What is Document Management?Terry Giles
At a workshop which I recently attended, the question, 'what is meant by document management?' was asked. It is a good question, which I both explore and answer in this article.
Firstly though, what is a document?
What is a document?
ISO 9000:2015 defines a document as: information and the medium on which it is contained.
This moves us far away from the more traditional thinking of documents being bits of paper with writing on them, what we are really looking at is information management.
ISO 9001:2015, sections 7.5.2 and 7.5.3 then talk about the controls that are needed to be in place for managing documented information. This is where things start to get really interesting and the whole concept of managing documents starts to get a bit confusing.
Documents and their uses
One of the areas where confusion occurs, is around the use to which the document is put. Given the ISO 9000:2015 definition, documents can range from Twitter posts, through e-mails and letters to process or procedure descriptions.
Thankfully ISO 9001:2015 does limit the controls required, to those associated with the quality management system (QMS), (ISO 14001 and ISO 45001 also require the same controls). However that does mean we need to define the boundaries of our QMS or, if we are dealing with ISO 14001 or 45001, the relevant management system.
I tend to separate documents in business management systems into two categories; records and instructional.
- Records being those documents that are created and once issued never changed, such as e-mails, letters, reports and even Twitter feeds.
- Instructional documents on the other hand are issued and then subject to modification over time.
Storing records vs storing instructions
The management of records should be relatively simple in that a record is created, reviewed, issued and then stored in such a way as to be both accessible (to those with the required authorisation) and to be proof against being changed.
As many people have found out to their cost, even e-mails and Twitter feeds need to be reviewed (i.e. read and considered) before hitting the send button.
The management of instructional documentation on the other hand has the added complication that once an instruction has been issued it may be the subject of change, as time goes by.
So the common bit to both aspects of document management is the creation, review and storage.
From a practical perspective what controls should we be considering when looking at document management?
Going back to ISO 9001:2015, section 184.108.40.206 requires the following to be addressed:
- Distribution, access, retrieval and use
- Storage and preservation, including preservation of legibility
- Control of changes
- Retention and disposition.
How these are achieved are down to the individual organisation. There are however some interesting potential issues that can arise when using electronic media as the mechanism for storing the information.
Storage and preservation
One of them concerns the requirement for storage, preservation and preservation of legibility. Many users rely on applications such as Word, Adobe Acrobat, Visio, Excel etc. as document editors, which is great so long as those applications are supported.
I am old enough to remember applications such as WordPerfect and Lotus 123 and the fun that could be had (not), translating WordPerfect documents into Word documents whilst trying to retain some semblance of formatting - particularly when it came to tables or porting across formulae in Lotus 123.
What happens when the application becomes obsolete, or the latest version is not backwards compatible with an old version you are still working on?
Similarly with retention requirements, working within a regulated industry where records may need to be kept for the life of a product, and that life could be 20 years or more, then retaining the ability to read the documents created by an obsolete application, could be fun.
Storing documents in the Cloud
Then we come on to a recent set of developments with information being stored in the ‘Cloud’. What controls are going to be in place so that when you ‘delete’ the records from your system in line with legislation, they are not backed up on the ‘Cloud’ somewhere and still theoretically available?
The answer to that would be to have something in the contract with the ‘Cloud’ provider to ensure all records and backups are deleted. I wonder how many IT managers think of such things?
Managing documentation in today’s environments where paper is the exception and the information you need is just a click away, does need to be thought about carefully.
Yes it does mean that people can get to the right information quickly and efficiently and search engines make it so easy to get to the information you require - but will it always be the right information? That however, is the subject of a future article.
Please do comment below to tell us what you thought of this article or voice any questions you'd like answered by future articles - and please share via the social media buttons below if you found this article helpful.
Written by Terry Giles
Terry Giles is a consultant for TerryAG Consultancy. He has a great deal of experience in developing Business Management Systems based around a variety of models including ISO 9001, TL 9000, ISO 14001, EFQM, Baldrige, CMMi, ITIL, RiskIT and CobiT 4.1 & 5.