Chapter 4: Revision Control, Version Numbering and Change Logs (What Auditors Actually Check)

Revision control under ISO 9001:2015 clause 7.5.3 requires every document to have an unambiguous identifier, a current revision marker, an approved-by signature with date, and a change log showing what changed and why. Accredited auditors verify revision control by sampling 8-15 documents per audit day, checking for current revision in use on the floor versus the master copy, and tracing the change log back at least one revision. The most common nonconformity is uncontrolled copies in active use after a revision.

Across PinnacleQMS clients running multi-standard systems, revision control is the single most-cited weakness in Stage 2 certification audits. The mechanics look simple on paper: a number changes, a signature lands, a log entry gets added. In practice, the failure points are mundane and repetitive. A supervisor laminates a work instruction in 2023 and never replaces it. An engineer emails a draft procedure to three operators who treat it as the live version. A document owner retires and the review cycle quietly stops. None of these are dramatic; all of them produce nonconformities. This chapter walks through the questions auditors actually ask and the evidence they actually want to see.

Frequently Asked Questions

What is the minimum revision control information required?

Every controlled document must carry, at minimum, six pieces of information visible on the document itself: a unique document identifier (such as QP-001 or WI-PROD-014), the document title, the current revision designator, the effective date, the name and role of the approver, and either a page-of-page footer or a digital integrity marker confirming the document has not been altered. ISO 9001:2015 clause 7.5.3.1 frames this as ensuring documents are "available and suitable for use, where and when needed" and "adequately protected." Auditors translate that language into a checklist. They will pick up a printed work instruction and ask: which revision is this, who approved it, when did it become effective, and where is the master? If any of those four answers requires a phone call, a search through email, or a trip to a different department, the document is not adequately controlled. ISO 13485:2016 adds explicit traceability requirements for medical device documentation, and accredited auditors reviewing ISO 13485 systems will expect the approver field to identify a specific named individual rather than a generic role title.

Should documents use letters (A, B, C) or numbers (1.0, 1.1) for revision?

Both conventions are acceptable and neither is preferred by ISO. The choice should be deliberate, documented in the controlled-documents procedure, and applied consistently across the entire QMS. Letter-based revision (A, B, C) is common in aerospace and AS9100 environments because it aligns with engineering drawing conventions inherited from MIL-STD practice. Numeric revision with decimals (1.0, 1.1, 2.0) is common in software-influenced or healthcare and medical device organizations where major-versus-minor distinctions matter for regulatory submission. The risk in mixed conventions is ambiguity: if Procedure QP-001 is at Rev C and Work Instruction WI-014 is at Rev 2.3, an operator cannot quickly tell whether a 2.3 represents a bigger or smaller change than a C. Auditors do not penalize either system, but they will issue a finding if the same document type uses different conventions in different departments, or if the convention rules are not written down. A common compromise is letter revisions for procedures and policies (A, B, C) and numeric revisions for forms and templates (1, 2, 3), with the rule recorded in the document control procedure.

How often should documents be reviewed for currency?

ISO 9001 does not specify a review frequency. The standard requires that documents remain "suitable" and that changes are identified, which leaves the cadence to the organization. Common practice across ISO 9001 implementations is annual review for procedures, biennial review for policies, and event-driven review for work instructions tied to specific equipment or processes. Event triggers include process changes, equipment replacement, customer complaints, internal audit findings, regulatory updates, and management review actions. The trap auditors look for is a stale review date with no documented justification. If a procedure was last reviewed in 2022 and the current date is 2026, the auditor will ask why. An acceptable answer is a logged management review decision that the document remains current; an unacceptable answer is silence. IATF 16949 is more prescriptive and expects documented evidence of periodic review for customer-specific requirements. FSSC 22000 expects review whenever a HACCP plan input changes. Recording the review event, even when nothing changes, is what separates a controlled system from a neglected one.

What's the difference between a minor revision and a major revision?

A minor revision corrects errors, clarifies wording, or updates references without changing the intent or the required actions. A major revision changes a process step, adds or removes a control, alters responsibilities, or affects compliance with a clause requirement. The practical test is whether re-training is required. If an operator who is competent on the previous revision can perform the task correctly using the new revision without additional instruction, the change is minor. If they need to be re-trained, re-qualified, or re-authorized, the change is major. Numeric conventions handle this naturally: 1.0 to 1.1 is minor, 1.1 to 2.0 is major. Letter conventions usually treat every change as a full revision step (A to B to C) and rely on the change log to communicate magnitude. Auditors check that re-training records align with major revisions. A procedure that jumped from Rev B to Rev C with substantive workflow changes but no associated training records is a finding waiting to happen.

How do change logs differ from revision histories?

A revision history is a list of revisions and dates. A change log is a description of what changed, why it changed, and who authorized it. ISO 9001 clause 7.5.3.2(c) requires control of changes including version control, which auditors read as a requirement for both. The revision history typically lives at the front or back of the document as a table: Rev A, 2024-03-15, initial release; Rev B, 2024-09-22, updated. The change log expands the "updated" entry into a meaningful narrative: "Section 4.2 modified to add visual inspection step before packaging following CAPA-2024-018; section 6.1 updated to reference new torque specification per Engineering Change Order ECO-2024-441; approver changed from M. Chen to D. Rodriguez following role transition." Auditors reading the change log should be able to reconstruct the reason for every meaningful change without asking a single question. A revision history with vague entries like "general updates" or "cleanup" is a flag.

