Document control requires that every AISDP module, procedure, and evidence artefact has a defined owner, a version history, a review cycle, and a defined retention period. Version control records every change with the changer’s identity, the timestamp, and the ability to retrieve any historical version.

Git-based documentation repositories provide the strongest version control: every change is a commit with attribution and a complete diff against the previous version. Confluence and SharePoint provide adequate version control for non-technical teams. For long-term retention, documents are archived to cold storage (S3 Glacier, Azure Archive Storage, Google Archive Storage) with lifecycle policies preventing deletion before the retention period expires.

The ten-year retention challenge deserves explicit planning. Over a decade, cloud accounts may be migrated, storage services deprecated, and file formats may become obsolete. Retention planning addresses storage durability through geographic redundancy, format longevity through open formats (Markdown, PDF/A, JSON, CSV), access continuity through credentials not tied to individuals, and index maintenance through the evidence register. A biennial retention health check verifies all elements.

Key outputs

• Per-document ownership, version history, review cycle, retention period
• Git-based or equivalent version control with full attribution
• Ten-year retention with cold storage archival
• Biennial retention health check