ISO 9001 Clause 4.2: What’s the Difference Between Control of Documents and Control of Records?
A document communicates to the organization things such as: what is to be done, how it is to be done, and the required standard that must be met. Documents are the organization’s plan for how it is going to operate its business. Control of documents is the way the organization makes sure that the correct information is available to the correct people. This means documents must be approved by the appropriate authorities, up to date, and available to the people who need the information. The information may be continually revised and improved as the organization make changes in the way it operates.
A record provides the evidence of whether or not the requirements of the document were achieved. Examples include: inspection results, training employees have received, results of a production run, supplier evaluations. In most cases the information contained in records should not be changed. Control of records involves how the information is protected so its integrity is maintained and it can retrieved when needed. Control of records procedures should define where records are stored, how they are organized, minimum retention times, and how they may be disposed of.