Clause 7 of ISO 9001: Support Explained

Q: Difference between competence and awareness?

Competence (7.2): the technical ability to do the job well. Proven through education, training or experience. Awareness (7.3): understanding the why of the work and its contribution to the QMS. An operator can be technically competent yet not understand why they do what they do — both are required.

Q: How do I control documents of external origin?

Identify them as external and control their distribution and currency. For example: the current version of ISO 9001 must be identified and available to those who need it. Critical supplier catalogs should be dated and replaced when the supplier publishes a new version.

Q: Can records be electronic only?

Yes. The standard accepts any format/media. What matters is that the system meets control requirements (legibility, integrity, retrieval, protection, retention). Cloud systems with backup, versioning and traceability are valid and represent the current trend.

Clause 7 of ISO 9001:2015 brings together everything the QMS needs to operate day-to-day: resources, competent people, internal communication and document control. It’s the longest clause in the standard, with 5 sub-clauses, and the one where most companies concentrate their operational procedures.

In this guide we explain what each sub-clause (7.1 to 7.5) requires, how to manage competence and document control without chaos, what documents auditors ask for and the most common mistakes we see when working with companies through certification.

What does Clause 7 of ISO 9001 require?

Clause 7 is called “Support” and has five sub-clauses:

7.1 — Resources (people, infrastructure, environment, monitoring and measuring resources, organizational knowledge)
7.2 — Competence
7.3 — Awareness
7.4 — Communication
7.5 — Documented information

In short: Clause 7 is the operational backbone of the QMS. Without resources, trained people, clear communication and documents under control, the system can’t function — no matter how good the quality policy or objectives are.

7.1 Resources

The organization must determine and provide the resources needed to establish, implement, maintain and continually improve the QMS. Sub-clause 7.1 breaks down into 6 categories:

7.1.1 General + 7.1.2 People

People needed for the operation and control of QMS processes. It means having enough staff with the right profile in every critical role.

7.1.3 Infrastructure

Buildings and associated utilities
Equipment (hardware and software)
Transportation resources
Information and communication technology

7.1.4 Environment for the operation of processes

Combination of human and physical factors: temperature, humidity, lighting, cleanliness, noise, social factors (non-discrimination), psychological factors (stress, burnout prevention).

7.1.5 Monitoring and measuring resources

Measurement equipment, calibration, instrument verification. The standard requires keeping documented information on metrological traceability when applicable.

7.1.6 Organizational knowledge

The “know-how” the organization needs to operate and achieve conformity. It can come from internal sources (experience, lessons learned) or external (standards, consulting, training).

7.2 Competence

The organization must:

Determine the necessary competence of people whose work affects QMS performance and effectiveness
Ensure those people are competent on the basis of appropriate education, training, or experience
Where applicable, take actions to acquire the necessary competence and evaluate the effectiveness of those actions
Retain appropriate documented information as evidence of competence

Typical output: competence matrix (per role: required education, experience, training + evidence of the incumbent’s current competence) + annual training plan.

7.3 Awareness

People doing work under the organization’s control must be aware of:

The quality policy
Relevant quality objectives
Their contribution to QMS effectiveness, including benefits of improved performance
The implications of not conforming with QMS requirements

This is the difference between “competence” (knowing how to do the job) and “awareness” (understanding why and what happens if it isn’t done right).

7.4 Communication

The organization must determine the internal and external communications relevant to the QMS, including:

What will be communicated
When it will be communicated
To whom it will be communicated
How it will be communicated
Who will communicate

Typical output: communication matrix or plan with each topic (policy, objectives, audit findings, KPIs, changes) crossed with audience, channel, frequency and owner.

7.5 Documented information

This sub-clause replaces the terms “documents” and “records” from previous versions. The standard requires:

7.5.1 General

The QMS must include documented information required by the standard + documented information the organization determines is necessary for the effectiveness of the QMS.

7.5.2 Creating and updating

Identification and description (title, date, author, reference number)
Format and media (paper, electronic)
Review and approval for suitability and adequacy

7.5.3 Control of documented information

Availability and suitability for use, where and when needed
Adequate protection (confidentiality, loss, integrity, improper use)
Distribution, access, retrieval, use
Storage and preservation, including legibility
Control of changes (version control)
Retention and disposition (how long, how it’s destroyed)

How to implement Clause 7 in an SME

Step 1 — Competence matrix and training plan

For each QMS role: job description, required education, minimum experience, required training. Cross-check with each incumbent’s current competence. Identify gaps and generate an annual training plan. Output: matrix + plan.

Step 2 — Internal communication plan

Define what/when/to whom/how/who for critical QMS topics: policy, objectives, indicators, findings, changes. Schedule periodic meetings (monthly/quarterly). Output: communication matrix + calendar.

