Document Control: More Than Adding a Number and Revision Level to Documents

by Steven Severt

When you think of your quality management system (QMS), do you instantly think of document control, as if the two terms are synonymous?

Do you have designated staff within your organization who are responsible for document control and who are handling all QMS documentation but otherwise seem completely divorced from the rest of the organization and its business practices?

I’ve noticed that many people believe that a QMS is simply a way to document everything in a controlled manner without truly understanding the remainder of the QMS requirements or the intent of their system’s document control requirements.

While I have written extensively on the former—about how a QMS is a bit more than doing what you say and saying what you do—this article focuses on the latter. Ironically, even those who understand a QMS simply in terms of document control often fail to truly understand the intent or implement the document control requirements of the standard upon which their management system is built. For example, a QMS is typically based on ISO 9001.

ISO 9001:2015 clause 7.5, Documented information, succinctly lays out the requirements for documented information within its framework. This small section of the standard (focusing only on requirements for internal organizational documentation) requires:

• The QMS to include documented information required by ISO 9001, naturally.
• Documented information that the organization has determined to be necessary for the effectiveness of the QMS.
• The QMS documentation to have appropriate identification, description, formatting, and media.
• Controlled documentation to be reviewed and approved for suitability and adequacy.
• QMS documentation to be controlled so that it is available for use when it is needed.
• The documentation to be protected so that confidentiality is maintained, it cannot be improperly used, that the integrity is not diminished, etc.
• The organization to have methods to distribute, access, retrieve, and use the documentation.
• Storage methods to be determined so that the documentation is appropriately preserved.
• Control of changes of QMS documentation be addressed as well as methods for proper retention and disposition.

QMS documentation is vital to the operation of your business, or, to put it another way, things vital to the operation of your business ought to be appropriately documented and included in your QMS.

This might take the form of policies and procedures, process flow diagrams, process routings, control plans, work instructions, etc. When creating these documents, it’s important to understand what type of document is being created, what format should be used, and how the document should be identified. It’s also important that any document which is vital to your business operation be controlled and that it be reviewed and approved by appropriate parties to ensure that it is accurate and useful.

There is no point in releasing a work instruction that doesn’t adequately reflect the process that is being performed or that is too confusing for a worker to understand. Having the appropriate parties review the document and approve it helps to ensure that the document is accurate and adequate. This also helps control your business processes.

It’s up to you to determine the appropriate review methods, reviewers, approvers, etc., but you need to make sure that you retain the evidence that the document has been appropriately reviewed and approved. This is essential not only for audit purposes but also to ensure that the document is authoritative and useful.

Once a document has been created that you intend to control in your QMS, it’s important to understand how it will be controlled, how it will be retrieved, where it will be made available, and how it will be used. Because ISO 9001 isn’t a particularly prescriptive standard, it’s your responsibility to determine the appropriate methods for each. Just as it does no good to create a document that isn’t useful because it doesn’t adequately reflect a business process, it does your organization no good to create documents that get tossed into a repository or electronic database only to never be seen again.

This is a part of the document control system that organizations often struggle with the most. Not only do organizations often not know when it makes sense to create a controlled document, but they also don’t understand what to do with a document once it is created.

Do I post it on the floor? Should it be retained in the office? Do I keep them organized in a network folder? 

This is just as much a problem for those who use electronic systems as it is for those who use paper-based document control systems in which books upon books of documentation clutter shelves and collect dust but are rarely used or referenced. The ease of creating electronic documents tempts people to do so ad nauseum and then just leave them cluttering the retention location on your organization’s network. I dare you to take a digital scroll through your SharePoint to see if you find a situation like this.

If you don’t understand and actively use the documents you’ve already controlled in your QMS, you will likely create redundant and contradictory documentation. For example, suppose a quality problem arises that causes you to realize—or at least assume—that you did not have adequate documentation and training to help control a process. You hastily create the necessary documentation and update the training matrix for the process to try to ensure that the problem is rectified. Unfortunately, you don’t realize that documentation for this process already exists somewhere in the annals of your QMS and simply wasn’t being used. You now have redundant and potentially contradictory documentation for your process controlled in your QMS. This can create confusion for those responsible for the process and will inevitably deteriorate the integrity and effectiveness of the QMS documentation as well as diminish any related training. It’s critical, then, that you understand all the documentation that you are controlling in your QMS.

And not only do you need to understand what documentation exists, but you must also have established methods for distribution, access, retrieval, and use of your QMS documentation.

When creating controlled documents, are you checking an ISO 9001 requirement off a checklist or trying to provide evidence that you’ve effectively closed an action item for a corrective action? Or are you really using your documentation to support the proper execution of your business processes and considering how it would be best utilized to that end? In other words, do you create documented information to meet requirements, or do you find ways to ensure that the documentation adds value to your organization? Are you appeasing customers and passing audits, or are you building systems that solve problems and enable you to consistently control your business processes?

Going back to the examples of work instructions, once you’ve created them, ask yourself some of the following:

• How do you determine where they are to be located?
• How do you train personnel on their use?
• If you’ve implemented them to solve a recent problem and trained your existing personnel about the new procedures or instructions, how do you ensure that any new members also receive this training?
• How do you include the new procedures or instructions in the standardized training for this position?
• How do you determine whether the instructions are adequate and effective?
• Are the instructions accessible for the process owners for reference?
• If the documentation is accessible as physical copies, do you understand where each physical copy is located?
• Do you ensure that each controlled copy is legible and in good condition?
• Regardless of the format—digital or physical—how do you ensure that they always have the latest revision of the instruction and that they do not have access to any old revision that might include incorrect or out-of-date information?
• Do you ensure that each obsolete document is removed, properly obsoleted, or destroyed so that only the current revision is available where needed?

These are just some of the questions you should be asking yourself as you are creating documentation that you intend to control in your QMS. Document control is not something that you do to pass an audit, and it is certainly much more than adding a document number and revision level. It is a subsystem of a QMS that is intended to add value to your organization by helping you standardize and control business processes. As a system, it needs to be planned, built, integrated, and used strategically as a necessary component of your QMS and an element in your process control or it will not add the intended value.

About the author

Steven Severt, who writes for isoTracker QMS, is a quality management professional with nearly two decades of experience in the automotive and medical device industries. He has extensive experience launching and supporting manufacturing processes to supply automotive OEMs as well as developing, supporting, and auditing quality management systems that adhere to the requirements of ISO 9001, IATF 16949, ISO 13485, and 21 CFR 820.