic at each tier. The audit pattern moves top-down: confirm the policy exists and is communicated, sample procedures for completeness and ownership, sample work instructions at the workstation, verify forms are current, and trace records back through the hierarchy to confirm the system actually operated as documented.
| Tier | What auditors verify | Common findings |
|---|---|---|
| Policy | Top-management approval signature; communicated to all staff (interview test); reviewed in last management review; aligned with context and risks | Policy not signed by current CEO; staff cannot paraphrase intent; no evidence of annual review |
| Procedure | Process owner identified; inputs/outputs defined; interfaces with other procedures clear; current revision in use; superseded versions removed from points of use | Conflicting procedures across departments; procedure references obsolete forms; no defined process owner |
| Work Instruction | Available at point of use; matches actual practice (gemba walk); written at operator competency level; revision controlled | Operator following memory not WI; WI references discontinued tooling; no revision history |
| Form | Latest revision in use; aligned with parent procedure; fields capture all required evidence; uncontrolled photocopies absent | Operators using printed forms from 2019; form fields don't match procedure requirements; no form on master list |
| Record | Legible, complete, traceable; retention period met; protected from loss/alteration; retrievable within audit timeline | Missing signatures; pencil entries on quality records; records destroyed before retention met; cannot retrieve in 24h |
PinnacleQMS clients average a 98% first-pass certification rate across 250+ certifications because the platform makes each of these audit checks a configuration setting rather than a manual control. Forced revision pull-back, electronic signature on records, retention enforcement, and point-of-use availability are platform features, not human discipline.
Common documentation mistakes that collapse the hierarchy
Need guidance on your certification journey?
Our consultants have prepared more than 250 manufacturers globally — from growing businesses to large enterprises — for successful certification. Get a free, no-obligation consultation tailored to your industry.
Five anti-patterns appear in roughly 80% of pre-certification audits PinnacleQMS consultants conduct on existing systems. Each one creates a specific category of nonconformity and each one is structural — fixable only by reorganizing the hierarchy, not by editing individual documents.
Work-instruction-as-procedure. A 14-page document titled "Calibration Procedure" that actually contains step-by-step instructions for one specific gauge. Auditors flag this because the procedure tier is supposed to define who does calibration across all equipment categories — the gauge-specific steps belong in a work instruction beneath it. The fix: split into one calibration procedure (process flow, responsibilities, frequency, escalation) and one work instruction per equipment family.
Form-without-record. A blank "Daily Inspection Form" exists in the document control system, approved and revision-controlled — but no one is filling it in, or the completed copies live in a drawer that no one has retrieved in 18 months. ISO 13485 and IATF 16949 audits will write this up as a clause 7.5.3 control of documented information failure within minutes. The fix: every form must have a defined trigger, owner, retention location, and review frequency.
Policy-procedure contradiction. The Environmental Policy commits to "zero waste to landfill by 2027" but the Waste Management Procedure assigns no targets and references a 2018 baseline. ISO 14001 auditors compare policy commitments to operational evidence directly. The fix: every policy commitment must trace to one or more procedures that operationalize it, with measurable objectives.
Procedure without process owner. A document approved by the Quality Manager covering a process owned operationally by Production. When the auditor asks Production for evidence of the process running, Production points at Quality, who points at the document. No one owns the actual work. The fix: process owner is a named role on every procedure, distinct from the document approver.
Multiple hierarchies for multi-standard sites. A facility certified to ISO 9001, ISO 14001, and ISO 45001 maintains three separate document control systems with three separate Internal Audit procedures. This is the most expensive mistake — it triples maintenance load and produces inconsistencies that surveillance audits catch every cycle. The fix: one integrated hierarchy, one document control procedure, one internal audit procedure that schedules audits against all three standards.
Uncontrolled hybrid documents. Spreadsheets, SharePoint pages, or shared-drive PDFs that started life as working documents and migrated into operational use without ever entering the document control system. These are the documents that get caught during stage-2 audits when an auditor asks "where did this number come from?"
Setting up a clean hierarchy from scratch (or after audit findings)
Whether building a new QMS for ISO 9001 certification or remediating a system that failed surveillance, the rebuild approach is consistent. PinnacleQMS implementations follow a seven-step structural pass before any individual document is written or rewritten.
- Inventory existing documents and classify by tier. Pull every document currently in operational use — controlled or not. Sort each one into one of the five tiers based on what it actually does, not what it is titled. Expect 20-40% of documents to be miscategorized in legacy systems.
- Identify duplicates and conflicts across standards. Where multiple documents cover the same process under different standard labels, mark for consolidation. A site with ISO 9001 and ISO 14001 typically has 8-12 procedures that should merge into 4-6.
- Define the master hierarchy diagram. One page showing all policies, the procedures that implement each policy, and the major work-instruction families beneath each procedure. This becomes the table of contents for the entire QMS and the reference for every document number issued.
- Establish naming conventions and document numbering. Tier-prefix numbering (POL-, PRO-, WI-, FRM-, REC-) makes hierarchy visible at a glance. Add standard tags so the same procedure can show its scope across multiple certifications.
- Assign process owners before writing. Every procedure and work instruction must have a named role accountable for accuracy, revision, and operational use. No document gets written until the owner accepts.
- Write top-down, approve bottom-up. Draft policies first, then procedures, then work instructions, then forms. Approve in reverse — forms and work instructions get sign-off from operators and supervisors before the parent procedure gets approved by management. This catches the gap between documented practice and actual practice.
- Migrate records and set retention. Map every form to its retention rule (standard-driven, customer-driven, or regulator-driven — including FDA, Health Canada, and ANAB requirements). Establish the storage location and the retrieval test before go-live.
For organizations holding ISO 13485 alongside ISO 9001 — common in healthcare and medical device manufacturers — the hierarchy work is non-negotiable. FDA 21 CFR Part 820 inspections will trace records back through procedures to policy in exactly the order described above, and gaps surface fast.
A clean five-tier hierarchy is what separates a QMS that runs the business from a QMS that survives audits. It is not a documentation exercise — it is the structural foundation that determines whether every other clause in the certification process actually functions. PinnacleQMS deploys this hierarchy as a platform configuration on day one of every implementation, with standard-specific tagging built in. To map an existing document set against the five-tier structure, or to plan a rebuild before the next surveillance cycle, Contact Us to Know More or explore the platform directly.
Chapter 1: What ISO Clause 7.5 Actually Requires (Document Control 101)
ISO 9001:2015 clause 7.5 requires documented information to be identified, controlled for revision, accessible to those who need it, protected from loss or unau
Chapter 3: How to Write a Document Control Procedure That Passes Stage 2 Audit
A document control procedure that passes a Stage 2 audit must define five things explicitly: how documents are identified (numbering scheme), how revisions are
Request a Consultation
Fill in your details and we'll get back to you.
