How to Organize Documentation for ISO Certification in Confluence

Those companies that have passed ISO certification know what a challenge it is. A company goes through intensive audits to get it. But it’s worth it. Achieving ISO certification unlocks new opportunities. It demonstrates that your products, services, or systems are safe and efficient.

When it comes to preparing documentation for ISO certification, Confluence is a go-to. It’s essential to build the process to provide easy navigation and streamlined content. Without organized documentation, you reduce your chances of getting the desired paper.

We talked to our trusted client Kinarm about their experience building ISO documentation in Confluence. In this article, you will find some feasible ideas to prepare for ISO certification.

ISO certification in Confluence at Kinarm

Kinarm produces scientific equipment and software that allows neuroscientists to take a closer look at brain functions. Kinarm Labs and Kinarm Standard Tests address the lack of objective assessment in the management of brain injury and disease. Virtual reality, computer programs along with robotic mechanisms in Kinarm Labs help to study such brain diseases as stroke, cardiac arrest, cerebral palsy, traumatic brain injury, and Parkinson’s disease.

Any appliance needs to adhere to the requirements of ISO standards to register it as a medical device. Kinarm works with the following ISO standards:

• ISO 13485 that outlines the requirements for organizations that design, produce, and service medical devices and related services.
• ISO 14971 that describes the process of risk management of medical devices.

Being a veteran of this process for more than ten years, Kinarm shared their insights on one of the main challenges during ISO certification.

“For us, as a small company, there are a few challenges. First, the standards are often large and complex documents themselves. Just making sure that we’ve covered all of the “shalls” in the document is very time-consuming. Once we have developed procedures and forms to cover all the “shalls”, the next major task is making sure we stay on top of creating all the required documents and sign-offs. It’s unfortunately easy to drop the ball and forget to fill out a document that’s required, fill it out incorrectly, or forget to sign it off when completed.”

The typical workflow for passing ISO certification at Kinarm goes like this:

1. Review the standard
   • Build a document that lists all the actions and documents the standard mandates
   • Create procedures, instructions, and forms to meet the standard
   • Train staff to use the procedures for creating the required quality records. It demonstrates that they are following procedures as prescribed
2. Apply the procedures and forms 
3. Do an internal audit to make sure they are using the system as designed
   • If they are not using their own system properly, then either re-train or modify a system
4. Pass annual audits

How to structure information in Confluence spaces

ISO standards require documenting different types of information. However, it’s your company that develops the forms and types of documents according to the requirements. But this flexibility has some pitfalls.

“Of course, every company is different, so there is unlikely the “best” way to document something, but even having some suggestions would be helpful.”

Once you determine the information to document, structure it in accordance with the requirements of your organization. Kinarm uses this approach to organize documents in Confluence:

• They create a single space called Quality Management System with links to all controlled documents in other spaces.
• Every functional area has a separate space, for example, Software, Hardware, Manufacturing, Accounting, etc. with the relevant documents for ISO procedure.
• The procedures and blank forms in the QMS space are linked to the spaces they apply to.

Some organizations may opt for collecting documents connected with ISO in one space. On the one hand, this approach enhances document management. On the other, it can lead to duplicating the relevant content by departments involved in the process and thus flood searches. Your “Single Point of Truth” is no longer ‘Single’. The way Kinarm arranges spaces for ISO certification is suitable for small organizations with a lower volume of documents and a plain organizational structure.

Technique for better search results in Confluence

A common practice for better searchability of documents in Confluence is to use keywords in the title of the page. Title-based search helps Kinarm navigate through ISO documentation as well. Any form that relates to the space has a title with the document ID in it.

“For example, our backup audit form is 63BT01. So any time we audit back-ups, we copy the form, fill it in, and name the new page “63BT01 – Backup audit results, March 2022.”

The basic idea of the keyword is [number to describe ISO section number]BT[paragraph number in the relevant section]. For example,

63 – ISO 13485 section number (infrastructure)

BT – abbreviation of the official company name (BKIN Technologies)

01 – ISO paragraph number in the relevant section

Developing a naming convention based on important elements of the project helps you get the relevant content faster. Also, it provides a clear and immediate indication of content.

ISO audit tips in Confluence

Before the official audit, Kinarm passes a documentation ‘health check’ using Comala Document Management.

In the first draft state of the workflow, no one can use an incomplete document. After revision, it goes into the pending approval state. At this point, it’s assigned to a specific document reviewer who has the authority to create official documents. The document must be approved using a password. It guarantees that only the person responsible for this process approves it. The person who approves the document also needs to train staff. Employees must understand the standard and do their job according to it.

After receiving ISO certificate, you need to continuously refine your processes. It’s a central theme of ISO. Talk – Advanced Inline comments for Confluence can be very handy in this regard.

“The talk comments allow us to show an auditor that we’re working on a document and discussing changes. Having the comments allows an auditor to see that we are working on new ideas and improvements to procedures. We will normally leave the talk comments in, but mark them resolved even after the changes have been integrated and approved – this is important for the traceability of why we made changes.”

It’s the Talk Archive feature that Kinarm describes. It helps to have resolved comments at hand and get back to them when you need to see the context for improvements made.

A helpful tip from Stiltsoft: if you keep all the QMS documentation in one space, the Talk Permissions feature can help you in the following situation. You can set up Space restrictions so that only your team and the external auditors can see the Talk inline comments in this space.

It might be necessary when your partners or clients request access to your ISO documentation. The Talk visibility permissions ensure that you don’t expose private information contained in talks and keep the official version of the document ‘clean’ for the Anonymous users.

This is how your page looks for the groups mentioned in Talk Permissions:

This is how exactly the same page looks for the Anonymous users:

Note that auditors also keep track of the version control of ISO documents. To avoid explanations about minor edits made with Talk you can disable the creation of page versions on Talk actions.

Check the difference between native inline comments in Confluence and Talk – Advanced Inline Comments.