Cross-industry
ISO 9001 document control procedure
A documented information control procedure for ISO 9001:2015 clause 7.5: naming, versioning, review, retention, disposition. Vendor-neutral starting template.
- ISO 9001
This procedure satisfies the requirements of clause 7.5 of ISO 9001:2015, which governs creation, update, and control of documented information. Adapt the bracketed placeholders to your organisation. The procedure works for paper, network drives, document management systems, wikis, and content-as-code repositories, control is what matters, not the medium.
1. Purpose
To ensure documented information required by the QMS is created, approved, distributed, maintained, and disposed of under controlled conditions.
2. Scope
This procedure applies to all documented information required by:
- ISO 9001:2015 (or the relevant management-system standards in your certification scope).
- Statutory and regulatory requirements applicable to your products and services.
- Internal control needs identified by process owners.
Exclusions: personal notes, transient communication, draft documents not yet under change control. Once a draft is identified for distribution, it falls under this procedure.
3. Definitions
- Documented information. Information required to be controlled and maintained, in any medium.
- Document. A controlled item describing how something is done (e.g., procedure, work instruction, manual).
- Record. Evidence of conformance to requirements (e.g., audit reports, calibration certificates, training records).
- Owner. The role accountable for the technical content.
- Approver. The role authorised to release the document for use.
4. Roles and responsibilities
| Role | Responsibility |
|---|---|
| Process owner | Identifies need for new or revised documented information. |
| Author | Drafts content; performs initial review. |
| Reviewer | Validates technical accuracy. |
| Approver | Authorises release; accountable for compliance. |
| Document controller | Maintains the master register; controls distribution. |
| All staff | Use the current approved version; report obsolete copies. |
5. Document categories and identifiers
Use a consistent identifier scheme. A workable convention:
[CATEGORY]-[OWNER]-[NNNN] r[X.Y]- CATEGORY: POL (policy), PRO (procedure), WI (work instruction), TPL (template), FRM (form), REC (record), MAN (manual), STD (standard).
- OWNER: department code (e.g., QA, ENG, OPS, HR, IT).
- NNNN: sequential, four-digit.
- r: revision, major.minor.
Example: PRO-QA-0007 r2.1 is procedure number 7 owned by Quality, at
revision 2.1.
6. Lifecycle
Draft → Review → Approval → Active → Superseded / Obsolete6.1 Draft
The author creates the document under a working revision (e.g., r0.1). The draft is not in distribution. Working drafts may be shared with named reviewers but are clearly marked DRAFT.
6.2 Review
The reviewer checks technical accuracy, completeness, and clarity. Reviewers leave comments traceable to the document, either inline, in a review log, or in the version control system.
6.3 Approval
The approver records authorisation. Acceptable evidence: signed approval sheet, electronic signature, change-management ticket reference, or version-control merge with named approver.
6.4 Active
The document is in distribution. The latest approved revision is the only one in active use. Earlier revisions are accessible for traceability but clearly marked as superseded.
6.5 Superseded and obsolete
When a new revision supersedes an older one, the older revision is re-classified. Obsolete documents retained for legal or knowledge purposes are marked OBSOLETE, DO NOT USE.
7. Versioning rules
- Major revision (r2.0 → r3.0): the intent of the document changed, or process steps were added, removed, or substantively modified.
- Minor revision (r2.1 → r2.2): editorial change, clarification, reference update, or correction with no procedural change.
- First release is r1.0.
8. Distribution and access control
- Distribution list maintained per document by the document controller.
- Access classification: Confidential, Internal, Public.
- Where copies are made (paper or local drive), they are marked UNCONTROLLED unless the holder is on the distribution list and accepts responsibility for using the current revision.
- For external distribution (customer, regulator, supplier), the document is watermarked with the recipient name and issue date.
9. Retention and disposition
| Document type | Default retention | Disposition |
|---|---|---|
| Quality manual | 10 years from supersession | Archive |
| Procedure | 10 years from supersession | Archive |
| Work instruction | 5 years from supersession | Archive or destroy |
| Customer-related records | Per contract; default 7 years | Archive then destroy |
| Calibration records | Equipment lifetime + 3 years | Destroy |
| Audit records | 5 years from audit | Archive |
| Training records | Employment + 5 years | Archive |
| Management review records | 5 years | Archive |
Adapt to statutory retention requirements in your jurisdiction — GDPR Article 5(1)(e) (data minimisation and storage limitation) governs personal data; corporate-tax and contract-law retention may extend other classes.
10. External documents
External documents (standards, regulations, customer specifications) are listed in a register with title, source, current version, date received, and review responsibility. The register is reviewed at least annually.
11. Records of this procedure
- Master document register.
- Distribution list per document.
- Change log per document.
- Reviewer and approver evidence.
12. Review
This procedure is reviewed at least every 3 years and on changes to ISO 9001 or applicable regulations.