The main international standards requires that you maintain control of documents.
ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018 International Management System standards requires that organizations control the documents required by the management system. Records are a special type of document and must be controlled as required by by these standards.
Why the need to Control Documents?
Without dwelling in the details of the standard requirements regarding document control and in the spirit of keeping it simple, the intent of the standard’s requirement is straight forward. The aim of the standard is once your organization determines the need for a document (i.e. means to convey critical information or template to collect data) then logic dictates that you want to make it available to those who need it and want to make sure the information is always accurate.
“Document Control is having a way to ensure that information remains relevant, up-to-date, accessible and aligned to the strategy”. – Pierre Survan, Factor Quality
The H&S, Env and Quality MS Standards does not handcuff organizations in dictating specific required procedures. Each organization is free to decide what documents need to be created and controlled. The expectation is that when you make the decision you ensure the document aligns with the nature of the business and any requirements that need to be met.
If you are implementing a new or updated a management system into your business, you are required to have relevant documentation that coincides with it. There are several types of documentation that can be used to serve this purpose, including records, reports, policies, and more.
The entire process of organizing updated documentation according to the standard requirements is commonly referred to as having a “control of documented information.” Like its name suggests, the standards requires that you have a “controlled,” or organized set of documents that reflect the details of your management system.
Controlling documented information keeps your business organized; when it comes to ISO certification, this is very important. You will need to be able to show your auditor that you have organized your management system documents with the most updated information and have it available and within reach for management and employees who need to refer to it.
Simply put, without controlling documents, your business will lack organization.
Documents Need to be Controlled
Version Control: Documents must have an identifiable version visible throughout the document. This allows you to determine if the right version of the document is being used. The version can be alphanumeric or by date.
Distribution Control: Documents must be made available and accessible for use. They need to be maintained in a manner so points of use can be readily updated when changes occur, that only authorized changes are made, and documents remain legible over time.
Keeping Document Control Effective
Over the years some of the most infamous controls deployed by overly careful document control administrators have been:
Document Stamps: Stamps showing the document status such as: “Reference Only,” “Uncontrolled,” “Not a Controlled Document,” “Master Copy,” etc.
Footer Controls: “Not valid if printed,” “Check system for latest version,” “Not valid after 24 Hours,” etc.
Watermark Controls: Using watermark to notate “Draft”, “Controlled”, “Uncontrolled”, etc.
All these are methods of control but can be misunderstood by those using them. For example, could you have the correct stamp, footer, or watermark, but have no way to ensure that people do not change the document, even on accident? Can these controls show that the document approvals were adequate? Can a stamp prevent someone from receiving an outdated version of the process?
Document Control’s purpose is to help the business document those items that are critical to its own functionality.
These documents should align with the strategy and help the business meet requirements in a consistent manner.
How much or how little you control these documents is a decision made by each company.
Join our mailing list to receive upcoming posts: http://www.isoqar.co.za/