Who is authorized to approve a document revision?

The approver must be defined in the controlled-documents procedure and must have the competence to evaluate the content. ISO 9001 does not require a specific role, but it requires that the approver be identified and authorized. Common practice is that procedures are approved by department managers or process owners, policies are approved by top management, and work instructions are approved by the relevant supervisor or technical lead. For automotive suppliers under IATF 16949, customer-specific procedures often require a quality manager signature regardless of the document type. For medical device documents under ISO 13485, the approver must be qualified per the organization's competence matrix, and Health Canada and FDA inspectors will challenge approval authority that does not match the role description. The approver and the author should not be the same person; if the document creator approves their own work, the segregation-of-duties principle is violated and most auditors will issue a finding.

What objective evidence do auditors expect to see?

Auditors expect three forms of evidence during a revision control review. First, the master list or document register showing every controlled document, its current revision, its approver, and its effective date. Second, the document itself with the revision marker, approval signature, and effective date visible. Third, evidence that the version in use matches the master: a printed copy on the floor, a screen view at a workstation, or a download from the document management system. Auditors will physically walk to the point of use, ask an operator to retrieve the procedure they are following, and compare it to the master. A mismatch is an immediate finding. They will also check the change log, request the previous revision for comparison, and verify that obsolete copies have been removed from active locations or marked as superseded. The 98% of PinnacleQMS clients who pass Stage 2 on first attempt do so largely because point-of-use checks are clean.

What happens when a customer or regulator updates an external standard you reference?

External documents referenced in the QMS must be controlled per ISO 9001 clause 7.5.3.2(f). When a customer specification, an ISO standard, an industry code, or a regulatory document is revised, the organization must identify the change, evaluate its impact on internal documents, and update the internal documents accordingly. The mechanism is usually a quarterly or semi-annual external document review, supplemented by subscription alerts from standards bodies and regulators. Auditors will pick a referenced external document, check the current published version, and compare it to the version cited in the internal procedure. If the internal procedure references an obsolete edition of the customer specification, the finding is twofold: the external document is uncontrolled, and the internal document is therefore inaccurate. Maintaining a separate external document register with publisher, edition, date acquired, and date last verified is the cleanest approach.

How long do superseded documents need to be retained?

ISO 9001 does not specify a retention period for superseded documents, but it does require that obsolete versions be identified and prevented from unintended use. Industry practice is to retain superseded versions for the lifetime of the product or service plus the contractual liability period, which for most manufacturers is seven to ten years. Medical device organizations under ISO 13485 must retain documents for the lifetime of the device or as required by regulation, whichever is longer. Aerospace organizations under AS9100 typically retain for the life of the aircraft type. Automotive organizations under IATF 16949 follow customer-specific retention rules, often 15 years for safety-related documentation. Superseded documents must be clearly marked, segregated from active documents, and accessible for reference but not for execution. A digital QMS handles this through status flags; a hybrid system requires a physical archive with a retention schedule.

Are electronic signatures acceptable for document approval?

Yes, provided the electronic signature meets the integrity requirements of the applicable regulation. For most ISO 9001 implementations, an authenticated user action in a document management system qualifies as an electronic signature. For medical device organizations subject to FDA 21 CFR Part 11, the electronic signature must include the signer's identity, the date and time, the meaning of the signature, and a tamper-evident link to the signed document. For pharmaceutical and food organizations under FSMA or EU equivalents, similar standards apply. Auditors check that the e-signature system enforces unique user authentication, prevents repudiation, and produces an audit trail that cannot be edited by the signer. Wet ink signatures remain acceptable but are increasingly rare in production environments.

How does revision control work in a paper-based vs digital QMS?

In a paper-based system, revision control depends on physical retrieval of obsolete copies, manual stamping of "controlled copy" markings, and a master list maintained by a document controller. The failure mode is uncontrolled copies surviving in desk drawers, laminated boards, and toolboxes. In a digital QMS, revision control is enforced by the system: when a document is revised, all users see the new version, the old version is automatically archived, and point-of-use access is by reference rather than by printed copy. The failure mode shifts to access management and training records. Auditors check both systems against the same clauses but adjust their sampling: in paper systems they walk the floor; in digital systems they pull access logs.

What's the most common revision-control finding in Stage 2 audits?

The single most common finding is an obsolete document in active use at the point of operation. An auditor walks to a workstation, asks the operator to show the work instruction, and the displayed revision is one or two behind the master. The root cause is almost always the same: a revision was approved and uploaded to the system, but the printed copy on the wall was never replaced. This finding accounts for roughly one in three revision-control nonconformities across multi-standard certification audits.

Practical revision control template

A workable template includes: Document ID (QP-001), Title (Internal Audit Procedure), Revision (C), Effective Date (2026-03-15), Approver (M. Chen, Quality Manager), Next Review Date (2027-03-15), and a Change Log table with columns for Revision, Date, Description of Change, Reason, Author, Approver. Each row of the change log is one or two sentences of substance, never "general updates." The template lives in every controlled document and is identical across all standards in scope.

Document control is the foundation auditors test first because everything else in the QMS rests on it. The PinnacleQMS platform automates revision marking, change logs, point-of-use distribution, and obsolete-document segregation across every standard in a single workflow. To see how revision control looks when it is built into the system rather than bolted onto it, contact PinnacleQMS for a walkthrough.