Tier A · fully supported end-to-end
ISO 9001 document control on SharePoint Online
Map your ISO 9001:2015 clause 8.5 obligations to product features — clause by clause.
ISO 9001:2015 doesn't ask for a specific tool. It asks for a set of controls over documented information: creation, identification, review, approval, version management, retention, and protection from unintended alteration. docs365.ai is built to support those controls end-to-end on SharePoint Online — you don't need a separate QMS platform to get defensible ISO 9001 document control.
intranet.ai itself is ISO 9001:2015 certified as a software provider. We know the standard from the inside.
What clause 8.5 actually asks for
ISO 9001:2015 clause 8.5 (Control of Documented Information) lives in two parts. Clause 7.5.3.1 says documented information must be available and suitable for use, where and when it is needed, and adequately protected (from loss of confidentiality, improper use, and loss of integrity). Clause 7.5.3.2 adds that the organization must address: distribution, access, retrieval and use; storage and preservation including preservation of legibility; control of changes (version control); and retention and disposition.
In plain language, an ISO 9001 auditor will want to see that your organization:
- Creates documents in a controlled, consistent way.
- Identifies each document uniquely.
- Reviews and approves documents before they become effective.
- Distributes them to the right people.
- Controls access and protects integrity.
- Manages revisions so the current version is unambiguous.
- Retains or retires superseded versions in a controlled way.
- Prevents unintended alterations.
docs365.ai addresses each of the eight points natively.
Clause-by-clause mapping to product features
1. Controlled creation
ISO 9001 expects: a consistent process for creating documented information, with a defined author and a known starting point.
How this product supports it: every document type is bound to a governed Word template. When an author creates a new document, the template is cloned and version number, protocol code, and configured metadata are written into the document body automatically. Author identity is captured from Microsoft Entra (Azure AD). Creation events are written to the audit log.
2. Unique identification
ISO 9001 expects: each document has a unique identifier that allows unambiguous reference.
How this product supports it: the protocol code is auto-generated at creation, composed from configurable parts (area code, document-type code, SharePoint's unique internal ID). Customizable via a supported syntax at configuration time, so customers can match an existing numbering scheme. The protocol code is written into the document body, not just the library metadata.
3. Review and approval before use
ISO 9001 expects: documents are reviewed and approved by authorized persons before being issued, and re-approved when updated.
How this product supports it: sequential approval workflow with role-based routing. Approvers are named individuals with defined roles. Fixed approvers can be configured at the document-type level (for example, the Quality Manager always signs off on SOPs). The document is automatically checked out during the flow, so the approval applies to a specific, unambiguous version. Every approval — including the approver's role and timestamp — is written to the audit log.
4. Distribution
ISO 9001 expects: the controlled copy of the document reaches the people who need it.
How this product supports it: approved documents are automatically converted to PDF (Word sources) and moved to the public area of the library, where the audience sees only the current approved version. Optional automatic email to a distribution list on publication. Optional read-receipts through the sister read-receipts product for documents where acknowledgment must be recorded.
5. Access and integrity
ISO 9001 expects: access to documented information is controlled; integrity is preserved.
How this product supports it: SharePoint permissions model — per-document and per-library granularity. Each Document Management area is configured with its own permission set. The product runs inside the customer's Microsoft 365 tenant, so access is governed by the same identity and security model the customer already trusts.
6. Control of changes (version control)
ISO 9001 expects: when a document is updated, the version change is clear, the history is preserved, and the current version is the one in use.
How this product supports it: minor versions (0.1, 0.2…) during drafting, major versions (1.0, 2.0…) issued at publication. SharePoint's native versioning preserves every version. Revertible to any prior state. The public area shows only the latest approved version; prior versions are not visible to end-users but remain in the history for audit.
7. Retention and disposition
ISO 9001 expects: a controlled process for retaining superseded documents and retiring documents that are no longer applicable.
