Document Control – Basic and Extended

You may know the ISO 9001 document control requirements, but what about the industry extensions for AS9100, ISO/TS 16949, and TL 9000, as well as, those for ISO 14001? These additional requirements may suggest good practices beyond the basic ISO 9001 document control.

According to ISO 9001:2000, clause 4.2.3, the document control process must:

  • Approve documents for adequacy prior to issue
  • Review, update as necessary, and re-approve documents
  • Identify changes and the current revision status of documents
  • Ensure relevant versions of applicable documents are available for use
  • Ensure external documents are identified and their distribution controlled
  • Ensure documents remain legible and readily identifiable
  • Prevent the unintended use of obsolete documents
  • Apply suitable identification for obsolete documents that are retained

Documents defined as records (for example, completed forms to be retained as evidence) must also be controlled (per 4.2.4).

AS9100:2001, Revision A, clause, adds that organizations must coordinate document changes with customers and/or regulatory authorities in accordance with the contract or regulatory requirements.

ISO/TS 16949:2002, clause, requires organizations to review, distribute, and implement customer engineering specifications and changes. These activities must be completed on the customer-required schedule. Also, the review must be done within two working weeks. Records must be kept of the change implementation date and documents must be updated as part of the implementation.

TL 9000:2001, Release 3.0, clause 4.2.3.C.1, states to establish and maintain a documented procedure to control all customer-supplied documents if these documents influence the design, verification, validation, inspection and testing, or servicing of the product.

ISO 14001:1996, clause 4.4.5, requires including the dates of the revision (not just the revision status). Documents must be maintained in an orderly manner and retained for a specified period. The document control procedure must cover the creation and maintenance of various types of documents.

Documents vs. Records:
Some organizations are unclear on the difference between a document and a record. Together, they are referred to by ISO 9001:2000 as documentation.

  • Documents are plans and change over time. They have revision levels.
  • Records are evidence of what was done. They have retention periods.

When a document is superseded by a new revision, it is usually saved as a record of the previous process description.
The master copy of a form is a controlled document. Blank copies of the form are uncontrolled copies. The completed forms are controlled as records. Refer to ISO 9001:2000 clause 4.2.3 for document control and clause 4.2.4 for record control.