Iso9000: Document Administration

Any outside audit of a business will at some point bring up the problem of Document Control. Only a few aspects of system conformity create such trouble as this to the auditor and auditee. A lot of the difficulty comes from the tendency to think of documents in the control mechanism as opposed to the information that they are composed of. That eventually leads to a rationale for taking away documents from the control mechanism based on the title as opposed to the content.

The first step in achieving effective control is to define the information that is to be controlled. A list such as this should readily lead to an indication of the source of such material, and the documents that contain the information — whether hard or soft matters not. By clearly showing the necessity of information control, we eliminate the focus on documents and concentrate on content.

To fully understand how to regulate this material, we must first understand the systems that support them, utilizing a master list, unique identification, revision status, and the systems for preparation authorization issue and elimination.

Avoid the temptation to focus on a document’s intended purpose, e.g. Reference document, training aid, advisory. Each of these titles, and other as well, present the opportunity to find their control status through the title as opposed to the content. Provision of the master list of information to be controlled will help avoid this trap. Auditors and auditees alike can avoid the perennial debate on what is to be controlled by reverting to the information list rather than the usual list of procedures and instructions.

While not everywhere so, most of the material we now see as auditors has been created and is retained electronically. This may simplify the control method, but only if Information becomes the primary focus of any such control. An additional process to simplify the usually complex document identification system would also assist the control process. Think of the electronic file reference as the identifier, with the end revision date as the version, and the project is almost complete. The addition of a defined author and technical authority for the material could also be useful, but avoid unnecessary complications. Of course there will always be individuals who feel the need to complicate the file reference, but it doesn’t have to be so. Similarly the same bureaucrats will argue that it is possible to have two approved revision states (to the same document) on the same day. Hopefully they would be hard pressed to show us that feature!

When viewed in the context of information management, the requirement to control documents (ISO9001 4.2.3) is simpler to understand and to implement, and the resultant system easier to explain and to justify.

One can only hope that future editions of the international standards will require the control of information rather than control of documents, which is arguably their intent.