Document Control & Record-Keeping
Aligned with FSSC 22000 – ISO-Based Food Safety Management System (FSMS)
Requirement Overview
Under FSSC 22000, organizations must establish effective systems to control all documented information within the Food Safety Management System (FSMS). This includes ensuring that only current, approved documents are in use and that records are complete, legible, and securely maintained.
Document control prevents the use of outdated procedures, while robust record-keeping provides evidence of implementation, supports traceability, and demonstrates compliance during audits.
Key Compliance Objectives
-
✓ Control and maintain up-to-date, approved documents
✓ Prevent the use of obsolete or unofficial versions
✓ Ensure records are complete, legible, and signed
✓ Support regulatory compliance, audits, and risk mitigation
Step-by-Step Compliance Implementation
1. Establish Document Control Procedures
-
Include Controls For:
-
• Approval by designated authorities
• Unique document identification (name, code, version)
• Version and revision history tracking
• Regular review intervals
Evidence to Maintain:
-
• Documented SOP for document control
• Master list of controlled documents
• Document approval forms and revision logs
- • Approval by designated authorities • Unique document identification (name, code, version) • Version and revision history tracking • Regular review intervals
- • Documented SOP for document control • Master list of controlled documents • Document approval forms and revision logs
2. Manage Access and Distribution
-
Control Measures:
-
• Define access levels (e.g., read-only vs editable)
• Ensure availability of current versions at point-of-use
• Label and archive obsolete versions as “Superseded”
Evidence to Maintain:
-
• Access control logs (digital or physical)
• Training records showing staff know where to find documents
• Archived obsolete versions with version control records
- • Define access levels (e.g., read-only vs editable) • Ensure availability of current versions at point-of-use • Label and archive obsolete versions as “Superseded”
- • Access control logs (digital or physical) • Training records showing staff know where to find documents • Archived obsolete versions with version control records
3. Implement Effective Record-Keeping
-
Requirements for Records:
-
• Timely and complete
• Legible, traceable, and secure
• Authenticated by date and signature or digital equivalent
Evidence to Maintain:
-
• Record retention policy and retention schedule
• Completed logs, forms, inspection sheets, etc.
• Secure storage system (physical or electronic)
- • Timely and complete • Legible, traceable, and secure • Authenticated by date and signature or digital equivalent
- • Record retention policy and retention schedule • Completed logs, forms, inspection sheets, etc. • Secure storage system (physical or electronic)
4. Review and Verify Regularly
-
Verification Activities:
-
• Internal audits on document and record control
• Spot checks of records for legibility and completeness
• Review of documents following system or process changes
Evidence to Maintain:
-
• Internal audit checklists and reports
• Review logs and change control forms
• Updated documents following non-conformities or feedback
- • Internal audits on document and record control • Spot checks of records for legibility and completeness • Review of documents following system or process changes
- • Internal audit checklists and reports • Review logs and change control forms • Updated documents following non-conformities or feedback
Common Audit Findings & Recommended Fixes
| Audit Finding | Recommended Action |
|---|---|
| Obsolete or uncontrolled documents | Enforce document approval and version control before distribution |
| Incomplete or altered records | Train staff and implement standardized, validated forms |
| Illegible or missing signatures | Mandate clear handwriting or digital authentication |
| No formal record retention policy | Develop and implement an FSMS-aligned retention and disposal procedure |
