Any external audit of an organisation will eventually address the issue of Document Control. Few aspects of system conformity cause such difficulty as this to both auditor and auditee. Much of the problem arises from the tendency to consider documents in the control mechanism rather than the information they contain. This inevitably leads to a justification for removing documents from the control system based on the title rather than the content.



The first step in achieving effective control is to define the information that is to be controlled. A list such as this should readily lead to an indication of the source of such material, and the documents that contain the information - whether hard or soft matters not. By clearly showing the necessity of information control, we eliminate the focus on documents and concentrate on content.

To fully understand how to regulate this material, we must first understand the systems that support them, utilizing a master list, unique identification, revision status, and the systems for preparation authorization issue and elimination.

Avoid the temptation to focus on a document's intended purpose, e.g. Reference document, training aid, advisory. Each of these titles, and other as well, present the opportunity to find their control status through the title as opposed to the content. Provision of the master list of information to be controlled will help avoid this trap. Auditors and auditees alike can avoid the perennial debate on what is to be controlled by reverting to the information list rather than the usual list of procedures and instructions.

While not everywhere so, most of the material we now see as auditors has been created and is retained electronically. This could simplify the control process, but only if Information becomes the focus of such control. An additional process to simplify the usually complex document identification system would also assist the control process. Think of the electronic file reference as the identifier, with the end revision date as the version, and the project is almost complete. The addition of a defined author and technical authority for the material could also be useful, but avoid unnecessary complications. Of course there will always be individuals who feel the need to complicate the file reference, but it doesn't have to be so. Similarly the same bureaucrats will argue that it is possible to have two approved revision states (to the same document) on the same day. Hopefully they would be hard pressed to show us that feature!

When viewed in the context of information management, the requirement to control documents (ISO9001 4.2.3) is simpler to understand and to implement, and the resultant system easier to explain and to justify.

One can only hope that future editions of the international standards will require the control of information rather than control of documents, which is arguably their intent.