Document Control

by Ronel Baluntang

Posted on 2020-10-23


Document Control is a vital process in every enterprise organization. 

In an organization, paper and electronic documents are the main mediums for data processing in its day to day operations. All to do with transferring information between relevant parties.  Managing these enterprise-related documents during creation, review, modification, distribution, storage and accessibility, has to be established in a consistent, standardized and a controlled manner.

When enforcing these process and practices, an organization usually fails in optimizing its workload as these tasks become time-consuming to regulate and yet holds a very important role to its success.  In an organization, one must ensure information transmitted are accurate from end-to-end.

And so, dedicated Document Control Personnel which holds the role to manage these documents are often hired to supplement this vital process.  Normally, each department has its own staffs of Document Control Personnel to manage each department’s documents.



ISO 9001

Controlling documents and records, is a key requirement of ISO 9001:2008.  One of the required procedures is the Document Control Procedures. 

In the requirements, there are 7 controls that should be defined within a procedure in an organization.

Controls under ISO 9001:2008 section 4.2.3


Questions to be Answered

Possible Solutions and Further Information

To approve documents for adequacy prior to issue

Who is responsible for approving documents?

Does this vary depending on the type of document?

How can you tell whether the document has been approved?

Once a document has been drafted, it will often go through a process of review and approval where it is read, commented on and amendments made where necessary prior to its release.

Depending on the type and importance of the document, it could just require approval by one person (e.g. a Project Manager), or by multiple people (e.g. a H&S Manager, Quality Manager and Environmental Manager).

Often, companies will have space on the front page of a document for certain authorized people to sign off the document as approved. This can either be done as hard copy or using digital signatures.

To review and update as necessary and re-approve documents

How often are documents reviewed?

Who is responsible for reviewing the documents?

Is the re-approval process the same as for initial approvals?

How are the documents protected from unauthorized editing?

Whilst not a requirement, most organizations should review documents once annually or during periods of significant organizational change.

Reviewing a document does not mean it has to be revised—if it is still fit for purpose and no changes need to be made, it can stay at its current revision.

To protect from unauthorized editing, Word documents can be password protected or locked to only allow certain changes (e.g. comments or tracked changes). It is also common for organizations to only share PDF or printed versions of documents with anyone except the document controller and authorized reviewer/approver.

To ensure that changes and the current revision status of documents are identified

How will the revision be shown on the document?

How will the reader know what has changed between revisions?

The revision number of a document is usually shown on the title page, but an extra tip would be to include it in the header or footer of every page. This ensures that if the document is printed, it cannot be mixed up with parts of a superseded document.

A table showing the revision history of a document is very useful. Against each revision number and date, the reviewer can draw attention to anything that has been added, amended or removed since the previous revision.

If a document has very specific alterations made to it when revised, the reviewer may wish to highlight these throughout the document. This could be by putting the new or amended text in italics, underlining it, highlighting it with a color, or putting a symbol in the margin next to the alteration.

To ensure that relevant versions of applicable documents are available at points of use

Where are the master documents stored and are distributed copies monitored?

How are users notified of document changes?

Who is responsible for checking that users have the correct revision (end user / document controller / manager etc.)?

Are there hard cop

The document controller is usually the one person who holds the master copies of every document. Nowadays this is mostly done electronically, and as such it is imperative that a back-up regime is in place to avoid losing any documentation.

If an onsite back up (e.g. onto a hard drive) or hard copies of master documents are kept, it’s advised that these are held in a fireproof cabinet so they are kept safe.

Notification of document changes is dependent on the way the organization manages its distribution of documents. Some document controllers might keep a register showing who has been given controlled copies of certain documents, whilst some might use an online system with email distribution to a specific mailing list etc. Whichever way the documents are distributed, the document controller should follow the same procedure and ensure that any person who was given access to the original document is informed when changes have been made. See section G regarding superseded and obsolete documents.

To ensure that documents remain legible and readily identifiable

Is there a reference code or numbering system that will be applied to identify documents?

What format will documents be kept in?

A document reference system can be really useful for identifying documents easily. A document number can be as simple or as detailed as the organization requires, but a code that includes reference codes to projects, clients, departments or work sites can be really useful.

E.g. a document numbered MAN-DES-PRO-001 could mean it belongs to the Manchester Office, Design Department, Procedure no. 001, or J12-LET-034 could mean it’s the 34th letter written to customer J12.

It is up to the organization to decide what format the documents should take. See section B regarding electronic copies and unauthorized editing.

To ensure that documents of external origin determined by the organization to be necessary for the planning and operation of the quality management system are identified and their distribution controlled

How do the answers from a-f apply for external documents?

Is there a process for checking external documents (e.g. ensuring they comply to legislation, are acceptable within company H&S guidelines etc.)?

Some organizations use specialist subcontractors who will produce their own procedures to follow. To ensure the distribution of these external procedures is controlled, the organization should control the documents in the same way as the documents they produce are controlled.


An example of an organization reviewing external documents could be a client/designer providing the organization with technical drawings, but before they are used an engineer must check them to ensure suitability and highlight any potential issues.

To prevent the unintended use of obsolete documents, and to apply suitable identification to them if they are retained for any purpose

How do you make sure that only the correct documents of the current revision are being used?

How do you deal with superseded documents?

Are obsolete documents destroyed/archived?

Is it known who has which document or is it down to the end user to check the revision?

This goes back to section D and notification of document changes.

What happens to superseded or obsolete documents depends on how they are used within the organization. Some document controllers will collect hard copy documents from those who they have been issued to, to ensure that they are all out of circulation and can be destroyed. Some will just remove the documents from a shared folder. Others will put the emphasis on the user to destroy the document or delete it from their own computer.

It is wise for the document controller to keep a folder (either electronic or hard copy) of superseded documents for future reference, but they should be clearly marked as superseded either by using a stamp or watermark.



There are alternative ways to get an effective Document Management and Control. Document Management Systems are already available in the market to aid you with a better document management and control. 

NXPERT ONE DMS Solution is one of the recommended solutions for you to use in managing ISO Documents and Records.

NXPERT ONE DMS Solution provides you with the following featured characteristics:

ISO Based Processing – enables you with the required ISO Controls for Documents and Records.

Configurable- Provides you with flexibility to set-up directories, workflows and dynamic metadata tagging for each document.

User Friendly – With an advanced indexing and searching mechanism which allows users to search even the contents of documents.

Integration Capable – For existing document scanners and OCR platforms, NXPERT allows you to integrate these operations from converting a physical document to an electronic document for paperless processing.

Training Management – Enables you to control Working Standard documents that are due for training prior publishing.