No products in the cart.
The ISO 9001 quality standard has a number of documentation requirements and specifically calls out 4.2.3 Control of Documents and 4.2.4 Control of Records. The dictionary may have similar definitions for the terms document and record, but within ISO 9001:2008 and quality, they have their own meaning. To understand the difference, first let’s clarify the difference between documents and records.
Difference Between a Document and a Record
Documents and records may sound alike but there is a big difference between the two. Documents are created by planning what needs to be done and records are created when something is done. Documents can change and records don’t (must not) change.
Document Definition
Document: Information used to support an effective and efficient organizational operation.
A document consists of any information you use to run your company. Documents originate in the planning phase of the Plan, Do, Check, Act, cycle of the process approach.
Since documents are planning material, they are subject to change (under the Act phase) as we obtain more information (Do phase) and compare those informational or data records (Check phase) to our original plan. Common examples of (QMS) quality management system documents include:
- Quality Policy (Required)
- Quality Objectives (Required)
- Quality Manual (Required)
- Organization Chart
- Process Maps
- Business plans
- Control Plans (i.e. Advanced product quality planning or APQP)
- Internal Audit Schedule
- Procedures and Work Instructions (Six Required)
- Approved Supplier List
- Purchasing Criteria
- Customer Requirements
Required ISO 9001:2008 Procedure Documents
The ISO Standard requires a few documents: Quality policy, Quality objectives, Quality Manual, and a minimum of six procedures. The required ISO procedures are:
Clause 4 Documents (2 procedures)
1) 4.2.3 Document Control
2) 4.2.4 Record Control
Clause 8 CAPA (4 procedures)
3) 8.2.2 Internal Audit
4) 8.3 Nonconforming Product Control
5) 8.5.2 Corrective Action
6) 8.5.3 Preventive Action
Record Definition
Record: Evidence about a past event.
A record is generated in the “do” phase of PDCA. Records consist of any data you collect during the operation of your business QMS. Records are facts and should not change. If new facts arise that contradict the old facts (an error), then you should strike through the old fact and record the new fact.
There are 21 required records within ISO 9001:2008
The ISO Standard requires 21 records with most (14) coming from clause 7 product realization. What are these 21 records?
Clause 5 Management Responsibility (1 record)
1) 5.6.1 Records from management reviews (minutes, results, actions).
Clause 6 Resource Management (1 record)
2) 6.2.2 (e) Education, training, skills and experience records/files.
Clause 7 Product Realization (14 records)
3) 7.1 (d) Evidence that the realization processes and resulting product fulfill requirements.
4) 7.2.2 Results of the review of requirements relating to the product and actions arising from the review.
5) 7.3.2 Design and development inputs.
6) 7.3.4 Results of design and development reviews and any necessary actions.
7) 7.3.5 Results of design and development verification and any necessary actions.
8) 7.3.6 Results of design and development validation and any necessary actions.
9) 7.3.7 Results of the review of design and development changes and any necessary actions.
10) 7.4.1 Results of supplier evaluations and actions arising from evaluations.
11) 7.5.2 (d) As required by the company to demonstrate the validation of processes where the resulting output cannot be verified by subsequent monitoring or measurement.
12) 7.5.3 The unique identification of the product, where traceability is a requirement.
13) 7.5.4 Customer property that is lost, damaged or otherwise found to be unsuitable for use.
14) 7.6 (a) Standards used for calibration or verification of measuring equipment where no international or national measurement standards exist.
15) 7.6 Validity of previous results when measuring equipment is found not to conform with its requirements.
16) 7.6 Results of calibration and verification of measuring equipment.
Clause 8 CAPA (5 records)
17) 8.2.2 Internal audit results.
18) 8.2.4 Evidence of product conformity with the acceptance criteria and indication of the authority responsible for the release of the product.
19) 8.3 Nature of the product nonconformities and any subsequent actions taken, including concessions obtained.
20) 8.5.2 Results of corrective actions.
21) 8.5.3 Results of preventive actions.
Difference Between Document Control and Record Control
Now, with a better understanding of what documents and records are, we can look closer at what is required for control of documents (4.2.3) and records (4.2.4). Both ISO clauses require that documents and records are controlled, but what does that mean?
ISO 4.2.3 Document Control
Documents are created as a part of your organizations planning. Therefore, ISO requires that these planning documents are approved prior to use to ensure they are adequate (appropriate). Documents need to be reviewed and updated to ensure the content is accurate. If changes are made to plans then it is imperative that the changes are identified and communicated to anyone that uses those planning documents.
Users need legible, up-to-date, and readily available documents to do their job. The bottom line, documents need to be reviewed, approved, legible, up-to-date, communicated, and readily available. That is what ISO wants from the control of your documents.
ISO 4.2.4 Record Control
Records are not the plan. Records are created by plans. Records are data, but data is not information. Data must be converted into information through the use of charting or trend analysis. So the requirements for records are different. Records need to be identifiable (labeled), stored, protected (uncorrupted), retrievable (you need to use the data), retained (backed-up), but disposed of when obsolete.
Documents are created by planning what needs to be done and records are created when something is done. Documents can change and records don’t change. Documents need to be reviewed, approved, legible, up-to-date, communicated, and readily available. Records need to be identifiable, stored, protected, retrievable, retained, but disposed of when obsolete. That is what ISO means by control of documents and control of records.
