Consumers across the globe have come to expect certain standards of quality, whether it’s milk in the refrigerator and the child safety harness in the back seat. Whether a customer spends hours doing research or simply purchases a product sight unseen quality assurance is now a built-in expectation.

An efficient quality management system (QMS) is the cornerstone of customer satisfaction and sustained business success. And part of the backbone of the QMS cornerstone is document control.

Therein lie the importance and necessity of regularly conducting document control audits.

Now, grab a cup of your favorite documented sustainable-and-fair-trade-certified coffee as we dive into the value of auditing documentation control.

What is the Document Control Audit Process?

To understand the significance of a document control audit, a basic understanding of QMS is helpful. Generally, QMS is a strategically defined set of policies, procedures, processes, and responsibilities adopted and documented by an organization to meet and improve standards for quality in their industry.

Note the use of the word “documented” in our definition.

As the globally accepted gatekeeper for QMS, the International Organization for Standardization (ISO) defines appropriate and necessary documentation based on the main objectives of the information contained within the documents. Objectives of documentation may include:

  • To communicate information (a tool for transmission)
  • To offer proof or evidence of conformity
  • For the purpose of sharing knowledge
  • To preserve and distribute information pertinent to an organization’s sustainable processes and experiences

What is the purpose of a document control audit?

The overall purpose of a document control audit is to verify an organization is controlling risk in areas such as customer satisfaction, compliance, process efficiency, and overall quality of products or services. A document control audit is also an imperative precursor for an organization seeking ISO 9001 certification.

Depending on the size, organizational culture, level of communication skills, and the nature of an organization’s industry, the scope of required documentation could be enormous.

Part of an effective QMS is to have a quality system for the control of documents.

What is document control?

Document control is a system of policies and procedures designed to oversee the creation, distribution, modification, accessibility, and reliability of documents. An important aspect of quality control, the document control process assures management, employees, vendors, and customers that the information they receive is current and accurate.

How do you develop controls for documents and records?

For purposes of clarity, we’ll approach this from the perspective of an organization at the beginning stages of seeking ISO certification.

During a document control audit, internal auditors check for an established document control system. Before creating the system, knowing what types of documents and records an organization is required to control and maintain is the first step.

ISO 9001:2015 mandatory QMS documents

  • QMS scope
  • QMS policy
  • QMS objectives
  • All documents determined by the organization to be “necessary to support the operation of processes” (ISO 9001:2015 Clause 4.4)

Necessary process operation documents

What an individual entity defines as “necessary” is based on several factors, according to ISO 9001 standards: “size of the organization and its type of activities, processes, products, and services”; “complexity of processes and their interactions”; “competence of persons.”

Some examples of documentation an organization should maintain based on the above descriptions:

  • Quality manual
  • Organizational charts
  • Process flow charts and descriptions
  • Product specifications
  • Work instructions
  • Production schedule
  • Inspection plans
  • Organization specific forms

A document control audit evaluates the processes and procedures an organization uses in relation to how the development, revision, and retiring of documents are handled. These are referred to as document control procedures.

What are document control procedures?

When ascertaining the presence and effectiveness of document control, an internal auditor will investigate the methods used in the development and management of all documents used by a business.

Specific document control procedures include:

Approval Process

This control describes who is authorized to create and distribute an original document, whose responsibility it is to review documents for accuracy, and how approval is recorded.

Document Revisions

This control not only monitors the current revision status, but also sets guidelines for recording when, by whom, and what type of revisions or updates were made.

Document Review

Defines the controls for annual management review of current documents, who is responsible to review documents, and the procedures required for re-approval.

Document Access

Designates specific control procedures for the availability of documents at appropriate points of use, plus control for verifying the most current documents are distributed or easily retrievable.

Document Disposition

This control addresses the identification and regulation of obsolete documents, including criteria for archiving or destroying, plus the controls regarding the unintended use of obsolete documents, including discipline policies for nonconformity.

External Documents

A master list of all approved external documents is kept, reviewed, and updated regularly.

How Can Audit Findings Be Reduced?

When a document control audit is on the horizon, it’s not uncommon to feel less organized than you need to be. Because a quality system for the control of documents is essential for ISO certification, many businesses have turned to automated systems for document control.

Streamline document storage, organization, and procedures with ZenGRC’s answer to document control.