How this product supports it: archive (not delete) of superseded documents. Archived documents are removed from the active public view but remain accessible to the compliance team via the archived-documents view. Expiration reminders prompt the document owner to review, re-certify, or retire a document before its expiration date — making periodic review an operational default, not a best-effort activity.
8. Protection from unintended alteration
ISO 9001 expects: changes to controlled documents happen through the governed process, not by accident.
How this product supports it: published PDFs in the public area cannot be edited — they are rendered outputs of the approval process. Word source files in the editing area cannot be edited during an active approval flow (the document is checked out). SharePoint permissions prevent end-users from modifying the editing area. Every edit that does occur — by a permitted editor — is logged.
Logo
Dolomiti Energia
Customer story
"We migrated our ISO 9001 quality documentation from an external DMS to SharePoint Online — and preserved audit-readiness across every department."
— Quality Director — Dolomiti Energia
A Quality Manager's workflow, end to end
Here is what a complete cycle looks like inside the product, from the perspective of a Quality Manager preparing for an ISO 9001 surveillance audit.
Week -6 (before the audit): The Quality Manager opens the Power BI dashboard and reviews expiration risk. Eight SOPs are due for review in the next 60 days. The system has already sent owner-reminder emails for each; the Quality Manager follows up with the three owners who haven't acted.
Week -4: The Quality Manager opens the Document Management library and exports the list of all active SOPs, filtered by department, with protocol codes, current version, effective date, and next review date. This is the document inventory the auditor will work from.
Week -2: A revised SOP for the production line goes through its approval cycle. The Quality Manager is a fixed post-flow approver on all production SOPs, so the flow routes to her automatically as the final step. She reviews, approves, and the document is published to the public area. The new version is 2.0; the previous 1.3 becomes archived.
Week 0 (audit day): The auditor asks to see the full evolution of the SOP in question. The Quality Manager clicks into the document, opens the audit log, and produces a complete timeline — every minor revision since the original 1.0, every approval with approver and role and comment, the archiving event for 1.3, the publication of 2.0. Ten minutes, no archaeology.
This is what "defensible on any given day" means in practice.
What the customer owns and what the product provides
docs365.ai is a tool. The customer's QMS, the organization's certification, the specific processes that make ISO 9001 meaningful to the customer's business — those belong to the customer. The product supports the document-control portion of clause 8.5 end-to-end, which is a meaningful piece of the certification. It does not replace the customer's internal audit program, the customer's quality manager, or the customer's auditor.
We're saying: for document control, the product is built to meet the clause 8.5 requirements without requiring a separate QMS platform.
Reference stories
Dolomiti Energia migrated their ISO 9001 quality documentation from an external DMS to SharePoint Online with docs365.ai — so the documents became searchable from the same place employees look for everything else, without losing ISO 9001 discipline.
Italfarmaco centralized their active procedures across departments into one governed repository with a structured approval flow. Their QA team runs ISO 9001 alongside pharma-specific compliance.
FAQ
Does the product replace my QMS? No. We handle the document-control portion of ISO 9001 — creation, approval, distribution, versioning, retention. Broader QMS activities — training records beyond document acknowledgment, CAPAs, management review — may or may not fit depending on your scope. For document control alone, the product is purpose-built.
Does the product guarantee ISO 9001 certification? No. The product is built to support ISO 9001 document control end-to-end. Certification of your QMS remains between your organization and your accredited certification body.
Is intranet.ai itself ISO 9001 certified? Yes — ISO 9001:2015, since 2011. As a software provider operating to the same standard we ask our customers to meet, we know the process from inside.
Can I migrate from my existing DMS? Yes. Document migration is quoted case by case based on volume and structure of the legacy library.
What about ISO 13485 (medical devices)? ISO 13485 builds on ISO 9001's document control and adds medical-device-specific requirements. The document-control portion of ISO 13485 is supported on the same basis as ISO 9001; your QA team owns the device-specific requirements.
Ready to align your ISO 9001 documentation?
Thirty minutes. No cost. No obligation. We'll walk through your current library and identify where this product would change the evidence shape.