Scribd
Upload
40 views15 pages

Control of Documented Information Process

Uploaded by

Raja
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
40 views15 pages

Control of Documented Information Process

Uploaded by

Raja
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 15

Control of Documented Information

Process

Version: 3.0
Last Updated: 06/10/2019

Confidential and Proprietary – All Rights Reserved

Approval Date: 06/10/2019


Approved By: J. Weiss
DCN: VMD-CON-00001
Template Version: 2.0

4114 Legato Road, 7th Floor


Fairfax, VA 22033
(571) 612-2424
vmdcorp.com
Control of Documented Information
Process
Version: 3.0
Approved By: J. Weiss, 06/10/2019

Table of Contents
1 Scope & Purpose...............................................................................................................................1

2 Roles & Responsibilities....................................................................................................................1

3 Inputs.................................................................................................................................................1

4 Outputs..............................................................................................................................................1

5 Entrance Criteria................................................................................................................................2

6 Exit Criteria.......................................................................................................................................2

7 Process Flow......................................................................................................................................2

8 Procedure...........................................................................................................................................2
8.1 Control of Documents.......................................................................................................................................2
8.1.1 Controlling Documents...................................................................................................................2
2. These documents must be controlled according to the requirements of this process........................2
8.1.2 Initiating a New Document..............................................................................................................3
8.1.3 Document Identification and Legibility...........................................................................................3
8.1.4 Review and Approval of New Documents......................................................................................3
8.1.5 Distribution of Controlled Documents.............................................................................................4
8.1.6 Periodic Review..............................................................................................................................5
8.1.7 Updating and Re-Approving Changes to Documents......................................................................5
8.1.8 Obsolete Documents........................................................................................................................5
8.1.9 External Documents........................................................................................................................5

8.2 Control of Quality Management System Records.............................................................................................6


8.2.1 Controlled Records..........................................................................................................................6
8.2.2 Maintaining Records.......................................................................................................................6

8.3 Control of Service Management System Records.............................................................................................7


8.3.1 Controlled Records..........................................................................................................................7
8.3.2 Maintaining Records.......................................................................................................................7

8.4 Control of Information Security Management System Records........................................................................7


8.4.1 Controlled Records..........................................................................................................................7
8.4.2 Maintaining Records.......................................................................................................................7

9 Risk Considerations...........................................................................................................................8

10 Reference Documents........................................................................................................................8

VMD-CORP-005 Confidential and Proprietary – All Rights Reserved i


Printed copy valid for 24 hours from time of printing unless otherwise indicated “CONTROLLED COPY”.
Date printed 2/17/21 21:35 a2/p2
Control of Documented Information
Process
Version: 3.0
Approved By: J. Weiss, 06/10/2019

APPENDICES.............................................................................................................................................9
Appendix A: Acronyms....................................................................................................................................................9
Appendix B: Documents and Records............................................................................................................................10
Appendix C: Reporting Thresholds................................................................................................................................11

List of Tables
Table 1: Roles and Responsibilities.................................................................................................................................................................1
Table 2: Acronyms.......................................................................................................................................................................................... 9
Table 3: Records............................................................................................................................................................................................ 10
Table 4: Reporting Thresholds....................................................................................................................................................................... 11

List of Figures
No table of figures entries found.

VMD-CORP-005 Confidential and Proprietary – All Rights Reserved ii


Printed copy valid for 24 hours from time of printing unless otherwise indicated “CONTROLLED COPY”.
Date printed 2/17/21 21:35 a2/p2
Control of Documented Information
Process
Version: 3.0
Approved By: J. Weiss, 06/10/2019

Revision History
Rev. # Release Date Author Reviewer(s) Approver Description of Change
3.0 6/10/19 M. Parimi M. Couto CRB Updated the document for rebranding
2.0 4/12/17 J. Maeger M. Couto CRB Combined document and records control
processes; updated to new template; added inputs,
outputs, entry criteria, exit criteria, roles and
responsibilities, appendices
1.6 3/10/17 N/A N/A CRB Modified to adhere to ISO 9001:2015 standard
1.5 8/12/16 N/A N/A MRB Modified to specify procedures for ISO 27001
1.4 4/12/16 N/A N/A MRB Modified the means by which ISO 20000-1
document approvals are indicated
1.3 8/27/15 N/A N/A CRB Modified to specify procedures for ISO 9001 and
20000-1
1.2 02/02/15 N/A N/A CRB Modified to include procedures for ISO 20000-1
Update Appendix B and added Section for
1.1 4/4/17 J. Maeger M. Couto M. Couto
Reference documents
1.0 3/27/17 M. Couto CRB M. Couto Baseline version of document

VMD-CORP-005 Confidential and Proprietary – All Rights Reserved iii


Printed copy valid for 24 hours from time of printing unless otherwise indicated “CONTROLLED COPY”.
Date printed 2/17/21 21:35 a2/p2
Control of Documented Information
Process
Version: 3.0
Approved By: J. Weiss, 06/10/2019

1 Scope & Purpose


To define the process for controlling quality system, service management system and information security management system
documents and records.

