What is Document Management?

Terry Giles

At a workshop which I recently attended, the question, 'what is meant by document management?' was asked. It is a good question, which I both explore and answer in this article.

Firstly though, what is a document?

What is a document?

ISO 9000:2015 defines a document as: information and the medium on which it is contained.

This moves us far away from the more traditional thinking of documents being bits of paper with writing on them, what we are really looking at is information management.

Back view of businessman reading documents in hand

ISO 9001:2015, sections 7.5.2 and 7.5.3 then talk about the controls that are needed to be in place for managing documented information. This is where things start to get really interesting and the whole concept of managing documents starts to get a bit confusing.

Would you like some expert help with achieving ISO 9001:2015?

Documents and their uses

One of the areas where confusion occurs, is around the use to which the document is put. Given the ISO 9000:2015 definition, documents can range from Twitter posts, through e-mails and letters to process or procedure descriptions.

Thankfully ISO 9001:2015 does limit the controls required, to those associated with the quality management system (QMS), (ISO 14001 and ISO 45001 also require the same controls). However that does mean we need to define the boundaries of our QMS or, if we are dealing with ISO 14001 or 45001, the relevant management system. 

I tend to separate documents in business management systems into two categories; records and instructional.

  • Records being those documents that are created and once issued never changed, such as e-mails, letters, reports and even Twitter feeds.
  • Instructional documents on the other hand are issued and then subject to modification over time.

Storing records vs storing instructions 

The management of records should be relatively simple in that a record is created, reviewed, issued and then stored in such a way as to be both accessible (to those with the required authorisation) and to be proof against being changed.

As many people have found out to their cost, even e-mails and Twitter feeds need to be reviewed (i.e. read and considered) before hitting the send button.

Concept of sending e-mails from your computer

The management of instructional documentation on the other hand has the added complication that once an instruction has been issued it may be the subject of change, as time goes by.

So the common bit to both aspects of document management is the creation, review and storage.

Documentation controls 

From a practical perspective what controls should we be considering when looking at document management?

Going back to ISO 9001:2015, section requires the following to be addressed: 

  • Distribution, access, retrieval and use 
  • Storage and preservation, including preservation of legibility 
  • Control of changes 
  • Retention and disposition. 

How these are achieved are down to the individual organisation. There are however some interesting potential issues that can arise when using electronic media as the mechanism for storing the information.

Would you like some expert help with achieving ISO 9001:2015?

 Storage and preservation 

One of them concerns the requirement for storage, preservation and preservation of legibility. Many users rely on applications such as Word, Adobe Acrobat, Visio, Excel etc. as document editors, which is great so long as those applications are supported.

I am old enough to remember applications such as WordPerfect and Lotus 123 and the fun that could be had (not), translating WordPerfect documents into Word documents whilst trying to retain some semblance of formatting - particularly when it came to tables or porting across formulae in Lotus 123.

What happens when the application becomes obsolete, or the latest version is not backwards compatible with an old version you are still working on?  

Similarly with retention requirements, working within a regulated industry where records may need to be kept for the life of a product, and that life could be 20 years or more, then retaining the ability to read the documents created by an obsolete application, could be fun.

Storing documents in the Cloud

Then we come on to a recent set of developments with information being stored in the ‘Cloud’. What controls are going to be in place so that when you ‘delete’ the records from your system in line with legislation, they are not backed up on the ‘Cloud’ somewhere and still theoretically available?

Data servers resting on clouds in blue in a cloudy sky

The answer to that would be to have something in the contract with the ‘Cloud’ provider to ensure all records and backups are deleted. I wonder how many IT managers think of such things? 

The takeaway 

Managing documentation in today’s environments where paper is the exception and the information you need is just a click away, does need to be thought about carefully.

Yes it does mean that people can get to the right information quickly and efficiently and search engines make it so easy to get to the information you require - but will it always be the right information? That however, is the subject of a future article. 

New Call-to-action

Please do comment below to tell us what you thought of this article or voice any questions you'd like answered by future articles - and please share via the social media buttons below if you found this article helpful.

Related articles:

How to stop ISO Certification running your business

10 Ways Business Process Management Software Can Improve Your Business

How To Maximise Value in Your Process Maps Using the Triaster Platform


Written by Terry Giles

Terry Giles is a consultant for TerryAG Consultancy. He has a great deal of experience in developing Business Management Systems based around a variety of models including ISO 9001, TL 9000, ISO 14001, EFQM, Baldrige, CMMi, ITIL, RiskIT and CobiT 4.1 & 5.