SER Blog  Customer Stories & Use Cases

What is document control?

How to control your documents correctly

Think about how many documents you and your employees work with, every single day. Documents are an essential part of running a business and contain the entire know-how of a company. The foundation of high-quality documents and efficient business processes lies in the way you manage documents. That’s why effective document control is a must.

Dokumentenlenkung nach ISO 9001

Definition: What is meant by document control?

Document control — or, to use the definition in ISO 9001:2015, ‘control over documented information’ — is one of the basic principles of quality management. It refers to the organization of every aspect of a document throughout its entire life cycle, from creation to archiving.

Documents and records: What’s the difference?

Documents contain requirements and instructions. They describe how things are done — like policies, work instructions, operating manuals, concepts and more.

The thing about documents is that they can be modified and so there can be multiple versions of a document that exist. Say for example, you change some steps of a particular workflow, you will also have to modify the corresponding process description, i.e. update the document.

This is not the case with records: Once created, they do not change. Records provide evidence of events, actions and outcomes. In audits, for instance, records document the procedure and outcome in the form of an audit report. In a meeting, the minutes provide a record of the meeting's contents.

In many cases, records take the form of filled-out templates which, in turn, started life as documents. For example, in an audit you might use a pre-prepared questionnaire. In and of itself, the questionnaire is a mutable document.

You can change it and add or remove questions at any time. However, once you fill out the questionnaire template as part of conducting and documenting an audit, it becomes a record. It is no longer mutable, since it provides evidence of a specific outcome — namely that of your audit.

The ISO 9001 standard does not distinguish between the two. It subsumes all documents and records under the term ‘documented information.’ However, it’s worth noting that the international standard for medical devices, ISO 13485, continues to separate the two terms.

The document control process

The document control process covers seven steps:

  1. Creation of the documented information
  2. Review and approval of the documents, records and forms
  3. Inclusion of the documents in a list of documented information, for example in a document management system (DMS)
  4. Revisions and updates to the documents
  5. Release
  6. Archiving
  7. Destruction (you are required to ensure compliance with the applicable retention periods.)

The goals of document control

Create, update, validate, copy, disseminate, archive and delete — document control means you keep your documents properly organized throughout their life cycle. The primary purpose here is to ensure that all of your important company information is always reliably documented and stored.

Key aspects include:

  • Information is quick and easy to find. This requires you to store your information in uniquely identifiable documents, with the current version always clearly identifiable.
  • Information is always available. To work efficiently and productively, your employees must be able to access all the documents they need for their daily tasks.
  • Information is protected against manipulation and deletion. This is important for several reasons, not least to stop just anyone within your company accessing and modifying work instructions. It requires a system of seamless documentation and audit-proof archiving, so you can always see who created or modified which document and when, and lock documents to prevent retrospective changes.

The ISO 9001 standard places an emphasis on customer satisfaction. Customers directly benefit from the rapid availability of information. If a customer approaches with a question about a product, it’s much simpler when the colleague in service can quickly provide the relevant operating instructions with minimal effort.

Why is document control important?

Document control is important because it safeguards consistency and traceability for your documents from creation to validation, distribution to deletion.

You benefit from secure and efficient access to all relevant information, as well as the assurance that you fulfill compliance requirements. With proper document control, you can trust that your documents are up to date and high in quality.

Not only that, but document control is an important tool for storing knowledge and keeping it within your company. All processes and information in your company are documented with zero gaps, meaning you don’t lose valuable know-how if an employee leaves.

Document control requirements in accordance with ISO 9001

The ISO 9001:2015 international standard for quality management systems defines which documents and records must be controlled along with the applicable requirements.

1. Relevant documents

While ISO 9001 does not specify exactly which document types are subject to control, in principle the requirements for document control apply to all documents classed as important. Important documents within the meaning of the standard include process descriptions, standard operating procedures, work instructions, forms, reports and documentary evidence such as records of audits, meetings and management reviews.

2. Appropriate documentation

Information must always be documented appropriately, legibly and with unique identification. This means that you must choose a suitable format (e.g. image or text) and medium (e.g. paper or digital document) whenever you create or update documents. You must also clearly label all documents with details such as the title, date and author.

3. Information availability

You need to ensure the constant availability of all relevant information to your employees to use as and when they need it.

4. Document protection

Documents must be suitably protected. Key points here include:

  • Safeguarding confidentiality
  • Ensuring information integrity
  • Safeguarding appropriate use
  • Preventing accidental changes

5. Review

ISO 9001 requires you to evaluate, assess and approve documented information prior to publication or following an update.

6. Seamless documentation

Document control requires full transparency at all stages of the document’s life cycle. To help you, essential points to consider include:

  • Change log: Documenting all changes ensures you can always see at a glance who changed what and when.
  • Versioning: You can always see which is the most current version of a document.
  • Defined release processes: Defined processes ensure the smooth release and cataloging of your documents.
  • Archiving: Store all of your documents in line with legal requirements in an audit-proof digital archive.

The ISO standards do not specify who is authorized to create or publish documents. Neither do they prescribe a mandatory time frame for validating documents. Nonetheless, a company should define these aspects internally as part of proper document control.

Ideally, you will define the entire workflow, mapping out the life cycle of documents in your company, specifying the storage location and the individuals who are responsible for or authorized to create, review and release which documents.

Document control using a document management system

Document control forms part of the broader scope of document management and can be best implemented using a document management system.

Having a DMS solution can transform the way you manage your documents: 

  • You benefit from a digital, paper-free solution.
  • You can transparently control even large volumes of documents.
  • You save resources such as paper but especially time and money.
  • You can define customized workflows and use the power of AI to automate functions such as your release processes.
  • You ensure complete versioning with changes apparent directly on the document itself.
  • You control your documents seamlessly across different systems courtesy of diverse interfaces.

DMS helps you to digitize your documents and records over their entire life cycle and fulfill the document control requirements in ISO 9001.

Document control FAQs

What do I need for controlling documents?
Properly functioning document control depends on clearly defined procedures as well as suitable software, such as a document management system.
Which documents and records are subject to control?
The documents and records subject to document control in accordance with ISO 9001 include process descriptions, forms, standard operating procedures, reports, work instructions and documentary evidence.
When is a document controlled?
Controlled documents are: stored in a readable format, with guaranteed confidentiality, always available, and protected against loss and arbitrary changes. Versioning ensures you can always trust that you have the most current version. Additionally, the documents are stored in accordance with binding archiving requirements.
What are records within the meaning of ISO 9001?
Records are the outcomes of actions or processes which are recorded in the form of data or information. They are an important part of quality management and must be controlled in the same way as documents.
What is the difference between a record and a document?
A document describes how things are done, while records provide evidence that something happened. Documents contain requirements and instructions; records contain the outcome of actions and processes.

You might also be interested in

The latest digitization trends, laws and guidelines, and helpful tips straight to your inbox: Subscribe to our newsletter.

How can we help you?

+49 (0) 30 498582-0
Please add 8 and 9.

Your message has reached us!

We appreciate your interest and will get back to you shortly.

Contact us