This procedure applies to all quality system, service management system and information security management system documents
implemented at VMD Corp.– 4114 Legato Road, Suite #700, Fairfax VA, 22033

2 Roles & Responsibilities


The table below presents the roles and responsibilities required for the successful implementation of this process.

Table 1: Roles and Responsibilities

Role Responsibility
MRB Responsible for reviewing and approving changes to the Quality Manual and quality policies.
CRB Responsible for identifying and establishing documentation required by the quality management, service
management and information security management systems. Responsible for implementing and
maintaining the document control system. Responsible for controlling applicable documentation in
accordance with this process.
Process Owners Responsible for writing, updating, and retaining documentation in applicable document storage sites
(SharePoint/or Shared Drives). Responsible for controlling applicable documentation in accordance with
this process. Responsible for confirming that only current versions of quality, service and information
security management systems documents are used on the job.
All Employees Responsible for identifying and suggesting proposed changes to documentation as appropriate;
responsible for maintaining compliance with this process

3 Inputs
Inputs are the policies, processes, documents, records, environmental or organizational factors, or any other factors that exist prior
to entering the process and influence process performance. The process relies on the following inputs:

 Quality Manual
 VMD processes
 ISO requirements or configuration management
 Master Document-Type Control Log (MDCL - maintained by the CRB)
 Controlled Documents and Records Register (CDRR - maintained by each Process Owner)

4 Outputs
Outputs are the processes, documents, records, or other factor that the process produces or changes. The process generates the
following outputs:

 Documents
 Records
 Updated Master Document-Type Control Log (maintained by the CRB)
 Updated Controlled Documents and Records Register (maintained by each Process Owner)
VMD-CORP-005 Confidential and Proprietary – All Rights Reserved 1
Printed copy valid for 24 hours from time of printing unless otherwise indicated “CONTROLLED COPY”.
Date printed 2/17/21 21:35 a2/p2
Control of Documented Information
Process
Version: 3.0
Approved By: J. Weiss, 06/10/2019

5 Entrance Criteria
Entrance criteria describe the conditions that should exist prior to a process being initiated. The entrance criteria for the process
include:

 Need for new document or record is identified


 Template for the required document or record does not already exist in the document repository

6 Exit Criteria
Exit criteria describe the conditions that should exist prior to concluding the process. The exit criteria for the process include:

 Document/record approved
 Document type listed in Master Document-Type Control Log, if new
 Document/record listed in CDRR, if new and controlled

7 Process Flow
There is no process flow diagram for this process at this time. Further explanation of the process activities follows.:

8 Procedure
The following sections describe the procedures for controlling documents and records.

8.1 Control of Documents


8.1.1 Controlling Documents
1. The following types of documents are considered controlled quality system and service management
system documents:

1.1. Quality Management System (QMS) manual


1.2. Service Management System (SMS) manual
1.3. Processes and Procedures
1.4. Templates/Forms

2. These documents must be controlled according to the requirements of this process


3. All document types managed by VMD processes must be catalogued in the Document-Type Control
Master Log (DCML). For each document type, the document owner must track the following:

3.1. Organizational Unit/Process Area responsible for the documents of the type
3.2. Document Type
3.3. Title
3.4. External?
3.5. Management System
3.6. Controlled?
3.7. If controlled, the following items must also be tracked
3.7.1. Baseline Criteria
3.7.2. Document Owner/Approver
3.7.3. Frequency of Review

VMD-CORP-005 Confidential and Proprietary – All Rights Reserved 2


Printed copy valid for 24 hours from time of printing unless otherwise indicated “CONTROLLED COPY”.
Date printed 2/17/21 21:35 a2/p2
Control of Documented Information
Process
Version: 3.0
Approved By: J. Weiss, 06/10/2019

4. All controlled documents must be logged in the Organizational Unit’s/Process Area’s Controlled
Documents/Records Register (CDRR). The following items must be tracked for each controlled
document:

