2D + 3D CAD Design

Document Management and #Document Control: Is there a difference?

This post was originally written in 2014 and has since been revised and revamped for accuracy and relevance.


It’s been a while since I’ve blogged so I thought it would be good to get ‘back in the saddle’ by getting back to the basics of what I believe to be important in file sharing, document management and document control.

Let’s start with the most obvious benefit of document management and document control.

In a busy company where lots of unstructured information abounds, the quality of data is vital. If data quality is poor due to lack of version control or duplication, time is lost as staff work out what information they can trust.

A model for this is a pyramid of information management maturity – the nearer the top of the pyramid, the more a company is capable in information governance, quality management and lifecycle management. We can show this as a simple graphic:

Document control pyramid File Sharing

At the lowest level, a company with a need for collaboration support can solve its problem with a file sharing solution such as Dropbox or Google Drive.  These are often cheap, but the emphasis is very much on storage. These collaborative tools offer very basic version control, by just rolling back or forward in a limited number of steps. More like ‘undo’ than proper version control.

The value of a document management system for sustainable product development

Document Management

Moving up a level, a company may achieve Document Management maturity status by using a repository-based tool such as SharePoint. It is often said that SharePoint is now synonymous with document management. However, this is defined as being able to share a document by saving it to a document management server. Document management is reduced to providing lists of documents stored on a server, admittedly with version control, but often not much more than that.

Having now seen a number of companies start and abandon SharePoint projects, it seems to come down to three critical variables:

  1. The project is run by IT for Marketing with poor buy-in from other users. This leads to an imposition of the solution on the end-users and poor adoption (~30%) is the result. The company is now in a bad place: it has a ‘solution’ but nobody is using it.
  2. SharePoint requires extensive customisation and is not much of an out-of-the-box application so consultants are brought in to help. The project becomes diverted into a set of IT rather than business challenges and even integration with other Microsoft products such as InfoPath become “worst experiences ever”.
  3. SharePoint shows its roots in FrontPage Designer and shared network drives to just become a cluster of intranets for individual teams. They all have a list of documents they like to access, and if one team wants a document from another it gets cloned into their site. More often than not, it doesn’t replace the file share either, so the problem of document duplication gets worse, not better.

Commenting on SharePoint is like taking a photo of a moving car because it has gone through so many changes even from SP2007 to SP2013. It’s gone beyond the simple collaboration tool that it was in SP2007, for example. It is still very much in flux. It will be fascinating to see how Microsoft packages its solutions over the next 3 years as it reconciles Office 365, Azure, OneDrive and SharePoint. My instinct tells me that SharePoint will be the one that gets assimilated under the OneDrive brand. It will be intriguing to see what that means for on-premise based SharePoint. The cost for on-premise SharePoint 2013 increased by 40%; the costs for OneDrive, Azure and hosted Office365 continue to fall.

Document Control

There is a maturity level above this; and in line with standards such as ISO 9001 we should call this Document Control. The key extra capability is that there is a document lifecycle model and there will be support for workflows such as review and approval processes. There needs to be a document control procedure, with only one master version of each document. There needs to be an audit trail and a full activity history. This goes beyond event logs; it should be possible to easily view the activity history around a document when it was in a previous version.

It’s well known that ISO places no explicit requirements on the DMS software itself, so you can search for “is SharePoint 2010 ISO compliant” to your heart’s delight and you won’t get a definitive answer. What you might find however is that the case studies and SlideShare presentations on “how we did ISO with SharePoint” usually involve SP plus extra software from the 3rd party SP solution partner ecosystem.

Why not just use SharePoint as a document management system?

Ease of use and installation is a major factor. If you can get a document control solution up and running quickly you can start to engage the business and encourage them to customise it. Therein lies the path to 100% adoption.

Search and information ‘findability’ is a major factor. Partly, this problem is inherited from the hierarchical nature of folders and subfolders common in a file share. Users have to navigate through a maze of folders to locate the document that is of interest. Documents should be unique, categories should be dynamic and virtual. The web page that a user sees should be constructed from documents that are tagged as relevant to that page. It should not be as I read in this RFI from a user of SharePoint; “Because of the hierarchical nature of this structure, duplicate documents often exist on the system as staff are unsure what exact folder to upload the document to.”

This leads to the second part of the findability problem: the quality of the integrated enterprise search engine. The user above also complains that: “Even though Fast Search has been installed, it does not easily locate the relevant documents as no ECM functionality such as metadata etc. has been applied to these documents.” The search engine should be able to index every text element in the repository (including metadata and text in image files as well as the text-heavy Word and PDF files) and present results according to its relevancy to the search string.

Information security is a major factor. Access control systems are still rooted in simple Read or Read-Write permission rights. Much more is needed. Once the user’s right to access a document is established, it then becomes necessary to determine what the user can do with the document. Can they approve it, for example? And then there is access at the document repository level. The DMS should be able to support collaboration with partially-trusted users (contractor, freelancers, JV partners, etc.), allowing them DMS features as needed but without disclosure of other categories such as HR and Finance that are outside the ‘need to know’ boundary. It’s essential that the search engine understands the information security controls that are in place and performs security trimming on any results before they are displayed to the search user.


It’s always the case that the right software solution depends on your requirements. If you are kicking around a few ideas for a startup, there is no reason why file sharing won’t meet your needs. It’s when you reach the heights of having to justify the wasted time of tens or hundreds of employees or having to meet QA / FDA regulatory compliance and other governance for supply chain management that you begin to understand the difference between that and document management / document control.