Document Control Procedure Template
Document Control
| Field | Value |
|---|---|
| Document ID | ISMS-PROC-001 |
| Version | 1.0 |
| Date | [DATE] |
| Author | [NAME] |
| Owner | ISMS Manager |
| Approved by | [EXECUTIVE] |
| Review Date | [DATE + 1 year] |
| Status | Approved |
1. Purpose
This procedure defines how documented information within the ISMS is created, reviewed, approved, distributed, stored, changed, versioned, archived, and disposed.
2. Scope
Applies to all documented information within the ISMS including policies, procedures, work instructions, plans, forms, templates, and records.
3. Document Categories
Document Types and Codes
| Type | ID Prefix | Approval Level | Review Frequency | Format |
|---|---|---|---|---|
| Policy | ISMS-POL | Executive Management | Annual | |
| Procedure | ISMS-PROC | ISMS Manager | Annual | |
| Work Instruction | ISMS-WI | Process Owner | As needed | |
| Template/Form | ISMS-TEMP/FORM | ISMS Manager | Annual | Word/Excel |
| Plan/Program | ISMS-PLAN | ISMS Manager | Annual | PDF/Word |
| Record | ISMS-REC | Varies | N/A | Varies |
Document Classification
- Public: No restrictions
- Internal: Company employees only
- Confidential: Restricted to specific roles
- Restricted: Need-to-know basis, highest sensitivity
Mark documents with classification in header or footer.
4. Document Creation Process
Step 1: Initiate
- Identify need for new document
- Determine document type and assign owner
- Assign document ID using naming convention
Step 2: Draft
- Use standard template
- Include all required elements (header, control table, version history, content)
- Mark as "DRAFT" and version 0.1
Step 3: Review
- Circulate to relevant stakeholders for feedback
- Collect and incorporate comments
- Revise as needed
Step 4: Approve
- Submit to appropriate approver per authority matrix
- Obtain approval signature/email
- Record approval date
Step 5: Publish
- Change status to "APPROVED"
- Assign version 1.0
- Upload to controlled location
- Notify affected users
- Remove any draft versions
5. Version Control
Versioning Scheme:
- Draft versions: 0.1, 0.2, 0.3
- Major changes: 1.0 → 2.0 (complete rewrite, significant content/structural changes)
- Minor changes: 1.0 → 1.1 (clarifications, minor corrections, formatting)
Version History Table: Include in each document:
| Version | Date | Author | Description | Approved by |
|---|---|---|---|---|
| 0.1 | [Date] | [Name] | Initial draft | N/A |
| 1.0 | [Date] | [Name] | Approved version | [Name] |
6. Storage and Access
Primary Location: [Intranet/SharePoint/DMS URL]
Folder Structure:
- 01_Policies
- 02_Procedures
- 03_Work_Instructions
- 04_Forms_and_Templates
- 05_Plans_and_Programs
- 06_Records
- 07_External_Documents
- 08_Archived_Documents
Access Control: Based on document classification, managed through system permissions
Backup: Daily automated backup, weekly verification, disaster recovery tested quarterly
7. Document Review
All documents reviewed at least annually. System sends reminder 30 days before review date. If no changes needed, review date extended 1 year and document control log updated.
8. Records Management
Retention Schedule:
| Record Type | Retention Period | Storage Location |
|---|---|---|
| Risk assessments | Current + 3 years | ISMS folder |
| Audit reports | 5 years | Audit folder |
| Incident records | 5 years | Incident system |
| Training records | Employment + 5 years | HR system |
| Management review minutes | Current + 5 years | ISMS folder |
After retention period, records reviewed for historical value, approved for deletion by ISMS Manager, deletion logged, secure disposal method used.
9. Obsolete Documents
When document superseded:
- Mark clearly as "OBSOLETE - For reference only"
- Move to "Archived Documents" folder
- Retain per retention schedule
- Prevent unintended use
- Recall any physical copies
Next Lesson: Establish Naming Conventions to ensure consistent and logical document organization.