Control of documents and control of records

Dr. Divya Singhal and Keshav Ram Singhal

First, it is necessary to understand the difference between records and documents. A document provides information in written, printed, or electronic form. A record relates to an activity or transaction that has happened in the past; it is a record of history. A record can consist of one or more documents, which all relate to a single event in time. The difference between a document and a record is that a document can change over time, while a record should not change.

Clause 4.2.3 of ISO 9001:2008 QMS Standard deals with control of documents, and clause 4.2.4 deals with control of records. Now we give below details regarding control of documents and control of records.

Control of documents

All documents required by the quality management system of the organization need to be controlled. Records are also required to be controlled as per requirements mentioned in clause 4.2.4 of the ISO 9001:2008 standard. This is separately addressed in this article under the heading „Control of records‟. For control of documents, a procedure is required to be documented. The documented procedure needs to define the controls needed:

- To approve documents for adequacy prior to issue
- To review and update as necessary and re-approve documents
- To ensure that changes and the current revision status of documents are identified
- To ensure that relevant versions of applicable documents are available at points of use
- To ensure that documents remain legible (clearly readable) and readily identifiable
- To ensure that documents of external origins are determined (which are necessary for the planning and operation of the quality management system)
- To ensure that distribution of determined external origin documents are controlled
- To prevent the unintended use of obsolete documents
- To apply suitable identification to obsolete documents if they retained for any purpose

Approval of document for adequacy prior to issue means that some authority (with responsibility to manage and direct quality management system affairs of the organization) has agreed the document before being made available for use (i.e. approval before the document is distributed, or published or made available to the users).

Reviewing document means another look at the document and this is a task, which should be carried out at the time following the issue of the document by the management representative or by the person, who is linked with the affairs mentioned in the document. Review of documents may be carried out randomly or periodically. Periodic review is proactive action and it is better if the management representative carries out periodic review (at least once in a year) of the issued document. If a document is updated with any change, then the same is required to be approved for adequacy prior to issue.

Changes to documents may be identified by mentioning a change record within the document that denotes the nature of change. Current revision status of document may be identified by issue number, revision number or date of the document.
To ensure that document is available at the point of use, the organization needs to establish who needs which document at what time. The document access should be available to persons who need it for better work performance. To ensure that documents remain legible and readily identifiable, it is required that contents of the documents are readable and documents can be identified easily. Document identification can be done by classification, titles or identification numbers of documents.

In order to control the distribution of external documents, the organization should establish appropriate process or mechanism for identification, classification, distribution and availability of such external documents.

Obsolete documents should not be available at the point of use. Use of obsolete documents may lead to errors, failures or hazards, which become an evidence of nonconformity. Sometime superseded or obsolete documents need to be retained by the organization for a variety of reasons (e.g. legal or reference purpose) and for this the organization must have a method of identifying the status of such documents to prevent their accidental use in place of current documents. In practice, organizations put stamp as „OBSOLETE DOCUMENT‟ in red ink on the face of the obsolete document.

For effective document control, following points should also be taken due care:

- The documents (manual, procedures, and work-instructions) should be written as a value-added proposition, not only as required step in the compliance process of the ISO 9001:2008 standard.
- The documents style, format, vocabulary and language should be easy to understand.
- The process owners should be included in writing relevant procedures or in reviewing the documents. Make sure that the people who use the document are involved in writing and reviewing them.
- The change (revision of documentation) process should be accessible to the people most affected by document inadequacies.
- Developing an effective value-added controlled document requires planning and regular monitoring.
- Write processes as they exist.
- Developing reliable and consistent process execution is critical for effective production planning.
- Make sure that documents are available at the point of use. Providing electronic access to documents at the point of use may be one good solution.
- Manage document changes efficiently.
- Documents should be reviewed regularly for accuracy. Failing to review documents for accuracy is one of the bigger mistakes organization does.
- Keep documents content current and accurate.


Control of records

Records established must be controlled. The purpose to maintain records is to provide evidence of conformity to requirements and of the effective operation of the quality management system. Records must remain:
- Legible
- Readily identifiable
- Retrievable

For control of records, a procedure is required to be documented. The documented procedure needs to define the controls needed for the:
- Identification of records
- Storage of records
- Protection of records
- Retrievable of records
- Retention of records
- Disposition of records

Why managing and controlling records necessary? Records exist in every organization. Records provide with information to help people to manage processes of the organization effectively. Records are the evidence of the past performance. Records provide with information of results achieved or evidence of activities performed.

Appropriate ways to control records include indexing, filing, proper keeping so that the risk of deterioration, damage or loss of record is minimized. It is better to decide who will have access to which records and how readily available and identifiable. Proper indexing, filing and safe keeping facilitate retrieval of records. It is better that records are not destroyed or disposed of before the end of their usefulness. While deciding the retention time of a particular record, also look into the legal requirements in this regard, so as to avoid forthcoming problems. Control on disposition of records should ensure that records are not destroyed prior authorization and organization should specify the method of disposal.

Records serve three purposes: (i) Records provide evidence of conformity with the requirements of the ISO 9001:2008 standard, (ii) Records demonstrate that the organization has an effective quality management system, and (iii) Records document continual improvement.

DS & KRS