Data Protection & Control

Educational organizations, due to the nature of the services they provide, deal with substantial amounts of data, including personal data. These need to be controlled and protected, not only to comply with data protection legislation  common in many countries and regions of the world, but also to assure that relevant, up-to-date information is available to those who need it to fulfill their duties.

ISO 21001 is more detailed and prescriptive in this matter than EQAVET, dedicating two clauses (7.5 and 8.5.5) to the matter. While both, EQAVET and ISO 21001, address the need to protect personal data, ISO 21001 also requires that controls to assure the fitness-to-purpose and up-to-dateness of documented information to support the operation of the processes and the reliability of the records that provide evidence that activities have been conducted as planned.


1.9. Measures are designed to ensure compliance with data protection rules
7.5 Documented information
8.5.5 Protection and transparency of learners’ data

VET21001 Tools

Template for Document Control and Template for Document Master List are alternative. Organizations should choose the one that best fits their needs.

This template was developed in order to control Internal supporting Documents, External supporting documents and Records.

It starts by identifying the process to which the document it’s allocated. The several characteristics of the document, such as, Identification, description, format, the person /job role responsible for the review and approval, version, access, distribution, location, access protection, preservation, retention and disposition.

The obsolete documents and control should also be included in the document control.

Download this tool in editable format

Download an example of the use of this tool

Download another example of the use of this tool

Document Control is a requirement of most Quality Assurance Standards, including ISO 21001. The Document Master list was created with the intention of providing Institutions with a tool to easily manage such a requirement. The template is formatted in such a way to enable users to record the important details pertaining to every document forming part of their Quality Management System (QMS).

A document control list/tool can take many forms. This particular version provides users with a selection of  minimum data/information which is to be recorded as part of this process. Although the form provides this particular selection, it does not preclude users from adding fuirther information and/or details according the needs of their organisation. It is highly recommended however, that the minimum sections provided as part of the template are kept and duly recorded.

Apart from the recording of individual document data, the tool also includes a DCN Register (sheet 2). DCN stands for Document Change Number, and as the name suggests, this register enables users to keep track of the individual changes applied to a given document. In some cases, the same document may be updated multiple times throughout the course of an academic year. Each change would update the revision of the document, thus creating a situation where various revisions are released, potentially making users lose track/focus of these changes. By registering the individual changes via the DCN Register, users would be able to track these individual changes, thus forming an audit trail providing further visibility on the development of a given document.

Download this tool in editable format

Download an example of the use of this tool

In training services, the acquisition of personal data of users/learners is constant. The goal of the privacy policy statement is to inform them about how their data is being processed. It should be accessible to your users and formulated in clear and simple language, providing the relevant information about what personal data you are acquiring and processing, for what purpose, how you disclose and disseminate it to internal and external parties, what rights the user can assert, who are responsible, and how you protect it. The following template is intended to provide a simple basis for developing a privacy policy statement in situations where services or activities performed by the organization require the acquisition of data processing consent from the user.

Download this tool in editable format

Download an example of the use of this tool