This section of the knowledge base covers document control across ISO management systems - how organisations identify, approve, distribute, retain and dispose of the policies, procedures, registers and records that the management system depends on. Articles are written for the people who actually maintain document control day to day - quality managers, SHEQ leads, office managers and anyone responsible for keeping the management system documentation accurate and current.
The cluster begins with the foundation - what document control means under ISO 9001 Clause 7.5 and the equivalent clauses in ISO 14001, ISO 45001, ISO 27001 and ISO 22301 - and how the document register acts as the single source of truth for what is held, where and for how long. From there the articles cover records management and UK retention periods under RIDDOR 2013, COSHH, the Companies Act 2006, UK GDPR and the Limitation Act 1980, version control and approval, the three-tier information classification scheme used in the IMS1 manual, data backup and protection of electronic information, and control of documents of external origin including legislation, customer drawings and supplier certificates.
Throughout the section, articles assume the management system is integrated rather than treated as a separate ISO compliance layer. The same document register, the same version control approach and the same retention rules satisfy every relevant ISO standard - parallel systems for each standard are unnecessary and harder to maintain. Where individual standards add specific requirements (ISO 27001 Annex A on classification and cloud services, ISO 22301 on continuity-driven backup, UK GDPR on personal data retention and protection), the articles flag the position clearly.
Each article includes a practical advice section pointing at the alphaZ documents that operationalise document control - the F-IMS20 Document Register, the management of files documents and records policy, the records management and data retention policies, the information classification policy and supporting guidance. Used together these turn the principles into a working set of templates and registers that small and medium organisations can adopt and maintain without document management software.
Document control gets a bad reputation because people think it means a heavy paperwork system. It does not. The point is to make sure the right people are using the current version of the right document - and that you can prove it if asked. The articles here cover how to do that with the lightest workable system.
For most clients the gain is treating one document register as the source of truth across every standard, rather than running a separate register per discipline. The articles in this section walk through how the same approval, version and review pattern serves quality, environmental, health and safety, information security and business continuity together.
What an external auditor checks at document control is currency, not volume. Are the policies and procedures in use the latest approved versions, are obsolete copies not in circulation, and is there a register that lets the organisation answer those questions for any document. The articles here cover the practical pattern for that.