4.1. Organizational Unit/Process Area responsible for the documents of the type
4.2. Document Title
4.3. Type
4.4. Document/Record/External
4.5. Media
4.6. Classification Level
4.7. Applicable Management Framework/System
4.8. Owner/Dissemination Approver
4.9. Authorized Storage Locations
4.10. Baseline Criteria
4.11. Frequency of Review
4.12. Last Reviewed Date
4.13. Last Reviewed By
4.14. Next Review Date
5. The DCML and CDRR must be reviewed at least annually by all Organizational Units/Process Areas

8.1.2 Initiating a New Document


1. Any manager can request development of a new quality system, system service or information security
management document. New document requests are approved by the appropriate process owners or
Change Review Board (CRB) who will assign an individual to serve as the Document Author.

2. The Document Author will create a draft of the document to meet the requested scope and requirements
using the appropriate document format requirements as established by the MRB/CRB.

8.1.3 Document Identification and Legibility


1. Documents are legible, even if handwritten, and are identified by a title and date

8.1.4 Review and Approval of New Documents


1. The MRB/CRB will review related documentation, including the QMS and ISO 9001 standard, the SMS
and ISO 20000-1 and the ISMS and ISO 27001 standard to ensure compliance with all requirements.

2. All documents are reviewed and approved for adequacy prior to issue and use by authorized personnel.
Approvals are indicated using the following methods:

2.1. Quality Management System (QMS)

2.1.1. Indicated by means of an approved date and the name of the approver or approval group
(MRB/CRB).

2.2. Service Management System (SMS)


2.3. Indicated by means of an approved date and the name of the approver or approval group
(MRB/CRB).
2.4. Information Security Management System (ISMS)
2.5. Indicated by means of an approved date and the name of the approver or approval group
(MRB/CRB).
2.6. The following personnel are authorized to approve documents:

VMD-CORP-005 Confidential and Proprietary – All Rights Reserved 3


Printed copy valid for 24 hours from time of printing unless otherwise indicated “CONTROLLED COPY”.
Date printed 2/17/21 21:35 a2/p2
Control of Documented Information
Process
Version: 3.0
Approved By: J. Weiss, 06/10/2019

3. The following personnel are authorized to approve documents:

3.1. QMS

3.1.1. Policy and Manual - MRB

3.1.2. Processes - CRB

3.1.3. Procedures – Appropriate process owners, or Change Review Board (CRB)

3.1.4. Work instructions – Appropriate process owners, or Change Review Board (CRB)

3.1.5. Forms/Templates – Appropriate process owners, or Change Review Board (CRB)

3.2. SMS

3.2.1. SMS – MRB/CRB

3.2.2. Procedures – Change Review Board (CRB)

3.2.3. Forms/Templates – Change Review Board (CRB)

3.3. ISMS

3.3.1. SMS – MRB/CRB

3.3.2. Procedures – Change Review Board (CRB)

3.3.3. Forms/Templates – Change Review Board (CRB)

4. New documents and revisions are marked with “Approved Date” and “Approved By”.

5. Document revisions and distribution locations are listed/located in applicable document storage sites
(SharePoint and/or Shared Drives) and tracked in the DCML and DCRR.

8.1.5 Distribution of Controlled Documents


1. Controlled documents are distributed by the MRB/CRB or Process Owners and are made available where
needed. Outdated copies are removed from use (see 5.8 below).

2. Electronic distribution of controlled documents is made by storing the document files in applicable
document storage sites (SharePoint and/or Shared Drives).

3. Controlled copies of documents may also be issued on an as-needed basis from the MRB/CRB or Process
Owners.

8.1.6 Periodic Review


1. All controlled documents are reviewed for continued adequacy on an annual basis unless another
frequency is specified on the document.

2. Records of periodic reviews are kept by the MRB/CRB or Process Owners stored on applicable document
storage sites and in the CDRR.
VMD-CORP-005 Confidential and Proprietary – All Rights Reserved 4
Printed copy valid for 24 hours from time of printing unless otherwise indicated “CONTROLLED COPY”.
Date printed 2/17/21 21:35 a2/p2
Control of Documented Information
Process
Version: 3.0
Approved By: J. Weiss, 06/10/2019

3. Documents are revised as needed

8.1.7 Updating and Re-Approving Changes to Documents


1. Any manager can request a modification to a quality system or service management system document.
Changes are approved by the appropriate process owner, MRB or CRB.

2. The Document Author will create a new draft of the document (see 5.2 above) and submit it for review
and approval (see 5.4 above).

