1 - Are documents covered by the document control policy only security-related E.g. regulation, or is it any company document?
2 - Is there a clear definition of external documents? The concept seems nebulous. Maybe a sample policy we can look at with some examples of what other organizations do may help.
3 - For example, an email is an external document, so would someone be tasked to archive them somewhere in this policy?