What Is a Master Document Register?
A master document register is a centralised list of every controlled document within your management system. Think of it as the index of your entire quality, safety, or environmental system. It tells you what documents exist, who owns them, what version is current, when they were last reviewed, and where they are stored.
On this page
If you are working towards ISO certification, or you are already certified and trying to keep your system tidy, the master document register is one of the most practical tools you will use. Auditors look at it. New staff rely on it. And when something goes wrong, it is often the first place you go to check whether the right procedure was in place and whether people were working from the correct version.
The term itself does not appear word for word in ISO 9001 or most other ISO standards. What the standards do require is that you maintain controlled documents with appropriate version control, review cycles, and access controls. The master document register is simply the most practical way to meet that requirement and demonstrate it to an auditor.
Why Does It Matter for ISO Certification?
Document control is one of the areas where businesses get caught out during audits. Not because they do not have documents, but because they cannot prove that the right people are using the right version at the right time. An auditor will ask to see your documented information, and if you cannot quickly show them what is current and what has been superseded, that is a problem.
Under ISO 9001:2015 Clause 7.5, you are required to control documented information. This includes ensuring it is available where it is needed, protected from unintended alterations, and retained as evidence of conformity. A master document register supports all of these requirements in one place.
The same logic applies to ISO 14001, ISO 45001, ISO 27001, and virtually every other ISO management system standard. The specific clause numbers differ, but the underlying requirement is consistent: know what documents you have, keep them current, and control who can access or change them.
Beyond audits, there is a practical business reason to maintain a solid register. When staff turn over, when processes change, or when you are responding to a customer complaint, you need to be able to find the relevant document quickly and confirm it reflects what your business actually does. A register makes that possible.
What Should a Master Document Register Include?
There is no single required format. You can build one in a spreadsheet, a dedicated document management system, or even a simple shared folder with a well-structured index. What matters is that it captures enough information to control your documents effectively.
At a minimum, your register should include the following fields for each document.
Document Identification
Each document needs a unique identifier. This is usually a code or number that you assign, such as QMS-PRO-001 for your first quality procedure, or EMS-POL-001 for your environmental policy. The identifier makes it easy to reference documents in other documents, in audit findings, and in corrective action records without confusion.
Document Title
This should be the full name of the document, written clearly enough that anyone in the organisation can understand what it covers. Avoid abbreviations unless they are universally understood within your business.
Document Type
You should categorise each document by type. Common categories include policies, procedures, work instructions, forms, records templates, plans, and registers. This helps you filter and manage documents by type when you need to, and it helps auditors understand the structure of your system at a glance.
Version Number and Date
Every document should have a version number and the date it was approved. When you revise a document, you increment the version number and update the date. This is how you prove that your documents are being actively maintained and that obsolete versions are not in circulation.
Document Owner
This is the person responsible for keeping the document current. It is not necessarily the person who wrote it. The owner is the one who needs to review it, identify when it needs updating, and initiate the revision process. Assigning ownership prevents documents from falling into a grey zone where nobody feels responsible for them.
Review Date
Most management systems set a standard review cycle, often annually. Your register should show when each document is next due for review. This allows you to proactively manage your document calendar rather than scrambling before an audit.
Storage Location
Where is the document actually kept? Is it in a shared drive folder, a document management system, a physical folder, or an intranet page? The register should tell you exactly where to find the current version.
Status
Is the document active, under review, or superseded? Tracking status prevents people from accidentally using a document that is being revised or one that has been retired.
How to Set Up Your Master Document Register From Scratch
If you are starting from scratch, the process is more straightforward than it might seem. Here is a practical approach that works for most small to medium businesses.
Step 1: Audit What You Already Have
Before you build your register, you need to know what documents actually exist in your business. Walk through your operations and collect every procedure, policy, form, work instruction, and template that people are using. Include documents that are sitting in email inboxes, on personal desktops, and in filing cabinets. You will probably find multiple versions of the same document floating around. That is normal, and it is exactly the problem the register is designed to fix.
Step 2: Decide on Your Document Numbering System
Create a numbering convention before you start assigning codes. A common approach is to use a prefix that identifies the management system or department, followed by a document type code, followed by a sequential number. For example, QMS-POL-001 for the first quality policy, QMS-PRO-001 for the first quality procedure, and so on. Keep it simple and consistent.
Step 3: Build Your Register Template
A spreadsheet works perfectly well for most businesses. Set up columns for each of the fields described above. If you have a document management system, it may already have a built-in register or index feature. Either way, the structure should be the same.
Step 4: Populate the Register
Go through every document you collected in Step 1. For each one, assign a document number, confirm the current version, identify the owner, set a review date, and record the storage location. Where you find multiple versions of the same document, determine which is the most current and mark the others as superseded.
Step 5: Establish Your Document Control Procedure
The register is only as good as the process behind it. You need a documented procedure that explains how new documents are added to the register, how revisions are approved and recorded, how obsolete documents are removed from circulation, and who has authority to make changes. This procedure itself should appear in your register.
