The ISO 9001 quality standard has a number of documentation requirements and specifically calls out 4.2.3 Control of Documents and 4.2.4 Control of Records. The dictionary may have similar definitions for the terms document and record, but within ISO 9001:2008 and quality, they have their own meaning. To understand the difference, first let’s clarify the difference between documents and records.
Difference Between a Document and a Record
Documents and records may sound alike but there is a big difference between the two. Documents are created by planning what needs to be done and records are created when something is done. Documents can change and records don’t (must not) change.
Document Definition
Document: Information used to support an effective and efficient organizational operation.
A document consists of any information you use to run your company. Documents originate in the planning phase of the Plan, Do, Check, Act, cycle of the process approach.
Since documents are planning material, they are subject to change (under the Act phase) as we obtain more information (Do phase) and compare those informational or data records (Check phase) to our original plan. Common examples of (QMS) quality management system documents include:
- Quality Policy (Required)
- Quality Objectives (Required)
- Quality Manual (Required)
- Organization Chart
- Process Maps
- Business plans
- Control Plans (i.e. Advanced product quality planning or APQP)
- Internal Audit Schedule
- Procedures and Work Instructions (Six Required)
- Approved Supplier List
- Purchasing Criteria
- Customer Requirements
Required ISO 9001:2008 Procedure Documents
The ISO Standard requires a few documents: Quality policy, Quality objectives, Quality Manual, and a minimum of six procedures. The required ISO procedures are:
Clause 4 Documents (2 procedures)
1) 4.2.3 Document Control
2) 4.2.4 Record Control
Clause 8 CAPA (4 procedures)
3) 8.2.2 Internal Audit
4) 8.3 Nonconforming Product Control
5) 8.5.2 Corrective Action
6) 8.5.3 Preventive Action
Record Definition
Record: Evidence about a past event.
A record is generated in the “do” phase of PDCA. Records consist of any data you collect during the operation of your business QMS. Records are facts and should not change. If new facts arise that contradict the old facts (an error), then you should strike through the old fact and record the new fact.
There are 21 required records within ISO 9001:2008
The ISO Standard requires 21 records with most (14) coming from clause 7 product realization. What are these 21 records?
Clause 5 Management Responsibility (1 record)
1) 5.6.1 Records from management reviews (minutes, results, actions).
Clause 6 Resource Management (1 record)
2) 6.2.2 (e) Education, training, skills and experience records/files.
Clause 7 Product Realization (14 records)
3) 7.1 (d) Evidence that the realization processes and resulting product fulfill requirements.
4) 7.2.2 Results of the review of requirements relating to the product and actions arising from the review.
5) 7.3.2 Design and development inputs.
6) 7.3.4 Results of design and development reviews and any necessary actions.
7) 7.3.5 Results of design and development verification and any necessary actions.
8) 7.3.6 Results of design and development validation and any necessary actions.
9) 7.3.7 Results of the review of design and development changes and any necessary actions.
10) 7.4.1 Results of supplier evaluations and actions arising from evaluations.
11) 7.5.2 (d) As required by the company to demonstrate the validation of processes where the resulting output cannot be verified by subsequent monitoring or measurement.
12) 7.5.3 The unique identification of the product, where traceability is a requirement.
13) 7.5.4 Customer property that is lost, damaged or otherwise found to be unsuitable for use.
14) 7.6 (a) Standards used for calibration or verification of measuring equipment where no international or national measurement standards exist.
15) 7.6 Validity of previous results when measuring equipment is found not to conform with its requirements.
16) 7.6 Results of calibration and verification of measuring equipment.
Clause 8 CAPA (5 records)
17) 8.2.2 Internal audit results.
18) 8.2.4 Evidence of product conformity with the acceptance criteria and indication of the authority responsible for the release of the product.
19) 8.3 Nature of the product nonconformities and any subsequent actions taken, including concessions obtained.
20) 8.5.2 Results of corrective actions.
21) 8.5.3 Results of preventive actions.
Difference Between Document Control and Record Control
Now, with a better understanding of what documents and records are, we can look closer at what is required for control of documents (4.2.3) and records (4.2.4). Both ISO clauses require that documents and records are controlled, but what does that mean?
