Document and Record Control Procedure

1.0
Document Information
Title of Document Document and Record Control Procedure
Author
Document Code RT-DCP-02
Version 1.0
Issued January 6, 2023

Document Revision & Approvals

This procedure is released and approved as follows.

Version Date Name of Approver Signature of Approver Description of Change

P a g e 2 | 10

This
Table of Contents
1 Purpose ................................................................................................................................................. 3
2 Scope ..................................................................................................................................................... 4
3 Abbreviations used in this document ................................................................................................... 4
4 Definitions (if any) ................................................................................................................................. 4
5 Control of Documents Procedure ......................................................................................................... 5
5.1 Creation of Documents ................................................................................................................. 5
5.2 Documentation Levels .................................................................................................................. 5
5.2.1 Level 1 – Manual ................................................................................................................... 6
5.2.2 Level 2 – Policies ................................................................................................................... 6
5.2.3 Level 3 – Procedures / Plans ................................................................................................. 6
5.2.4 Level 4 – Templates of Records and artifacts ....................................................................... 6
5.3 Review and Approval .................................................................................................................... 6
5.4 Distribution of Documents............................................................................................................ 7
5.5 Re-Evaluation ................................................................................................................................ 7
5.6 Revising Documents ...................................................................................................................... 7
5.7 Controlling Documents of External Origin .................................................................................... 8
5.8 Templates or Forms ...................................................................................................................... 8
6 Control of Records Procedure............................................................................................................... 9
6.1 Media for Storage of Records ....................................................................................................... 9
6.2 Protection of Records ................................................................................................................... 9
6.3 Retrieval of Records ...................................................................................................................... 9
6.4 Retention Time of the Records ..................................................................................................... 9
6.5 Disposition of Expired/Old Records .............................................................................................. 9
7 Related Documents ................................................................................ Error! Bookmark not defined.

1 Purpose
This procedure defines the requirements for the creation, review, approval, distribution, use and revision
of RICH TECHNOLOGIES PVT LIMITED’s Information security management system documents.

P a g e 3 | 10

This
2 Scope
This procedure applies only to documents, which instruct RICH TECHNOLOGIES PVT LIMITED staff
members on how to carry out activities and tasks; this includes manuals, procedures, templates / forms
and instructional sheets. Documents outside of this scope do not require control.

3 Abbreviations used in this document

Abbreviation Acronyms
MLD Master list of documents (sheet in “Master index” workbook)
MLR Master list of Records (sheet in “Master index” workbook)
EOD External Origin Documents (sheet in “Master index” workbook)

4 Definitions (if any)

P a g e 4 | 10

This
5 Control of Documents Procedure
5.1 Creation of Documents
➢ Documents are created with the consultation of an appropriate subject matter expert.
➢ All internal documents are created as soft files (Google Docs); it is recommended that files of a
similar type follow the format of other documents in that type.
➢ All IMS documents are stored in Google drive as central repository and access rights are allocated
on need to know basis.
➢ Draft versions must then be sent to the appropriate approver(s) for review and approval.
➢ Approved document shall be controlled in master index and code would be updated accordingly.

5.2 Documentation Levels

Documents are prepared in 4 different levels and each level has different category and different coding
scheme which is based on five digits general naming convention of RICH TECHNOLOGIES PVT LIMITED
documents as:

First Digit = Document level code (From 1 to 4)

Next three Digits = serial Number (From 001 to 999)

Last Digit = Classification Code (From 1 to 5) Level 1:

Manual
Level code, serial number and classification code is separated by “-“

Example: 3-001-2 Level 2:

Policies
3 shows procedure, 001 is serial number and 2 is classification code

Level 3:
Procedures and Plans

Level 4:
Record/Artifact Templates

P a g e 5 | 10

This
5.2.1 Level 1 – Manual
Standard Manual is the top most level document, which describes the interaction of process’s interfaces
with each other in order to describe RICH TECHNOLOGIES PVT LIMITED’s management system.

5.2.2 Level 2 – Policies

Standard Policies are second level document for standardization and very important documents. In the
standard policies, rules are defined that fit for RICH TECHNOLOGIES PVT LIMITED and our approach to
achieve the objectives within the boundaries of our defined scope.

5.2.3 Level 3 – Procedures / Plans

Procedures and plans are systematic (Sequential activities) writing of RICH TECHNOLOGIES PVT LIMITED
processes. This type of documentation provides the details of activities to achieve the required goals or
results as per our defined policies.

5.2.4 Level 4 – Templates of Records and artifacts

Records and artifacts are evidences of process output; all hardcopy records use predefined templates.

Note: System Generated Logs or reports are also part of Records but these are not controlled as per above
or any naming convention.