If you want to understand how this fits into the broader documentation requirements of a quality management system, the beginner's guide to ISO 9001:2015 is a good place to start.
How to Maintain Your Master Document Register Over Time
Setting up the register is the easy part. Keeping it current over months and years is where most businesses struggle. Here is what actually works in practice.
Assign Clear Ownership
The register itself needs an owner, usually the quality manager, compliance manager, or whoever is responsible for the management system. That person is responsible for ensuring the register is updated whenever a document is added, revised, or retired. Without a named owner, the register will drift out of date.
Tie Document Reviews to Your Management Review Calendar
Most ISO standards require a management review at least annually. Use that cycle as a trigger to check that all documents with review dates in the past twelve months have actually been reviewed. Any that have not should be flagged as overdue and actioned before your next audit.
Make It Part of Your Change Management Process
Whenever a process changes in your business, a new piece of equipment is introduced, or a regulation is updated, the relevant documents need to be reviewed and potentially revised. Build a step into your change management process that requires the document owner to update the relevant documents and the register simultaneously. This prevents the common problem of the physical process changing while the documented procedure stays frozen in time.
Control Access to the Current Version
One of the most common audit findings around document control is that staff are working from printed copies or saved versions that are no longer current. The best way to prevent this is to ensure that the only accessible version of each document is the one in your controlled storage location. If you use a shared drive, archive or password-protect old versions. If you use a document management system, configure it to only display the current approved version to general users.
Conduct Periodic Register Audits
At least once a year, do a quick audit of the register itself. Check that every document listed actually exists and is accessible. Check that the version numbers in the register match the version numbers on the documents. Check that all review dates are current. This takes an hour or two and prevents the register from becoming a theoretical document that does not reflect reality.
This kind of internal checking is a core part of running effective internal audits. If you want to build that skill within your team, the article on how to run ISO internal audits that actually find problems covers the practical approach in detail.
Common Mistakes to Avoid
Having reviewed management systems across a wide range of industries, the same document control mistakes come up repeatedly. Here are the ones worth avoiding from the start.
Too Many Documents
Businesses preparing for ISO certification often make the mistake of creating a document for every conceivable process. The result is a register with hundreds of documents, most of which nobody reads and few of which are ever updated. ISO standards do not require you to document everything. They require you to document what is necessary for your system to work. Keep your document set lean and focused on what actually adds value.
No Version History
Some businesses update documents without keeping any record of what changed and why. This creates problems when an auditor asks you to explain a change, or when you need to investigate an incident and determine what procedure was in place at a specific point in time. Keep a simple change history log either within each document or in your register.
Documents That Do Not Reflect Reality
A procedure that describes how a process should work in theory but not how it actually works in practice is worse than no procedure at all. It creates a gap between your documented system and your real system, which is exactly what auditors are trained to find. When you update processes, update the documents. When you write new documents, base them on what actually happens.
Ignoring Obsolete Documents
Old versions of documents left in circulation are a consistent source of nonconformities. If someone follows an outdated procedure and something goes wrong, you have a problem that goes beyond the document register. Make sure obsolete documents are clearly marked as such and removed from active use immediately when a new version is approved.
Understanding what constitutes a nonconformity and how to respond to one is worth reading up on, especially if you are approaching your first certification audit. The article on 8 things to do before an ISO Stage 1 readiness audit covers document control as one of the key preparation areas.
Digital Tools vs Spreadsheets: Which Is Better?
For small businesses with fewer than fifty documents, a well-structured spreadsheet is perfectly adequate. It is free, easy to update, and familiar to most staff. The discipline of maintaining it matters far more than the tool you use.
As your document set grows, or if you have multiple sites or a large workforce, a dedicated document management system becomes worth considering. Tools like SharePoint, Confluence, or purpose-built quality management software can automate review reminders, enforce approval workflows, and prevent access to superseded versions. ISO's documented information requirements under Clause 7.5 can be met with either approach, provided the controls are genuinely in place.
The key question is not which tool is more sophisticated. It is whether the tool you choose is actually being used and maintained. A sophisticated system that nobody updates is far less useful than a simple spreadsheet that is kept current every week.
How Auditors Assess Your Document Register
When an auditor arrives for your certification audit or surveillance visit, your master document register will typically be one of the first things they ask to see. They are looking for a few specific things.
First, they want to confirm that you have a complete and current list of your controlled documents. Second, they will sample a handful of documents from the register and check that the version on the register matches the version in the storage location. Third, they will check that review dates are being met and that overdue reviews have been addressed. Fourth, they may ask staff members to locate a specific document to test whether the storage location in the register is accurate and accessible.
If your register is current, your documents are where the register says they are, and your staff can find them without help, you will pass this part of the audit without issue. If there are gaps, expect an observation or a nonconformity depending on the severity.
If you are building or rebuilding your management system documentation and want to compare quotes from experienced ISO consultants who can help you get the structure right, CertBetter makes it easy. Submit one form and receive up to three competing quotes from vetted providers. The service is completely free for businesses seeking certification support.
