What Is the Difference Between Document Control and Record Control?
The ISO 9001 quality standard has a number of documentation requirements and specifically calls out 4.2.3 Control of Documents and 4.2.4 Control of Records. The dictionary may have similar definitions for the terms document and record, but within ISO 9001:2008 and quality, they have their own meaning. To understand the difference, first let’s clarify the difference between documents and records.
Difference Between a Document and a Record
Documents and records may sound alike but there is a big difference between the two. Documents are created by planning what needs to be done and records are created when something is done. Documents can change and records don’t (must not) change.
Document Definition
Document: Information used to support an effective and efficient organizational operation.
A document consists of any information you use to run your company. Documents originate in the planning phase of the Plan, Do, Check, Act, cycle of the process approach.
Since documents are planning material, they are subject to change (under the Act phase) as we obtain more information (Do phase) and compare those informational or data records (Check phase) to our original plan. Common examples of (QMS) quality management system documents include:
- Quality Policy (Required)
- Quality Objectives (Required)
- Quality Manual (Required)
- Organization Chart
- Process Maps
- Business plans
- Control Plans (i.e. Advanced product quality planning or APQP)
- Internal Audit Schedule
- Procedures and Work Instructions (Six Required)
- Approved Supplier List
- Purchasing Criteria
- Customer Requirements
Required ISO 9001:2008 Procedure Documents
The ISO Standard requires a few documents: Quality policy, Quality objectives, Quality Manual, and a minimum of six procedures. The required ISO procedures are:
Clause 4 Documents (2 procedures)
1) 4.2.3 Document Control
2) 4.2.4 Record Control
Clause 8 CAPA (4 procedures)
3) 8.2.2 Internal Audit
4) 8.3 Nonconforming Product Control
5) 8.5.2 Corrective Action
6) 8.5.3 Preventive Action
Record Definition
Record: Evidence about a past event.
A record is generated in the “do” phase of PDCA. Records consist of any data you collect during the operation of your business QMS. Records are facts and should not change. If new facts arise that contradict the old facts (an error), then you should strike through the old fact and record the new fact.
There are 21 required records within ISO 9001:2008
The ISO Standard requires 21 records with most (14) coming from clause 7 product realization. What are these 21 records?
Clause 5 Management Responsibility (1 record)
1) 5.6.1 Records from management reviews (minutes, results, actions).
Clause 6 Resource Management (1 record)
2) 6.2.2 (e) Education, training, skills and experience records/files.
Clause 7 Product Realization (14 records)
3) 7.1 (d) Evidence that the realization processes and resulting product fulfill requirements.
4) 7.2.2 Results of the review of requirements relating to the product and actions arising from the review.
5) 7.3.2 Design and development inputs.
6) 7.3.4 Results of design and development reviews and any necessary actions.
7) 7.3.5 Results of design and development verification and any necessary actions.
8) 7.3.6 Results of design and development validation and any necessary actions.
9) 7.3.7 Results of the review of design and development changes and any necessary actions.
10) 7.4.1 Results of supplier evaluations and actions arising from evaluations.
11) 7.5.2 (d) As required by the company to demonstrate the validation of processes where the resulting output cannot be verified by subsequent monitoring or measurement.
12) 7.5.3 The unique identification of the product, where traceability is a requirement.
13) 7.5.4 Customer property that is lost, damaged or otherwise found to be unsuitable for use.
14) 7.6 (a) Standards used for calibration or verification of measuring equipment where no international or national measurement standards exist.
15) 7.6 Validity of previous results when measuring equipment is found not to conform with its requirements.
16) 7.6 Results of calibration and verification of measuring equipment.
Clause 8 CAPA (5 records)
17) 8.2.2 Internal audit results.
18) 8.2.4 Evidence of product conformity with the acceptance criteria and indication of the authority responsible for the release of the product.
19) 8.3 Nature of the product nonconformities and any subsequent actions taken, including concessions obtained.
20) 8.5.2 Results of corrective actions.
21) 8.5.3 Results of preventive actions.
Difference Between Document Control and Record Control
Now, with a better understanding of what documents and records are, we can look closer at what is required for control of documents (4.2.3) and records (4.2.4). Both ISO clauses require that documents and records are controlled, but what does that mean?
