Document Control & Records Management Policy

Document control & record management policy

Halal Mark Limited is committed to ensuring the integrity, accuracy, and security of all certification-related documents and records. The organisation follows structured procedures for document control and record management to maintain consistency, traceability, and compliance with UK GDPR, ISO/IEC 17065, and halal certification standards. All documents generated, received, or maintained within certification services must adhere to strict control measures to safeguard credibility and operational efficiency.

All certification documents, including policies, procedures, audit reports, certification decisions, agreements, sampling results, and laboratory reports, must be created, approved, and maintained by authorised personnel. Documents must include a title, version number, date of approval, and responsible owner, with standardised templates ensuring uniformity. Version control mechanisms are in place to maintain transparency, with previous versions archived and marked as “superseded.” Any document changes must be formally approved and recorded in a Document Change Register.

Access to relevant documentation is restricted to authorised personnel only, ensuring confidentiality and compliance with data protection laws. Sensitive records are securely stored with controlled access rights, and electronic document storage systems incorporate data security and encryption protocols to prevent unauthorised access.

Records must be accurate, legible, and complete, with certification-related records assigned unique identification codes, creation dates, and responsible personnel. Specific retention periods apply, with audit reports, certification decisions, complaints, appeals, training records, and laboratory results retained for a minimum of five years, while contracts and agreements require a minimum six-year retention period. Retention periods may be extended if mandated by regulatory bodies or contractual obligations.

To comply with UK GDPR and the Data Protection Act 2018, strict confidentiality measures are enforced, limiting record access to authorised individuals. Digital records are secured using passwords, encryption, and backup systems to prevent data loss or breaches.

Records that exceed their retention period will either be securely archived or permanently disposed of. Disposal of electronic data includes complete removal from storage systems, while physical records are shredded or securely destroyed to prevent unauthorised retrieval.

Oversight of document control and record management is the responsibility of the management team, ensuring compliance with organisational and regulatory requirements. Document controllers and administrative staff oversee document updates, retention, and archiving, while all personnel must adhere to the policy and report any issues related to document handling.

This policy undergoes regular review, with annual assessments or updates when regulatory, industry, or operational requirements change. Any modifications are logged in the Document Change Register and communicated to relevant personnel to ensure continued compliance and operational effectiveness