Document control is the managed process for creating, reviewing, approving, distributing, updating, and archiving documents. ISO 27001 (clause 7.5) requires a system ensuring that the current, approved version of every document is used.
Document control includes: unique version numbers, defined approval workflows, controlled distribution, and withdrawal of outdated versions. In practice, organizations use DMS software or wiki systems with versioning. For an ISMS, document control is especially important because policies, procedures, and records form the evidence of conformity. Without proper control, it is unclear which policy version is currently in effect.