ISO 4.2.3Â Document Control
Documents are created as a part of your organizations planning. Therefore, ISO requires that these planning documents are approved prior to use to ensure they are adequate (appropriate). Documents need to be reviewed and updated to ensure the content is accurate. If changes are made to plans then it is imperative that the changes are identified and communicated to anyone that uses those planning documents.
Users need legible, up-to-date, and readily available documents to do their job. The bottom line, documents need to be reviewed, approved, legible, up-to-date, communicated, and readily available. That is what ISO wants from the control of your documents.
ISO 4.2.4Â Record Control
Records are not the plan. Records are created by plans. Records are data, but data is not information. Data must be converted into information through the use of charting or trend analysis. So the requirements for records are different. Records need to be identifiable (labeled), stored, protected (uncorrupted), retrievable (you need to use the data), retained (backed-up), but disposed of when obsolete.
Documents are created by planning what needs to be done and records are created when something is done. Documents can change and records don’t change. Documents need to be reviewed, approved, legible, up-to-date, communicated, and readily available. Records need to be identifiable, stored, protected, retrievable, retained, but disposed of when obsolete. That is what ISO means by control of documents and control of records.
Download a free sample policy and procedure example from the ISO 9001 Manual now.
35 Comments
Is the record needs to be approved as per document
Records are not really approved, they are created by the originator as a record of fact. If you record the temperature outside, on a form, then that is the temperature you saw on the gauge at the time you read it. Some events are recorded and then validated that they are effective, like a corrective action record. But that is not approval. Someone is validating the the event is complete and the corrective action is effective. The record itself is not approved.
Yes, Indeed !!
Record review and approval is an authentication and verification process, which is not the same as review and approval of controlled documents.
Record we can only review not approve.
Basically, records are reviewed and the data is used as evidence of an event. Documents are like directives and consists of things like the quality manual, plans, procedures, or forms and these need to be approved prior to use so that the people using these documents know they are using the right versions.
I would say that sometimes records may be approved as well because that may be the requirement of internal procedures.
Let’s have an example: a purchase order is a record (which documents the fact that someone in the company wants to purchase some goods) but it is not vaild until approved by CEO or purchasing department manager.
I would call a purchase order a document because it can be changed. Records do not or should not change. A purchase order is a request. Documents are approved, records record data of what has happened in the past. Since the purchase order has not been filled, it has not happened and does not record any data of an event. At any time you can cancel or revise a purchase order and it requires approval. Therefor, it is a document.
hello all, i am working in an government educational institution. How about Memoranda, Circulars from other government agencies/offices, are they considered document (at our end), since they were approved prior to issuance? How about letters various types of documents from other offices (letters, notices, travel orders, certifications…) within the university, can they become a record in my office?
To keep it simple, documents are approved. Records are signed or authenticated. In a government, everything is a record of what was done while in office. The new ISO 9001:2015 standard eliminates the distinction and introduces the term “documented information” which now includes documents, forms, procedures, records, work instructions, or anything used by the organization to demonstrate effectiveness. Maybe this will simplify it for everyone…
How we can fine differentiate to both of them.
Some records are approved. A record of compliance should be approved before sending to Government. Technical reports are records and should be approved before release. An approval in this case is signing off that the data is accurate and/or can be released.
An issued or approved purchase order is clearly a company record. Financial auditors would certainly see it as such.
Is record can help to create a document??
Usually documents (i.e. forms) are used to create records.
A Document is a draft that varies ideally. A Record is a done/completed action unchangeable. What you mean above can happen as referring to the completed acts to set new plan. By that time you will be drafting. At its final decision/completion a Document gives birth to a record. Record is born at document’s completion. Through Record you will set policy for conservation this happens in temporary view. Finally it becomes an Archive which pursues permanent policy of conservation. See the: Document-Record-Archive.
Should manufacturer control ranges also be documented?
Specification limits should be documented but control ranges are a function of the process. As you improve control over your process they will narrow. They could be documented in an improvement plan, in work instructions as expected output, or recorded on a record showing what the process results were. Many machines today record the output’s in real time control charts, which are records of the process performance. The method of documentation depends on your usage.
If a print out of Electronic Medical record is taken and provided to the patient without signing on it. Are those papers documents or records ?
