What's in this template?
This Policy and Document Control Procedure gives Australian medical practices a complete governance procedure for managing the practice's own policies, procedures, plans, forms and registers. It is aligned to RACGP Standards 5th edition governance and document management indicators. This is one of the most common low-scoring areas at accreditation when not done well, out-of-date policies, multiple conflicting versions, no review history.
Important scope note: this procedure governs the practice's policies and procedures: how they are created, versioned, approved, distributed, reviewed and retired. It does not govern clinical records, which follow the Health Records Management policy.
The procedure covers 15 sections plus a sign-off block:
- Purpose: single source of truth, audit traceability
- Scope: policies, procedures, plans, forms; excludes clinical records and external regulator documents
- Definitions: policy, procedure, plan, controlled document, current/retired/draft, Document Controller
- Roles and responsibilities: Document Controller, Document Owner, Approver, staff
- Document numbering and naming: convention for filenames, cover page, footer
- Versioning rules: minor, substantive, major rewrite
- Creation and approval workflow: draft, review, approval, distribution
- Storage: master folder, access controls, backup
- Review cycle: 2-year default, annual for fast-changing topics, out-of-cycle triggers
- Retirement and archive: retention, marking, register entry
- The Document Register: fields and structure
- Audit: annual coordinator audit
- Externally-sourced documents: how ClinicComply / regulator material enters the register
- Related documents
- Approval and review
Editable placeholder fields
{{practice_name}},{{practice_address}}{{document_controller}},{{clinical_lead}},{{practice_manager}}{{storage_location}}, your master folder path / URL- Sign-off blocks for Clinical Lead, Practice Manager and Document Controller
Who needs a Policy and Document Control Procedure?
Every Australian medical practice that holds RACGP accreditation or seeks it. The procedure governs all the other practice policies in your document set. Without it, accreditors will struggle to confirm that any specific policy was current and in force at any specific date. The template is suitable for:
- General practices: solo, group, corporate
- Specialist medical practices
- Day procedure clinics
- Allied health practices
- NDIS providers: governance documentation is also required by NDIS Practice Standards
- Aboriginal Community Controlled Health Services (ACCHOs)
How this differs from Health Records Management
| Policy and Document Control | Health Records Management | |
|---|---|---|
| Scope | Practice policies, procedures, plans | Patient clinical records |
| Versioning | Yes, every policy has a version history | No, clinical records are time-stamped entries |
| Approval | Clinical Lead / Practice Manager | Clinician authoring the entry |
| Retention | Min 7 years for governance documents | Min 7 years adult / 7 years past majority for minors / longer in some states |
| Audit purpose | Demonstrate which policy was in force when | Demonstrate clinical care |
Both are needed. They are separately scoped and rarely overlap.
Why version control matters at accreditation
At RACGP accreditation, the surveyor will pick a policy at random and ask:
- "What version is current?"
- "When was it last reviewed?"
- "Who approved it?"
- "What did the previous version say?"
A practice with a current Document Register can answer those in 30 seconds. A practice without can spend an hour and still be unsure. The Document Register is the answer to all four questions.
Versioning rules built in
| Change type | Version step | Example |
|---|---|---|
| Minor: formatting, typo, clarification | 1.0 to 1.1 | Fixed broken link |
| Substantive: content change, new section | 1.x to 2.0 | New step in workflow |
| Major rewrite: whole document re-authored | Whole new major version | End-to-end revision driven by regulator change |
The exact convention is less important than consistency. Some practices use date stamps. The template recommends the version-number convention because it makes change traceable in a single glance.
How to customise this template
- Download the Word document and replace every
{{placeholder}}with your details - Nominate a Document Controller: usually the Practice Manager; maintains the Document Register
- Choose your storage location: Microsoft 365, Google Workspace, SharePoint, or a network folder; ensure read-only access for staff with edit-access for the Controller
- Set up the Document Register: most practices use a spreadsheet with one row per controlled document
- Decide your versioning convention: version numbers (recommended) or dated filenames
- List every existing controlled document: Privacy Policy, Infection Control Policy, Recall and Reminder Policy, all the rest, and capture current version, effective date, next review date for each
- Decide the review cycle: 2-year default; annual for high-risk or fast-changing (Telehealth, NDIS, MBS-driven policies); this procedure itself is reviewed annually
- Mark retired versions: clearly stamped "RETIRED" on the cover page, moved to a retired subfolder, never re-issued
- Brief the team: what counts as a controlled document, where to find the current version, how to suggest improvements
Related templates and tools
The Policy and Document Control Procedure is the governance backbone for every other practice policy:
- Health Records Management: clinical records (separately scoped from this procedure)
- Computer and Information Security Policy: IT context for document storage and access
- Conflict of Interest, Gifts and Benefits Policy: sister governance document
- Quality Improvement Policy and Activity Log: receives audit outputs
- Practice Information Sheet: patient-facing version of the practice's governance
- Privacy Policy: the policy with the most patient-visible version control implications
- Staff Confidentiality and Privacy Agreement: staff acknowledgement of governance
Frequently asked questions
Is a Policy and Document Control Procedure mandatory for RACGP accreditation?
The RACGP Standards 5th edition include governance and document management indicators. A documented procedure is the practical answer. Without it, surveyors will struggle to confirm that any policy was current at any given date, which weakens every other governance indicator. Most practices treat it as essential.
How is this different from Health Records Management?
This procedure governs the practice's own policies and procedures. Health Records Management governs patient clinical records. They are separately scoped. This procedure deals with version control, approval, distribution and review cycles. Health Records Management deals with retention, access, security and disposal of clinical records. Both are needed.
What's a controlled document?
Any document the practice has authored that staff are expected to follow, policies, procedures, plans, forms, registers, templates. Every one is registered in the Document Register and follows this procedure. External documents (legislation, regulator guidance) are referenced not controlled, the regulator's current version is the source of truth.
What review cycle should we use?
Default is every 2 years for policies and procedures. Annual review for fast-changing topics, Telehealth Policy, MBS-driven policies, NDIS Practice Standards-driven policies, the Policy and Document Control Procedure itself. Out-of-cycle review whenever legislation, standards or audit findings demand it.
How long do we keep retired versions?
Minimum 7 years for governance documents. Longer where the practice may be asked to demonstrate which policy was in force at a past date, particularly for any policy linked to a clinical incident or complaint. Clinical records retention follows Health Records Management, which is separately scoped.
Can we use ClinicComply templates as the practice's controlled documents?
Yes, that's what they are designed for. Each ClinicComply template is intended to be customised, signed off by the practice's Approver, and entered in the Document Register at version 1.0 with the practice's branding. Updates from ClinicComply are reviewed by the Document Owner and brought into the practice document at the next review.
Where should we store policies?
Microsoft 365, Google Workspace, SharePoint, or a network folder, anywhere that allows read-only access for staff and edit-access for the Document Controller. Cloud storage with role-based access controls is widely used. Backups follow the Computer and Information Security Policy.
Will accreditors accept this template?
Yes, when populated and active. The procedure aligns with RACGP governance expectations and gives surveyors the audit trail they look for. The Document Register is the single most useful thing a practice can show at survey, it answers the "what was the policy on date X" question in seconds.