This document control procedure can assist your business comply with AS/NZS ISO 9001, AS/NZS ISO 14001 and AS/NZS ISO 45001, Management Systems clauses:
A document control and records management procedure outlines the process and methods for the administration, development and maintenance of documents. This is a requirement for compliance with AS/NZS ISO 9001, AS/NZS ISO 14001 and AS/NZS ISO 45001 management systems.
The Document Control Process
The objective of a document control and records management procedure is to ensure that all relevant ‘documented information’ and its associated organizational knowledge is reviewed and approved by authorized personnel before issue.
Typical documents that are controlled by a document control and records management procedure can include, but are not limited to:
Document control is the administration process of managing documents systematically. The objective of document control is to ensure that documents are kept up to date, controlled, easily retrievable and released with the relevant approvals. Following a document control procedure ensures that only the most current version of a document is being used and that all users have access to the latest version.
Note: Document control is also particularly critical to the AS/NZS ISO 9001 quality management system standard.
Record management specifies the requirements for the identification, storage, security, recovery and retention time of records. The process can apply to all records that are defined within a company’s document register, or other record management system.
It is important that a company creates, captures and maintains full and accurate records of its activities, including outsourced, contracted or internet-based activities.
An effective record management process will ensure that:
Note: Records should be situated for easy retrieval in case a backup is needed or a request for viewing by a nominated party.
A company’s electronic records should be maintained within a record management system protocol and/or a recording database to prevent unauthorized access, destruction, alteration or removal and to provide easy access. A company’s network drives, storage media and related technologies and practices for maintaining electronic records must be designed, operated, regulated and maintained in such a way that records cannot be altered without the approval process before the document is published.
The records of any reputable company should be legible, identifiable and traceable to the activity, product or service involved.
Key document management system documentation should contain:
Note: No changes, amendments, inclusions or additions to current management system documentation, should be made valid unless authorized by management. Documents should always remain legible when document revisions occur.
Generally, there are two different methods of disposal for documents and records:
1. Restricted access or confidential – i.e. records that contain information about individuals, the information given in confidence, or records related to investigations. At the point of disposal, these sensitive records should be shredded.
2. Open access or normal records – these records can be destroyed using the usual methods of white paper recycling.
An organization’s management is responsible for ensuring that outdated or redundant documents are removed from all points of issue. Obsolete documentation requiring retention for legal, system evaluation or reference purposes should be identified and appropriately stored (archived) and managed.
Records should always be stored in areas that guarantee, as far as is reasonably practicable, protection against any disaster such as fire or flood.