A record consists of data that can not be changed. Think of test results or a medical history. It can be paper or electronic. The signature adds traceability and improves authenticity, but so does a date on a printout. The signature may or may not be required.
i think if project is still ongoing and activities still implementing with data that is called document control, and after complete the project or complete of documents in the middle of project all that data will become record control
Somewhat correct, Haneef — the changeable documents during a project require document control. After the project is complete, the documents become *records* of the project and then require *records management* (not control).
However, during the project, there can also be records created, such as measurements, test results, etc. These types of documents are *records* — they do not change. Procedures, site plans, engineering drawings, etc. change many times throughout a project, and therefore they require *document control*. The records that are also part of the project are handled via the document control system while the project is ongoing, but they are still records (e.g. the electrical output readings of a generator on a particular day do not change; they are not subject to revision. Readings taken on another day would be a *record* of the output on *that* day, etc.).
Again, once the project has ended, *all* documents used on the project become records, as they are no longer subject to revision. They are records of what was done on the project.
Hope this helps. 🙂
Thank you so much.This gives a very good definition about what is a document ,what is a record & how the document & record control is done.
WHEN DO YOU SAY THE DOCUMENT IS IN A SERIES AND NOT IN REVISION
I’m not sure the difference you are referring too.
Sir, We wrote a procedure for incoming material and stated that the checked Quantity to be labeled by putting a sticker containing certain information about the inspection. Now do we need to put a control number on the sticker? if yes why and if no then why?
Regards
Javed
Form documents need to be controlled so it is clear you have the latest authorized revision of the form. Form records need to be protected from alteration. A control ID and date should be sufficient.
it’s mean that record is as documentary operation.. just no more .
A situation about controlled documents under ISO 9001:2015 – we are having issues defining when a form becomes a record and when ‘the most recent version’ is applied.
The example – when a project is started in our organization, the coordinator takes the latest controlled form (in this example I’ll call it an inspection checklist), populates only certain fields in the form and then stores it in a project folder so that it is available when needed (point of use). The problem lies when the inspection checklist is completed and made into a record, which can sometime occur after a new revision has been done to the controlled form (weeks, months and sometimes years). So, if the form is only partially populated does it become a record? I would say no because records should not be modified but would like your opinion on that. Also, if a new version of a controlled form is released, should those partially populated incomplete documents be redone using the last version? Your thoughts on solving this dilemma would be most appreciated. Thank you,
As soon as you add data to the form it become a record on that date by that person. What makes it a record is the data, date, and person, not the paper form. The fact that you add more information to the record on another date, maybe with a different person is fine, it just makes it a journal or notebook record. Records can by many things: database, email, notebook, journal, pictures, video, forms, etc. Now if you change the form in the middle, just cross out the places in the new form where previous data was captured and attach the old form/record to it. What can’t be modified is the data on the record.
Sir , We ussualy take Minute of Meeting (MoM) during a formal meeting or any managemnt meeting in our company and we use the MoM form to capture what was important during the meeting. after the form is fillid up, shall we call the form a Record or still a Document ?
The form is a document. As soon as you enter any data on the form it becomes a record.
I am confused regarding the following example. Is an email that provides financial or statistical data, or approval of a plan change of direction from a Manager a record? The final plan will reflect the details contained in the email and so the plan is a record. However I am unsure as to whether the email would be considered in the planning (a document) or doing (record) stage, and whether it is a record in itself? If it is not a record, is its only purpose advice and approval?
Plans can change, and they do change often, so a plan is always a document. The approval of a plan is a record of who approved it and when it was approved. This discussion of documents and records is mute now that ISO 9001:2015 calls all documents and records “Documented Information”.
Hi
Hope you can help.
If a record of results has not been changed only a spelling mistake crossed out fix up and initial. Does this comply with iso9001-2016?
ISO 9001 is not specific on how to change documented information, but 7.5.3.2.b control states that “it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity)” which I read as cross out, fix up, and initial.
The ISO/IEC 17025​ Clause 4.13.2.3, standard does address this, it says: “When mistakes occur in records, each mistake shall be crossed out, not erased, made illegible or deleted, and the correct value entered alongside. All such alterations to records shall be signed or initialed by the person making the correction. In the case of records stored electronically, equivalent measures shall be taken to avoid loss or change of original data.”