UK & Ireland Featured Project: NGN - Design Management

QEM Solutions are assisting NGN with Design Co-ordination activities, to ensure successful project initiation and design management of all current NGN projects.

Tell Me More...
Overseas Featured Project: Capita Symonds - Valve Inspections

QEM Solutions were contracted to carry 3rd party inspection and witnessing activities on a series of valves fabricated in Germany for a series of SGN contracts throughout Scotland.

Tell Me More...
We are QEM Solutions We are QEM Solutions

We are problem solvers. We are organisers. From the project start-up to the very final evaluations and analysis, we can bring enthusiasm to each and every part of your project.

 

News

Back to News
08 Aug 2014

A Simple Guide to Document Control

What is document control and why do we need it?

A lot of people find document control to be exceptionally tedious. We understand! However, the simple fact is that following basic document control principals can help make almost any business more efficient.

So what is it?

Document control is all to do with transferring information between relevant parties. This could be a law firm sending a report to a client, a construction firm receiving technical drawings from a designer, or a bakery giving an employee a recipe to follow.

We need to ensure that the information that reaches the end user is correct, therefore the document must be controlled to ensure that this is the case. Sometimes the information contained in a document needs to be altered; maybe the bakery has altered the recipe to add an extra ingredient, for example. Placing controls on a document means that we ensure that the document always contains the correct information. Table A describes the various controls that can be placed on a document with examples of how they can be used.

Document Control and ISO 9001

Any organisation wanting to achieve compliance to the ISO 9001:2008 standard are required to produce certain documents, including a quality manual, a quality policy, and six specified documented procedures[1]. Of course, most organisations will choose to document much more information than that required by the standard.

Controlling documents is a key requirement of ISO 9001:2008 (Control of Documents’ (4.2.3)), and one of the required six documented procedures is the Document Control Procedure (4.2.3). The standard specifies that 7 controls should be defined within the procedure; these are further explained in Table A.

Table A - Document controls and how they can be applied

Note: Controls used are specified under ISO 9001:2008 section 4.2.3


Control

Questions to be Answered

Possible Solutions and Further Information

A. To approve documents for adequacy prior to issue

Who is responsible for approving documents?

Does this vary depending on the type of document?

How can you tell whether the document has been approved?

  • Once a document has been drafted, it will often go through a process of review and approval where it is read, commented on and amendments made where necessary prior to it’s release.
  • Depending on the type and importance of the document, it could just require approval by one person (e.g. a Project Manager), or by multiple people (e.g. a H&S Manager, Quality Manager and Environmental Manager).
  • Often, companies will have space on the front page of a document for certain authorised people to sign off the document as approved. This can either be done as hard copy or using digital signatures.

B. To review and update as necessary and re-approve documents

How often are documents reviewed?

Who is responsible for reviewing the documents?

Is the re-approval process the same as for initial approvals?

How are the documents protected from unauthorised editing?

  • Whilst not a requirement, most organisations should review documents once annually or during periods of significant organisational change.
  • Reviewing a document does not mean it has to be revised—if it is still fit for purpose and no changes need to be made, it can stay at it’s current revision.
  • To protect from unauthorised editing, Word documents can be password protected or locked to only allow certain changes (e.g. comments or tracked changes). It is also common for organisations to only share PDF or printed versions of documents with anyone except the document controller and authorised reviewer/approver.

C. To ensure that changes and the current revision status of documents are identified

How will the revision be shown on the document?

How will the reader know what has changed between revisions?

  • The revision number of a document is usually shown on the title page, but an extra tip would be to include it in the header or footer of every page. This ensures that if the document is printed, it cannot be mixed up with parts of a superseded document.
  • A table showing the revision history of a document is very useful. Against each revision number and date, the reviewer can draw attention to anything that has been added, amended or removed since the previous revision.
  • If a document has very specific alterations made to it when revised, the reviewer may wish to highlight these throughout the document. This could be by putting the new or amended text in italics, underlining it, highlighting it with a colour, or putting a symbol in the margin next to the alteration.

D. To ensure that relevant versions of applicable documents are available at points of use

Where are the master documents stored and are distributed copies monitored?

How are users notified of document changes?

Who is responsible for checking that users have the correct revision (end user / document controller / manager etc.)?

Are there hard copies that need to be updated?

