Friday, 12 November 2010

Getting the most out of the Document Control Procedure

Getting the most out of the Document Control Procedure

The ISO 9001:2008 quality management standard requires the implementation of six mandatory procedures. One of these mandatory procedures is the document control procedure (4.2.3) and the other is the record control procedure (4.2.4). The first step in implementing these procedures requires an understanding of the difference between the words `document’ and `record’, as well as the standard’s intent behind their application.

Defining Documents

ISO 9000:2005 Fundamentals and Vocabulary defines a document as being information, such as specifications or procedures and its supporting medium e.g. paper or electronic. The implication is that documents change and naturally evolve as new data replenishes existing data and it is this evolution and distribution that the document control procedure must effectively manage. Remember; information is an organizational asset.

The document control procedure must state how the following requirements are to be realised:

- How documents are approved for suitability prior to use
- How documents are reviewed and updated
- How to identify the correct versions of documents
- How the correct versions of documents will be accessed
- How legibility is ensured
- How external documents are controlled and distributed
- How to prevent unintended use

Defining Records

A record, on the other hand is static as its primary purpose is to capture historical information which does not undergo change. Records capture the results of activities performed in support of the quality management system; including, among others, the outputs from the product realisation process, measurement analysis and improvement processes. They should be considered as a primary source of evidence that proves whether an activity was undertaken in accordance the necessary requirements.

The record control procedure must define the controls needed to:

- Identify and access records
- How records are stored and for how long
- How records are protected in order remain legible
- How records are retrieved for use
- How records should be disposed of

The Document Control Procedure and the Certification Process

Having understood the difference between records and documents, the next important point to keep in mind is the importance of the document control procedure and its relationship to the ISO 9001 certification process. To understand the relationship and the need for a document control procedure, it is important to remember that the last step in the ISO 9001 certification process is the certification body audit. So, what is audited? Obviously, it is the records and documents themselves that are audited. Hence organizations which have made the effort to preserve records and to manage documents will have already taken some vital steps in their certification journey.


When going for ISO 9001 certification, it is important that the document control procedure ensures that all documents are compliant with Clause 4.2. This function should be an integral part of the quality management system.

Download a free document control procedure example here:

Richard Keen ACQI, 12th November 2010