Control of External Documents - Which documents are required to be controlled?



Control of external documentation

I need guidance on fulfilling the requirement for external-origin document control. Which documents are required to be controlled, and how should they be defined in policy and procedure? Is there any practical advice on how to establish initial control of existing documents in addition to new ones?


Trusted Information Resource
Which documents are required? The ones that are used to help to control processes or that can affect product quality. Examples that you might control: customer drawings & specifications, equipment manuals, etc.

How should they be defined? This is up to you. Many companies use a master list of documents.

Practical advice? Try to do things the same as with your own internal documents. If your normal document control is done electronically, you may have to do something different for external hard copies though. I've seen some companies that scan hardcopies and store them electronically. Another option is to assign the document a control number, write the number on the document, and note its location (or who keeps it) on a master list.

I'm sure others will come along with more ideas for you...

ramap - 2011

With reference to above discussion , we have two tier documentation one set from the Group and others from local office, can the group documents be considered as external ?

Jim Wynne

With reference to above discussion , we have two tier documentation one set from the Group and others from local office, can the group documents be considered as external ?

What is "the Group"? If you're talking about a single company with more than one location, you need to make sure that the company's document control system accounts for all locations where documents are used. This usually means that there's a local control system for each location that's governed by an "umbrella" system that applies to all locations. In general, "external documents" refers to documents that originate outside the company, but it's control that's the important issue in any case.


Here are two versions of what some refer to as "Doc Pyramids". Same general idea though. The main point is to define who does what, what is it that they do, and lastly how do you prove they did it (objective evidence).

I have always gone with the idea that if it is being used to determine quality, then control it. Another view is that if that piece of paper ended up missing... what happens. If the answer is nothing, then why bother have it. If the answer is the something bad (scrap, wrong machine setting etc) then control it. Really all control needs to mean is that you know and can duplicate it when it does come up missing and have confidence that it is there for reference when needed (usual operator is on vacation or training new person).


  • Control of External Documents - Which documents are required to be controlled?
    10.5 KB · Views: 1,810
  • Document Pyramid.doc
    30 KB · Views: 678

ramap - 2011

Hi Jim

Thanks for the reply , the structure of our organization is same as u have mentioned , having may offices at different locations.

Hi Jax,

Many thanks for the inputs and the pyramid is more refined than the one I have

Polly Pure Bread

Which documents are required?

Cover all externally generated documents received, which are identified as necessary or applicable in the organization.

Practical advice

Receiver/Addressee identify as to what specific area or individual is concerned with such document. Supervisor or manager approve the documents and ensure of the latest version prior to use. For hardcopy, you can we stamp ‘Externally Generated Document’. For softcopy, you can use watermark. Leave the retention period of all electronically generated documents in the discretion of department-owner or can supercede the previous version. For old document, retrieve the old document and replaced with new version. For new document, routes the document to identified recipient/s. You can maintain a masterlist of externally generated documents. :)


Registered Visitor
The effectiveness of this clause (4.2.3) needs that organization needs to set up such a control/system, wherein external origin document should be
• identified and their distribution controlled
• prevent the unintended use of obsolete documents, and to apply suitable identification to them if they are retained for any purpose.
• As practically single document may be used in different areas, therefore control needs to be established to address any changes
•Similarly it is also very important that organization needs to be on the mark to align the changes if it happens or required

I believe, while building and maintaining the QMS, we need to go beyond the 9001 and try to get the real benefit of effectiveness and efficiency being initiated by this international standard


Continuing with this discussion, I have another question or point for discussion. What is considered an external document when you have a large organization, in which only a lab is under the scope of the QMS and only the lab related documents are controlled as internal documents? Does documents from the other departments are considered external? I mean like drawings, product information, human resources policies, etc. In my opinion, I would consider documents of external origin those documents not under the scope of the QMS in consideration, even those from the same organization if these are not controlled otherwise. Do you guys agree?
Top Bottom