3. Handwritten corrections in documents (“red-line corrections”) are also reviewed and approved by means
of signature and date by an authorized person. Approved handwritten changes are authorized for use up
to 30 days following approval by which time the change(s) must be incorporated into a new release of the
document. No unauthorized other handwritten notes or comments are allowed on controlled documents.

4. Changes to documents are identified on the document by means of a change log or via electronic
comments stored in SharePoint.

5. Revised documents are marked with a new revision date and/or revision number.

6. Changes that affect the document baseline are reflected in the CDRR and MDCL.

8.1.8 Obsolete Documents


1. Obsolete documents are removed from use when new revisions are distributed.

2. Historical copies of outdated documents may be kept as needed by the MRB/CRB or Process Owners and
moved to a secure location on the company network to avoid inadvertent use on the job.

3. Obsolete documents may be made available for reference on an as-needed basis from the MRB/CRB or
Process Owners.

4. References to the obsolete documents or document-types should be removed from the CDRR and MDCL
as appropriate.

8.1.9 External Documents


1. Documents of external origin include standards and contracts determined to be necessary for the planning
and operation of the quality management and service management systems. These include external
documents that affect product conformity and a copy of the ISO 9001 and ISO 20000-1 standards.

2. External documents are controlled by the MRB/CRB or Process Owners by identifying the documents on
their controlled master list of documents or stored in applicable document storage site. SharePoint
including their revision and/or date of publication, and their distribution.

3. When superseded by a new version, outdated copies of external documents are removed from use. If
outdated copies are retained, they must be controlled according to the requirements

8.2 Control of Quality Management System Records


8.2.1 Controlled Records
1. The following types of records are considered controlled quality system and service management system
documents:

VMD-CORP-005 Confidential and Proprietary – All Rights Reserved 5


Printed copy valid for 24 hours from time of printing unless otherwise indicated “CONTROLLED COPY”.
Date printed 2/17/21 21:35 a2/p2
Control of Documented Information
Process
Version: 3.0
Approved By: J. Weiss, 06/10/2019

2. Records and information identified in the Controlled Document-Type Control Log are considered
controlled Quality Management System records.

3. Required records are specified in appropriate procedures and work instructions.

4. These records must be controlled according to the requirements of this Procedure.

5. All controlled records must be logged in the Organizational Unit’s/Process Area’s Controlled
Documents/Records Register (CDRR). The following items must be tracked for each controlled record:

5.1. Organizational Unit/Process Area responsible for the documents of the type
5.2. Document Title
5.3. Type
5.4. Document/Record/External
5.5. Media
5.6. Classification Level
5.7. Applicable Management Framework/System
5.8. Owner/Dissemination Approver
5.9. Authorized Storage Locations
5.10. Baseline Criteria
5.11. Frequency of Review
5.12. Last Reviewed Date
5.13. Last Reviewed By
5.14. Next Review Date

6. The DCML and CDRR must be reviewed at least annually by all Organizational Units/Process Areas

8.2.2 Maintaining Records


1. All controlled records are maintained to facilitate their retrieval as needed. This control includes
appropriate legibility, identification, protection, indexing and organization.

2. All records are stored to ensure protection from loss, damage or deterioration. This includes data backup
for electronic records. Storage locations are designated and cabinets, drawers, shelves and files
(including computer files for electronic records) containing records are clearly labeled.

3. Employees requiring use of controlled records will be granted access to facilitate timely retrieval.
Records removed for reference must be re-filed as appropriate.

4. Procedures and work instructions specify the following pertaining to required records:

4.1. Record Name – How the record is identified

4.2. Record Location – Where the record is stored

4.3. Record Access – Who is allowed access to the record

4.4. Disposal Method – How the record is disposed of once retention time is met

4.5. Retention Time – How long the record is maintained

VMD-CORP-005 Confidential and Proprietary – All Rights Reserved 6


Printed copy valid for 24 hours from time of printing unless otherwise indicated “CONTROLLED COPY”.
Date printed 2/17/21 21:35 a2/p2
Control of Documented Information
Process
Version: 3.0
Approved By: J. Weiss, 06/10/2019

5. The appropriate department manager responsible for the procedure or work instruction, unless otherwise
specified, is also responsible for ensuring that controlled records are maintained in accordance with the
requirements of this Procedure.

8.3 Control of Service Management System Records


8.3.1 Controlled Records
1. Records and information identified in SharePoint are considered controlled Service Management System
records.

