By Kelly Rusbatch
Over-documentation is a common trap fallen into by organizations registered to ISO management system standards. Driven by a fear of noncompliance or a misunderstanding of the standards, businesses often produce reams of paperwork, thinking it will satisfy auditors. Ironically, this approach can make their systems harder to manage, less effective, and more likely to cause confusion.
As a lead auditor, I’ve encountered countless examples of systems weighed down by unnecessary documentation. From overly detailed procedures to redundant policies, the end result is often the same: Employees are overwhelmed, processes are unclear, and the purpose of the management system—supporting continuous improvement—is lost.
So, what are auditors actually looking for when they assess documentation?
Firstly, relevance is key. Documents should directly support business processes. For example, a procedure for supplier approvals doesn’t need to include every conceivable scenario. Instead, it should focus on the core requirements and risks associated with the process. Documents that try to cover everything often end up being ignored because they’re too complex to be useful.
Clarity is another critical factor. Employees need to understand and access documents easily. During an audit, I’d rather see a one-page checklist that staff use every day than a 20-page procedure manual that sits on a shelf gathering dust.
Risk-based thinking is also central to ISO standards, and documentation should reflect this. Organizations should demonstrate that their controls are proportionate to the risks they face. Over-documenting low-risk activities doesn’t add value; it simply creates unnecessary work and diverts attention from more critical areas.
Auditors are also looking for evidence of continuous improvement. This doesn’t mean an endless supply of reports but rather practical examples of how the system evolves. For instance, meeting minutes that capture meaningful actions and outcomes are more valuable than a static, overly formalized template that no one reads.
Despite the best intentions, over-documentation can creep into systems for a variety of reasons. Sometimes, organizations inherit bloated systems from previous managers and feel unsure about what can be removed. Other times, they’re advised—wrongly—that more documentation equals a more robust system. Unfortunately, this “tick-the-box” mentality can overshadow the real purpose of ISO certification.
To avoid over-documentation, organizations should focus on the intent of their systems. Ask the question: “What is this document for?” If it doesn’t serve a clear purpose, it may not be necessary. Involving the people who use the system day-to-day is also vital. Employees are often the best judges of whether a document adds value or creates confusion.
Regular reviews can help, too. Systems should evolve with the business, which means occasionally pruning unnecessary or outdated documents. And with the rise of digital tools, managing and streamlining documentation has never been easier.
Auditors, too, have a role to play in addressing over-documentation. Rather than simply accepting stacks of paper as evidence of compliance, we should ask questions that encourage organizations to simplify. How does this document support your process? Could it be condensed? These conversations can lead to systems that are not only compliant but also practical and sustainable.
Over-documentation isn’t just a waste of resources—it’s a missed opportunity. The true value of an ISO system lies in its ability to enhance operations, empower employees, and drive improvement. By focusing on what really matters, we can create systems that work smarter, not harder, for the organizations they serve.
As auditors, our role is to demystify the standards and guide organizations toward simplicity. By shifting the focus from quantity to quality, we can help businesses achieve not just compliance but excellence. And that’s a goal worth aiming for.
About the author
Kelly Rusbatch is the founder and director of Adaptable Quality as well as an Exemplar Global-certified ISO 9001 lead auditor.