Step 3 — Document control system

Set up a single tool to store policies, procedures, work instructions and records. Define naming, versioning and approval workflow. Master document list. Output: system + master list.

Step 4 — Awareness program

Onboarding talk for new staff + periodic refreshers. Visual material (posters, screens) in operational areas. Mechanism to verify understanding (interviews, simple quizzes). Output: material + distribution evidence.

Documents and evidence auditors ask for

Competence matrix per QMS role
Evidence of competence (CVs, certificates, training records, assessments)
Annual training plan
Records of training delivered and effectiveness evaluated
Internal QMS communication plan or matrix
Communication evidence (meeting minutes, emails, posters, screenshots)
Master list of documented information
Document control procedure
Inventory of measurement equipment + calibration certificates (when applicable)
Critical infrastructure maintenance records

Common mistakes auditors flag

Competence matrix copied from the org chart — it doesn’t detail specific competencies per role, just names and titles. Solution: per role, specify education + experience + training + required technical competencies.
Training without effectiveness evaluation — courses are delivered but no one verifies whether the person actually learned. Solution: post-course evaluation (test, observation, task execution).
Documents without version control — two different versions of the same procedure circulate in different areas. Solution: centralized system with a single current version, master list kept up to date.
Measurement equipment with expired calibration — the caliper or thermometer was last calibrated 3 years ago. Solution: calibration program with dates and certificates, alerts before expiration.
Staff doesn’t know the policy or objectives — the operator doesn’t know what management committed to. Solution: periodic distribution + visual material + verification during onboarding.
No communication plan — communication is informal or reactive, unstructured. Solution: simple matrix with what/when/to whom/how/who.

How QualityWeb 360 makes Clause 7 easier

QualityWeb 360 is a 100% cloud platform that centralizes your entire ISO 9001 QMS. For Clause 7 specifically, it helps with:

📄 Document Control

Single repository for policies, procedures, work instructions and records. Automatic versioning, electronic approval, always-current master list, role-based controlled distribution. Goodbye, messy Google Drive.

🔍 Traceability for audits

Each document is logged with author, approval date, change history and staff read receipts. Competence matrix with training evidence. When the auditor asks “who’s qualified to do this?”, the answer is one click away.

🔁 Periodic review with alerts

The system reminds you when a document is due for review, when equipment calibration expires, and when a training needs a refresher. Evidence is stored for the external audit.

See QualityWeb 360 in a 20-minute demo →

Frequently asked questions about ISO 9001 Clause 7

Which documents are mandatory under ISO 9001:2015?

The 2015 version reduced the list of mandatory documents. Still explicitly required: quality policy (5.2), quality objectives (6.2), QMS scope (4.3), documented information to support process operation (4.4), evidence of competence (7.2), evidence of product/service conformity (various), management review results (9.3), nonconformities and corrective actions (10.2). Beyond these, the organization decides what it needs.

Difference between “competence” and “awareness”?

Competence (7.2): the technical ability to do the job well. Proven through education, training or experience. Awareness (7.3): understanding the why of the work and its contribution to the QMS. An operator can be technically competent yet not understand why they do what they do — both are required.

How do I evaluate the effectiveness of training?

Typical methods: written or practical exam at the end of the course, on-the-job observation in the following weeks, performance indicators before/after, supervisor interview. The standard doesn’t require a specific method — it requires documented evidence that evaluation took place.

How do I control documents of external origin (e.g., standards or supplier catalogs)?

Identify them as external and control their distribution and currency. For example: the current version of ISO 9001 must be identified and available to those who need it. Critical supplier catalogs should be dated and replaced when the supplier publishes a new version.

How long must records be kept?

The standard sets no specific time. The organization determines it based on: applicable legal requirements, customer requirements, product lifecycle, legal risk. Typical: 5-7 years for operational records, 10 years or more for critical or regulated product records.

Can records be electronic only?

Yes. The standard accepts any format/media. What matters is that the system meets control requirements (legibility, integrity, retrieval, protection, retention). Cloud systems with backup, versioning and traceability are valid and represent the current trend.

What counts as “organizational knowledge” (7.1.6)?

The know-how needed to operate: lessons learned from past projects, failure/solution knowledge base, key-people expertise (a risk if they leave), industry technical standards, supplier manuals. The organization must identify this knowledge and ensure it’s preserved (not just in one person’s head).

📚 Keep exploring the ISO 9001 clauses:

Modules

Our Clients

Hire a Partner

Affiliates

Benefits

Contact

Become a Partner

Refer a company

ISO 9001 QMS Maturity Assessment

Investment Estimator ISO 9001

ISO 9001 ROI Calculator

→ See all tools

Smart KPI Planner

Corrective Actions Winning Method

Simple Document Builder

→ See all guides

Quality Management 360

SGC Consulting 360