2. Required records are specified in appropriate policies and procedures.

3. These records must be controlled according to the requirements of this Procedure

8.3.2 Maintaining Records


1. All controlled records are maintained to facilitate their retrieval as needed. This control includes
appropriate legibility, identification, protection, indexing and organization.

2. All records are stored to ensure protection from loss, damage or deterioration. This includes data backup
for electronic records. Storage locations are designated and cabinets, drawers, shelves and files
(including computer files for electronic records) containing records are clearly labeled.

3. Employees requiring use of controlled records will be granted access to facilitate timely retrieval.
Records removed for reference must be re-filed as appropriate.

8.4 Control of Information Security Management System Records


8.4.1 Controlled Records
1. Records and information identified in SharePoint are considered controlled Information Security
Management System records.

2. Required records are specified in appropriate policies and procedures.

3. These records must be controlled according to the requirements of this Procedure

8.4.2 Maintaining Records


1. All controlled records are maintained to facilitate their retrieval as needed. This control includes
appropriate legibility, identification, protection, indexing and organization.

2. All records are stored to ensure protection from loss, damage or deterioration. This includes data backup
for electronic records. Storage locations are designated and cabinets, drawers, shelves and files
(including computer files for electronic records) containing records are clearly labeled.

3. Employees requiring use of controlled records will be granted access to facilitate timely retrieval.
Records removed for reference must be re-filed as appropriate

9 Risk Considerations
None.

VMD-CORP-005 Confidential and Proprietary – All Rights Reserved 7


Printed copy valid for 24 hours from time of printing unless otherwise indicated “CONTROLLED COPY”.
Date printed 2/17/21 21:35 a2/p2
Control of Documented Information
Process
Version: 3.0
Approved By: J. Weiss, 06/10/2019

10 Reference Documents
The following documents relate to this process:

 Quality Management System (QMS) Manual


 Service Management System (SMS) Manual
 Control of Documented Information Process
 Information Corrective Action Process
 Internal Audit Process
 Risk Management Process
 Operations Process
 HR/Recruiting Process
 Business Development/Proposal Management Process
 Subcontracting Process
 Supplier Evaluation Process

VMD-CORP-005 Confidential and Proprietary – All Rights Reserved 8


Printed copy valid for 24 hours from time of printing unless otherwise indicated “CONTROLLED COPY”.
Date printed 2/17/21 21:35 a2/p2
Control of Documented Information
Process
Version: 3.0
Approved By: J. Weiss, 06/10/2019

APPENDICES
Appendix A: Acronyms
The following table presents the definitions for acronyms used in this document.

Table 2: Acronyms

Acronym Definition
CDRR Controlled Documents/Records Register
CRB Change Review Board
ISMS Information Security Management System
ISO International Organization for Standardization
MCDL Master Document-Type Control Log
MRB Management Review Board
QMS Quality Management System
SMS Service Management System

VMD-CORP-005 Confidential and Proprietary – All Rights Reserved 9


Printed copy valid for 24 hours from time of printing unless otherwise indicated “CONTROLLED COPY”.
Date printed 2/17/21 21:35 a2/p2
Control of Documented Information
Process
Version: 3.0
Approved By: J. Weiss, 06/10/2019

Appendix B: Documents and Records


The following table presents the documents and records generated from the process, including the file format and location of the record(s).

Table 3: Records

Type Controlled? If controlled, Frequency


(Document/ Record Name Location
(Yes/No) of Review
Record)
Document Control of Documented QMS/Documents-Final Yes Annually
Information Process
Record Master Document-Type Control QMS/Records Yes Annually
Log
Document Controlled Documents and QMS/Documents-Final Yes Annually
Records Register Template
Record Controlled Documents and Defined by Process Yes Annually
Records Register for each Owner/Organization Unit
Process Area/Organization Unit

VMD-CORP-005 Confidential and Proprietary – All Rights Reserved 10


Printed copy valid for 24 hours from time of printing unless otherwise indicated “CONTROLLED COPY”.
Date printed 2/17/21 21:35 a2/p2
Control of Documented Information
Process
Version: 3.0
Approved By: J. Weiss, 06/10/2019

Appendix C: Reporting Thresholds


The following table presents the compliance thresholds for the measures, if any, that are tracked for this process. The corrective action
process must be followed for all Items that do not meet the threshold.

Table 4: Reporting Thresholds

Item Threshold Notes


None

VMD-CORP-005 Confidential and Proprietary – All Rights Reserved 11


Printed copy valid for 24 hours from time of printing unless otherwise indicated “CONTROLLED COPY”.
Date printed 2/17/21 21:35 a2/p2

You might also like