4.2.3 Document control procedure

This is a mandatory procedure. Your document control procedure must define:

  • How you approve documents (e.g. procedures, flow-charts, process maps, etc.) prior to use e.g. signed-off paper versions, or added to your computer network via a password protected system.
  • How you update and re-approve amended documents computer based systems are so much easier to maintain.
  • how you identify changes e.g. by date or issue number, identify changes with different fonts or colours.
  • How you ensure that documents are available where they are needed
  • How you control documents of external origin
  • How you prevent the inadvertent use obsolete documents obsolete-but-still-in-use is the single most common non-compliance.

Document definition: a "document" is an instruction of some sort e.g. any information where an unauthorised change could cause a problem.

Sample documents: quality manual, procedures, project plans, national or international Standards (e.g. ISO 9001), industry specific codes-of-practice, customer specifications, drawings, software, samples of visual standards.

Learn more about the difference between Documents and Records in document control procedures.

Why do we need document control?

A robust document control process lies at the heart of a quality management system; almost every aspect of auditing and compliance verification is determined through the scrutiny of documented evidence.

Clause 4.2.3 tells us that an organization must control the documentation required by the quality management system and that a suitable document control procedure must be implemented to define the controls needed to; approve, review, update, identify changes, identify revision status and provide access. The document control procedure must clearly define the scope, purpose, method and responsibilities required to implement these parameters.

In order to comply with the document control clause, it is essential that all personnel understand:

  • what type of documents should be controlled
  • how this control should be exercised

To get the most out of your document control procedure it must communicate the steps necessary to ensure that staff and other users of the organisation’s documentation understand what they must do in order to manage that information effectively and efficiently.

Departmental managers should always be responsible for promoting good document and record management practices in their area whilst supporting overall compliance to the document control procedure.

Individuals and their line managers should be responsible for the documents and records that they create, as well as being responsible for their retention and disposal in line with legislative requirements and organisational procedures and practices.

Looking for help with your document control procedure?

Many of our ISO Templates include a Document control procedure already documented for you.
- view sample document control procedure