Download a free sample policy and procedure example from the ISO 9001 Manual now.
More Articles from Bizmanualz...
Policy Management | Standard Operating Procedure Software Bundle 
9-Manual CEO Company Policies Procedures Bundle | Save 45% 
5-Manual CFO Internal Control Procedures Bundle| Save 35% 
Business Policies and Procedures Manual Sampler | ABR490M 
IT Policies and Procedures Manual Templates | ABR34M 
Accounting Policies and Procedures Manual 
HR Policies and Procedures Template | ABR41M 
Sales Marketing Policies and Procedures Manual | ABR44M 
Finance Policies Procedures Manual | ABR42M
Is the record needs to be approved as per document
Records are not really approved, they are created by the originator as a record of fact. If you record the temperature outside, on a form, then that is the temperature you saw on the gauge at the time you read it. Some events are recorded and then validated that they are effective, like a corrective action record. But that is not approval. Someone is validating the the event is complete and the corrective action is effective. The record itself is not approved.
Yes, Indeed !!
Record review and approval is an authentication and verification process, which is not the same as review and approval of controlled documents.
Record we can only review not approve.
Basically, records are reviewed and the data is used as evidence of an event. Documents are like directives and consists of things like the quality manual, plans, procedures, or forms and these need to be approved prior to use so that the people using these documents know they are using the right versions.
I would say that sometimes records may be approved as well because that may be the requirement of internal procedures.
Let’s have an example: a purchase order is a record (which documents the fact that someone in the company wants to purchase some goods) but it is not vaild until approved by CEO or purchasing department manager.
I would call a purchase order a document because it can be changed. Records do not or should not change. A purchase order is a request. Documents are approved, records record data of what has happened in the past. Since the purchase order has not been filled, it has not happened and does not record any data of an event. At any time you can cancel or revise a purchase order and it requires approval. Therefor, it is a document.
hello all, i am working in an government educational institution. How about Memoranda, Circulars from other government agencies/offices, are they considered document (at our end), since they were approved prior to issuance? How about letters various types of documents from other offices (letters, notices, travel orders, certifications…) within the university, can they become a record in my office?
To keep it simple, documents are approved. Records are signed or authenticated. In a government, everything is a record of what was done while in office. The new ISO 9001:2015 standard eliminates the distinction and introduces the term “documented information” which now includes documents, forms, procedures, records, work instructions, or anything used by the organization to demonstrate effectiveness. Maybe this will simplify it for everyone…
How we can fine differentiate to both of them.
Some records are approved. A record of compliance should be approved before sending to Government. Technical reports are records and should be approved before release. An approval in this case is signing off that the data is accurate and/or can be released.
An issued or approved purchase order is clearly a company record. Financial auditors would certainly see it as such.
Is record can help to create a document??
Usually documents (i.e. forms) are used to create records.
A Document is a draft that varies ideally. A Record is a done/completed action unchangeable. What you mean above can happen as referring to the completed acts to set new plan. By that time you will be drafting. At its final decision/completion a Document gives birth to a record. Record is born at document’s completion. Through Record you will set policy for conservation this happens in temporary view. Finally it becomes an Archive which pursues permanent policy of conservation. See the: Document-Record-Archive.
Should manufacturer control ranges also be documented?
Specification limits should be documented but control ranges are a function of the process. As you improve control over your process they will narrow. They could be documented in an improvement plan, in work instructions as expected output, or recorded on a record showing what the process results were. Many machines today record the output’s in real time control charts, which are records of the process performance. The method of documentation depends on your usage.
If a print out of Electronic Medical record is taken and provided to the patient without signing on it. Are those papers documents or records ?
A record consists of data that can not be changed. Think of test results or a medical history. It can be paper or electronic. The signature adds traceability and improves authenticity, but so does a date on a printout. The signature may or may not be required.
i think if project is still ongoing and activities still implementing with data that is called document control, and after complete the project or complete of documents in the middle of project all that data will become record control
Somewhat correct, Haneef — the changeable documents during a project require document control. After the project is complete, the documents become *records* of the project and then require *records management* (not control).
However, during the project, there can also be records created, such as measurements, test results, etc. These types of documents are *records* — they do not change. Procedures, site plans, engineering drawings, etc. change many times throughout a project, and therefore they require *document control*. The records that are also part of the project are handled via the document control system while the project is ongoing, but they are still records (e.g. the electrical output readings of a generator on a particular day do not change; they are not subject to revision. Readings taken on another day would be a *record* of the output on *that* day, etc.).
Again, once the project has ended, *all* documents used on the project become records, as they are no longer subject to revision. They are records of what was done on the project.
Hope this helps. 🙂
Thank you so much.This gives a very good definition about what is a document ,what is a record & how the document & record control is done.
WHEN DO YOU SAY THE DOCUMENT IS IN A SERIES AND NOT IN REVISION
I’m not sure the difference you are referring too.
Sir, We wrote a procedure for incoming material and stated that the checked Quantity to be labeled by putting a sticker containing certain information about the inspection. Now do we need to put a control number on the sticker? if yes why and if no then why?
Regards
Javed
Form documents need to be controlled so it is clear you have the latest authorized revision of the form. Form records need to be protected from alteration. A control ID and date should be sufficient.