Records & Document Control

When Does a Document Become a Record – and Why It Changes Your Compliance Responsibilities

1 Mar, 2026

Most people have an intuitive understanding of what a document is. We often imagine a file – typically a Word document or a PDF. In everyday work situations, this understanding works well enough. But when documents become part of regulatory contexts, quality systems, or controlled processes, greater precision becomes necessary.

This is mainly because of one question: When is a document simply a document – and when is it a record?

The distinction is not merely linguistic. It has direct implications for an organisation’s compliance responsibilities and for how documents must be handled, stored and controlled.

This article explores the difference and explains why it is a central issue in professional document and information management.

A Document Is More Than a File

When working formally with documents, they cannot be reduced to a file stored on a drive or in a system. A document consists of two key components.

The first is the content – often referred to simply as content. This may be a text file, but it can also include images, audio, video, or several files that together constitute the document’s content.

The second component is metadata. Metadata describes the document and the context in which it exists. This may include information about the author, the creation date, version history, its relation to a process or a case, as well as many other types of information. Metadata is often used to locate documents again, but its role is far more fundamental than search alone.

Metadata helps establish the document’s context. When we look at an email, for example, information about the sender, recipient and time of transmission is essential for understanding the content. Without this information, the document loses an important part of its meaning.

In professional terms, a document therefore consists of both the content file(s) and the metadata. Only when these elements are considered together do we have the complete document.

This distinction may appear technical, but it becomes crucial when documents must be handled correctly throughout their lifecycle.

From Document to Record

The concept of a record introduces another layer of understanding.

A record is commonly defined as documentation or evidence of a business transaction.

This means that a document becomes a record when it is used to demonstrate that something has occurred. This could be an approval, a decision, a delivery, a test, a change, or communication that has significance for the organisation’s activities.

In practice, this means that many documents eventually acquire the character of records. Not because they were originally created for that purpose, but because they come to document something significant.

An approved procedure document provides a clear example. During its drafting phase, the document is a working document. But once the procedure is approved and enters into force, it serves as documentation of how the organisation has formally established a particular practice.

Similarly, an email, a test result, a report or many other forms of information may become a record if they demonstrate that an activity has been performed or that a decision has been made.

Records are therefore not a special type of file, but a document that gains the status of a record through its function.

Records Require Controlled Handling

When a document functions as evidence, a new requirement arises: it must be handled in a way that makes it trustworthy.

Within records management, this is described through four key characteristics: authenticity, reliability, integrity and usability. These concepts define when a record can be considered trustworthy documentation.

Authenticity means that the document can be attributed to the correct author and the correct time. It must be possible to demonstrate who created the document and when it was created.

Reliability means that the content of the document can be considered an accurate representation of the activity or decision it describes.

Integrity means that the document has been preserved in a complete and unchanged form, so that it has not been manipulated or altered without control.

Usability means that the document can still be found, opened and understood within its context.

These principles are described in international records management standards, including ISO 15489.

In practice, this means that if an organisation wants to be able to demonstrate to a third party (ultimately perhaps in a court of law) that a document is genuine and has not been manipulated, the handling of the record throughout its lifecycle must ensure that it satisfies these four principles: authenticity, reliability, integrity and usability.

This is where the compliance dimension emerges.

When a document functions as a record, it becomes necessary to demonstrate – and ideally document – that the document has been handled correctly throughout its lifecycle.

Typically this means that documents are created and registered in a controlled way so that their origin and context are known. They are subsequently handled under version control so that it is clear which changes have been made and when. Once a document has been approved and functions as a record, the possibilities for further modification are restricted, and the document is stored in an environment where it is protected against loss or manipulation. Finally, the organisation must be able to demonstrate how the document is either archived or disposed of in accordance with established rules.

In regulated environments these requirements are often formalised through procedures and system requirements, but the underlying principles apply more broadly.

Metadata as the Carrier of a Document’s Trustworthiness

Metadata plays a particular role in this context.

When a document is created within an IT system, the system often automatically generates metadata such as the creation time and the author. These details can later help demonstrate when the document was created and who was responsible for it.

If such metadata disappears or is altered without control, it can become difficult to demonstrate the document’s authenticity. The document then loses part of its evidential value.

It is therefore essential to identify which metadata is significant for the document’s integrity. This metadata must be managed and preserved with the same care as the content file itself.

This becomes especially evident in situations such as system migrations or archiving processes. If the focus is only on moving files while failing to preserve the metadata that provides context, organisations risk being left with information that can no longer function as documentation.

In some situations this may simply be impractical. In others it can have serious regulatory consequences.

Not All Documents Are Records

It is important to emphasise that not every document within an organisation is a record.

There are many working documents, drafts and internal notes that are used solely in preparation or internal coordination. These documents do not in themselves constitute documentation of a business transaction and therefore do not need to be handled as records.

However, a document may become a record the moment it is used to document an activity, decision or delivery. The boundary that shifts is therefore not between different document types, but in the document’s function within the organisation’s documentation of its activities.

A document may begin its life as a working document and later become part of the documentation of a decision or process. When that happens, the document’s role changes and it must be handled in accordance with the principles that apply to records.

This primarily requires that the organisation has a clear understanding of which documents form part of the documentation of its activities.

Why a Document Becoming a Record Changes Your Compliance Responsibility

When a document functions as a record, the organisation’s responsibility fundamentally changes.

The document is no longer simply information. It is documentation. It must be capable of demonstrating what the organisation has done, decided or delivered.

Handling the document therefore becomes part of the organisation’s documented control. If the document cannot be produced, if it does not appear authentic, or if it can no longer be understood within its original context, the value of the documentation is weakened. In some cases this may mean that the organisation cannot demonstrate compliance with internal procedures or external requirements.

This is why the question of when a document becomes a record is not merely theoretical. It is a practical question of information responsibility.

More insight

Ready to Turn Information into a Competitive Advantage?

 Let's explore the next steps together.

Book a Meeting