Editing Document management system (section)

==Document control==
[[Regulatory economics|Government regulations]] typically require that companies working in certain industries control their documents. A [[Document Controller]] is responsible to control these documents strictly. These industries include accounting (for example: 8th [[Directive (European Union)|EU Directive]], [[Sarbanes–Oxley Act]]), food safety (for example the [[Food Safety Modernization Act]] in the US), ISO (mentioned above), medical device manufacturing ([[Food and Drug Administration|FDA]]), manufacture of blood, human cells, and tissue products (FDA), healthcare (''[[JCAHO]]''), and information technology (''[[ITIL]]'').<ref>
{{cite web
 |title       = Code of Federal Regulations Title 21, Part 1271
 |url         = http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=1271&showFR=1
 |publisher   = Food and Drug Administration
 |access-date  = 31 January 2012
 |url-status     = live
 |archive-url  = https://web.archive.org/web/20111010114628/http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=1271&showFR=1
 |archive-date = 10 October 2011
}}
</ref>
Some industries work under stricter document control requirements due to the type of information they retain for privacy, warranty, or other highly regulated purposes. Examples include [[protected health information]] (PHI) as required by [[HIPAA]] or construction project documents required for warranty periods. An information systems strategy plan (ISSP) can shape organisational information systems over medium to long-term periods.<ref>
{{cite book
 |last1            = Wiggins
 |first1           = Bob
 |title            = Effective Document Management: Unlocking Corporate Knowledge
 |year = 2000
 |url              = https://books.google.com/books?id=JnDwAAAAMAAJ
 |edition          = 2
 |publisher        = Gower
 |publication-date = 2000
 |page             = 25
 |isbn             = 9780566081484
 |access-date      = 2016-04-09
 |quote            = At the organisational level an information systems strategy plan (ISSP) is a way to determine in general terms what information systems an organisation should have in place over the medium to long term (typically around three to five years [...]).
 |url-status          = live
 |archive-url       = https://web.archive.org/web/20180113184109/https://books.google.com/books?id=JnDwAAAAMAAJ
 |archive-date      = 13 January 2018
}}
</ref>

Documents stored in a document management system—such as procedures, work instructions, and policy statements—provide evidence of documents under control. Failing to comply can cause fines, the loss of business, or damage to a business's reputation.

Document control includes:<ref>{{cite web|url=https://www.isotracker.com/blog/what-is-document-control/|title=What is Document Control?|accessdate=9 November 2023|website=isoTracker}}</ref>
* reviewing and approving documents prior to release
* ensuring changes and revisions are clearly identified
* ensuring that relevant versions of applicable documents are available at their "points of use"
* ensuring that documents remain legible and identifiable
* ensuring that external documents (such as customer-supplied documents or supplier manuals) are identified and controlled
* preventing “unintended” use of obsolete documents

These document control requirements form part of an organisation's [[compliance cost]]s alongside related functions such as a [[data protection officer]] and [[internal audit]].