  • The document controller is usually the one person who holds the master copies of every document. Nowadays this is mostly done electronically, and as such it is imperative that a back up regime is in place to avoid losing any documentation.
  • If an onsite back up (e.g. onto a hard drive) or hard copies of master documents are kept, it’s advised that these are held in a fireproof cabinet so they are kept safe.
  • Notification of document changes is dependent on the way the organisation manages it’s distribution of documents. Some document controllers might keep a register showing who has been given controlled copies of certain documents, whilst some might use an online system with email distribution to a specific mailing list etc. Whichever way the documents are distributed, the document controller should follow the same procedure and ensure that any person who was given access to the original document is informed when changes have been made. See section G regarding superseded and obsolete documents.

E. To ensure that documents remain legible and readily identifiable

Is there a reference code or numbering system that will be applied to identify documents?

What format will documents be kept in?

  • A document reference system can be really useful for identifying documents easily. A document number can be as simple or as detailed as the organisation requires, but a code that includes reference codes to projects, clients, departments or work sites can be really useful.
  • E.g. a document numbered MAN-DES-PRO-001 could mean it belongs to the Manchester Office, Design Department, Procedure no. 001, or J12-LET-034 could mean it’s the 34th letter written to customer J12.
  • It is up to the organisation to decide what format the documents should take. See section B regarding electronic copies and unauthorised editing.

F. To ensure that documents of external origin determined by the organisation to be necessary for the planning and operation of the quality management system are identified and their distribution controlled

How do the answers from A-F apply for external documents?

Is there a process for checking external documents (e.g. ensuring they comply to legislation, are acceptable within company H&S guidelines etc.)?

  • Some organisations use specialist subcontractors who will produce their own procedures to follow. To ensure the distribution of these external procedures is controlled, the organisation should control the documents in the same way as the documents they produce are controlled.
  • An example of an organisation reviewing external documents could be a client/designer providing the organisation with technical drawings, but before they are used an engineer must check them to ensure suitability and highlight any potential issues.

G. To prevent the unintended use of obsolete documents, and to apply suitable identification to them if they are retained for any purpose

How do you make sure that only the correct documents of the current revision are being used?

How do you deal with superseded documents?

Are obsolete documents destroyed/archived?

Is it known who has which document or is it down to the end user to check the revision?

  • This goes back to section D and notification of document changes.
  • What happens to superseded or obsolete documents depends on how they are used within the organisation. Some document controllers will collect hard copy documents from those who they have been issued to, to ensure that they are all out of circulation and can be destroyed. Some will just remove the documents from a shared folder. Others will put the emphasis on the user to destroy the document or delete it from their own computer.
  • It is wise for the document controller to keep a folder (either electronic or hard copy) of superseded documents for future reference, but they should be clearly marked as superseded either by using a stamp or watermark.


What is the difference between documents and records?

ISO 9001:2008 also references Record Control and includes the requirement of a Records Control Procedure (4.2.4)[1]. But what is the difference?

The ISO 9001 Guidance Document[2] defines a document as “information and its supporting medium”, whilst a record is a “document stating results achieved or providing evidence of activities performed”. Table B shows examples of each.

Table B: Examples of Documents & Records

Documents Records
Instruction manual Training certificates
Management procedures Inspection / audit results
Technical drawings Feedback questionnaires
Policy statement Meeting minutes
Presentation Calibration report
Recipe Order receipt


These definitions clearly highlight that whilst a record is always a document (albeit a special type), a document is not always a record.

For this reason, the designated Document Controller (or Document Control Team) will also control the records in most organisations. Whilst records may not need, The standard states that the Records Control Procedure should “define the controls needed for the identification, storage, protection, retrieval, retention and disposition of records” (4.2.4)[1]. Many of the suggestions made in Table A about how to control documents will also be useful in controlling records, particularly sections B, D, E & G.

References

(1) ISO 9001:2008 Quality Management Systems - Requirements (Please refer to http://www.iso.org to obtain a copy)

(2) ISO 9000 Introduction and Support Package: Guidance on the Documentation Requirements of ISO 9001:2008 (http://www.iso.org/iso/02_guidance_on_the_documentation_requirements_of_iso_9001_2008..pdf)

From the editor: We have tried to make sure the above article is as accurate and up-to-date as possible. If you think we have something wrong, or you feel we need to update it, please get in touch here.