5.3 Review and Approval

➢ The Level 1 and Level 2 may only be approved by the CEO. Other documents are to be approved
by the relevant subject matter expert who may be an appropriate area manager or a company
executive.
➢ Draft files may be sent to the approver(s) via email.
➢ The reviewer will resolve any issues with the original author and subject matter expert to achieve
a satisfactory document.
➢ The reviewer will indicate approval of the document by electronic signing the document.
➢ The approved document shall then be forwarded to the Document Controller.
➢ The Document Controller will maintain a list of most current hardcopy versions of documents.
Any previous hardcopies in the list are to be changed or moved in an obsolete document folder.
➢ The Document Controller will maintain a folder, placed in Google Drive for the latest soft copy
versions of document. This folder must be preserved and protected against any possible damage
or alteration.
➢ Any previous documents are then moved to a separate folder identified for obsolete documents
which are kept for historical purposes.
➢ The directory of official released documents shall act as a “master Index” of documents in the
relevant sheet, indicating the current versions of all documents. No other master list is required.

P a g e 6 | 10

This
 ➢ Sheets in “Master index” are MLD, MLR, EOD, and Obsoletes. MLD stands for Master list of
documents (level 1 to level 3), MLR stands for Master list of Records (Level 4 only), EOD stands
for external origin document e.g. ISO 27001 document, and obsolete are out dated documents.

5.4 Distribution of Documents

➢ The Document Controller will maintain a list of where controlled documents are to be distributed.
The Document Controller will be responsible for communicating updated copies.
➢ Controlled documents may not be altered or modified by users, and must remain legible and
readily identifiable.
➢ Controlled documents may not be printed, unless for the purposes of sending to a recipient who
is authorized to receive uncontrolled versions of RICH TECHNOLOGIES PVT LIMITED documents
(i.e., a vendor or customer)

5.5 Re-Evaluation
➢ Documents must be reviewed by the original author or another subject matter expert or top
manager every three years.
➢ The Document Controller will ensure re-evaluation is conducted and that documents are updated
if required. The Document Controller will maintain a record of document re-evaluations, to
identify when documents are due for re-evaluation.
➢ If a document is determined to require updating, the changes shall be made and a new version
issued per the rules below.
➢ If a document is determined not to require updating, no action on the document is necessary.

5.6 Revising Documents

➢ Changes to documents go through the same steps as original issue, except that their revision level
is advanced upon approval.
➢ Only authorized personnel may change documents, although any employee can request a change
to their Manager, or by filing a change request form wherever possible, the document shall
include a change history table within its text. Forms do not require a revision history table.
➢ Any changes to documents that require customer or regulatory authority review and approval
shall be submitted accordingly, and not implemented until such approval is obtained.
➢ If document changes require customer or regulatory approval prior to implementation, this will
be obtained in writing. When processes are changed, the appropriate documentation shall be
updated, with a change history updated to reflect the reason for the change.
➢ Document versions will be controlled as 1.0 (rational number) format, where left digit from “.”
Indicates final release iteration number whereas right digit shows draft or proposed iteration
number.
➢ Re-evaluation, inspection (where applicable) and internal auditing will confirm the effectiveness
of changes.

P a g e 7 | 10

This
5.7 Controlling Documents of External Origin
➢ For external documents such as standards or third-party specifications which are referenced in a
customer purchase order or contract, these documents may be maintained without control,
provided that the revision of the document on file matches the revision indicated by the
customer. Where the customer provides no revision number, the latest (most recent) revision
shall be assumed.
➢ Third party specifications and prints, including those of the customer, are not controlled per the
configuration management requirements set forth in the RICH TECHNOLOGIES PVT LIMITED
procedure.
➢ External documents for non-critical use, such as user manuals, reference books, marketing
materials, and supplier directories are not controlled.

5.8 Templates or Forms

➢ Forms are a special kind of document that may be photocopied as needed. Furthermore, forms
do not require an approval signature; department managers are responsible for creating and
using forms in their areas.
➢ A softcopy of each approved form must be sent to the Document Controller for inclusion in the
document control process, and for inclusion in the master list of documents.

P a g e 8 | 10

This
6 Control of Records Procedure
6.1 Media for Storage of Records
Soft copies of record are maintained in central repository. Hard copies (if required) are maintained in
files/folders by respective departments. Every Department is responsible for maintaining (Add/ Delete/
Update) its records either in Soft or Hard form.

Master document list is developed to track the record information and about the location of these
folders/files either in soft or hard form.

6.2 Protection of Records

Records in electronic format are protected by taking backups. Backups are taken as mentioned in Data
Backup Procedure. Backups of some records are also taken by keeping them in hard form and hardcopies
are protected against all damaging impact like termite’s attack, spillage of liquids etc.

6.3 Retrieval of Records

Records are maintained by using proper numbering and versioning schemes to ensure their easy retrieval.
For efficient retrieval, all the information which is treated as Record is maintained by each department
and stored in logical manner in Medias.

6.4 Retention Time of the Records

The retention time of the records maintained at RICH TECHNOLOGIES PVT LIMITED is specified as per the
nature of process and documented in master list of Records.

6.5 Disposition of Expired/Old Records

After the expiry of retention period of records, concerned department head / MR reviews the validity and
usefulness of records. Then decides whether to destroy the record or not. If decision is made to destroy
the record, the record is hand over to administration department and disposition is done under the
supervision of the head of department / section lead or respective assignee.

P a g e 9 | 10

This
 P a g e 10 | 10

This