ISO 4.2.3 Document Control
Documents are created as a part of your organizations planning. Therefore, ISO requires that these planning documents are approved prior to use to ensure they are adequate (appropriate). Documents need to be reviewed and updated to ensure the content is accurate. If changes are made to plans then it is imperative that the changes are identified and communicated to anyone that uses those planning documents.
Users need legible, up-to-date, and readily available documents to do their job. The bottom line, documents need to be reviewed, approved, legible, up-to-date, communicated, and readily available. That is what ISO wants from the control of your documents.
ISO 4.2.4 Record Control
Records are not the plan. Records are created by plans. Records are data, but data is not information. Data must be converted into information through the use of charting or trend analysis. So the requirements for records are different. Records need to be identifiable (labeled), stored, protected (uncorrupted), retrievable (you need to use the data), retained (backed-up), but disposed of when obsolete.
Documents are created by planning what needs to be done and records are created when something is done. Documents can change and records don’t change. Documents need to be reviewed, approved, legible, up-to-date, communicated, and readily available. Records need to be identifiable, stored, protected, retrievable, retained, but disposed of when obsolete. That is what ISO means by control of documents and control of records.
Download a free sample policy and procedure example from the ISO 9001 Manual now.
Policy Procedure Software Bundle 
9-Manual CEO Company Policies Procedures Manual Bundle | Save 45% 
5-Manual CFO Financial Accounting Procedures Bundle| Save 35% 
Accounting Policies and Procedures Manual 
IT Policies and Procedures Manual | ABR34M 
HR Policies and Procedures Manual | ABR41M 
Sales Marketing Policies and Procedures Manual | ABR44M 
ISO 9001:2015 Quality Procedures Manual | ABR211M 
Is the record needs to be approved as per document
Records are not really approved, they are created by the originator as a record of fact. If you record the temperature outside, on a form, then that is the temperature you saw on the gauge at the time you read it. Some events are recorded and then validated that they are effective, like a corrective action record. But that is not approval. Someone is validating the the event is complete and the corrective action is effective. The record itself is not approved.
Record we can only review not approve.
Basically, records are reviewed and the data is used as evidence of an event. Documents are like directives and consists of things like the quality manual, plans, procedures, or forms and these need to be approved prior to use so that the people using these documents know they are using the right versions.
I would say that sometimes records may be approved as well because that may be the requirement of internal procedures.
Let’s have an example: a purchase order is a record (which documents the fact that someone in the company wants to purchase some goods) but it is not vaild until approved by CEO or purchasing department manager.
I would call a purchase order a document because it can be changed. Records do not or should not change. A purchase order is a request. Documents are approved, records record data of what has happened in the past. Since the purchase order has not been filled, it has not happened and does not record any data of an event. At any time you can cancel or revise a purchase order and it requires approval. Therefor, it is a document.
hello all, i am working in an government educational institution. How about Memoranda, Circulars from other government agencies/offices, are they considered document (at our end), since they were approved prior to issuance? How about letters various types of documents from other offices (letters, notices, travel orders, certifications…) within the university, can they become a record in my office?
To keep it simple, documents are approved. Records are signed or authenticated. In a government, everything is a record of what was done while in office. The new ISO 9001:2015 standard eliminates the distinction and introduces the term “documented information” which now includes documents, forms, procedures, records, work instructions, or anything used by the organization to demonstrate effectiveness. Maybe this will simplify it for everyone…
How we can fine differentiate to both of them.
Some records are approved. A record of compliance should be approved before sending to Government. Technical reports are records and should be approved before release. An approval in this case is signing off that the data is accurate and/or can be released.
An issued or approved purchase order is clearly a company record. Financial auditors would certainly see it as such.
Is record can help to create a document??
Usually documents (i.e. forms) are used to create records.
A Document is a draft that varies ideally. A Record is a done/completed action unchangeable. What you mean above can happen as referring to the completed acts to set new plan. By that time you will be drafting. At its final decision/completion a Document gives birth to a record. Record is born at document’s completion. Through Record you will set policy for conservation this happens in temporary view. Finally it becomes an Archive which pursues permanent policy of conservation. See the: Document-Record-Archive.