.svg "cognidox eqms logo white")
.svg){kind=small}
Quick Summary
As medical device companies scale, externally published documents - such as IFUs, eIFUs, certificates, and datasheets - often drift outside formal QMS control. Superseded versions remain accessible, traceability is lost, and organisations struggle to prove what was publicly available at a given time, creating regulatory and commercial risk.
Controlled public publishing extends document control beyond the organisation, ensuring only approved, current versions are externally accessible, with full traceability. This keeps customer- and regulator-facing information accurate, compliant, and aligned with the quality system as complexity grows.
For many medical device manufacturers, publishing documents externally doesn’t begin as a formal process.
A datasheet is added to the website.
A certificate is emailed to a customer.
An updated instruction is shared through a distributor or portal.
Each step is reasonable in isolation. But as product portfolios expand and regulatory expectations increase, these publishing activities multiply, often across different teams, systems, and regions. Documents that were tightly controlled internally - with defined lifecycles and approval states - can quickly become harder to govern once they are shared externally.
Instructions for Use (IFUs) - including electronic Instructions for Use (eIFUs) - certificates, and technical datasheets frequently follow different paths once they leave the organisation. Website updates, customer requests, and partner distribution introduce manual steps and informal checks that sit outside the core quality system.
Over time, this creates a disconnect: externally available documents are business-critical and regulated, yet no longer subject to the same level of control as internal records.
Controlled public publishing addresses this challenge by extending established document control principles beyond the organisation, ensuring that externally available documents are approved, current, and controlled.
The documents most often published externally
Public document control most commonly applies to a small but critical set of documents that are shared beyond the organisation and relied upon by customers, partners, and regulators.
IFUs (including eIFUs)
These documents are regulated, safety-critical, and highly visible to both authorities and end users. They are frequently revised in response to design changes, regulatory updates, or post-market feedback. Once published externally, it’s essential to ensure that only the current, approved version is accessible and that superseded versions are reliably withdrawn.
Certificates (such as Certificates of Conformance or Analysis)
Certificates are typically product-specific and often time- or batch-bound. While they are usually generated under controlled internal processes, control can be lost once they are issued externally. Maintaining context around validity, revision status, and traceability is particularly important, especially during audits or customer investigations.
Technical datasheets
Datasheets are customer-facing, commercially sensitive, and frequently updated as products evolve. They are often reused by sales teams, distributors, and partners, increasing the risk that outdated versions remain in circulation. Without structured control over external availability, customers may rely on outdated information about the product.
Approved marketing and partner documentation
This includes collateral and technical information shared with distributors, OEMs, and partners across different regions and channels. These documents carry risk if released too early, left live for too long, or reused beyond their intended scope. Consistent control helps ensure that externally shared material reflects what is actually approved for sale and use.
Why control erodes as organisations scale
These documents are rarely mishandled deliberately. Loss of control usually happens gradually, as responsibility for publishing becomes distributed across teams, systems, and geographies. What begins as a practical workaround becomes the default process.
The result is that publishing appears functional on the surface, but control has quietly eroded beneath the surface.
Below are five clear signs that public publishing may be slipping out of control within an organisation.
5 signs your public document publishing needs stronger control
1. You can’t confidently demonstrate what was publicly available at a given time
A simple question often exposes this quickly:
Which version - and approval state - of this document could customers, distributors, or regulators access on a specific date?
If answering that requires reconstructing events from emails, folders, or individual recollection, publishing control has already weakened.
Externally published eIFUs, datasheets, and certificates become part of the organisation’s quality and commercial record, and may be reviewed during audits, investigations, or customer enquiries. When public availability cannot be demonstrated with evidence, intent is no longer sufficient.
2. Superseded datasheets and eIFUs remain accessible
Datasheets and eIFUs are revised regularly to reflect design changes, updated performance data, or regulatory updates. Internally, revision control is usually well managed.
Externally, older versions often persist, remaining available on websites, stored in partner or distributor portals, or bookmarked by customers.
This can result in multiple versions being accessible at the same time, with no clear indication of which is the current one. Leaving obsolete documents publicly available increases the risk that customers will rely on outdated or incorrect information.
3. Certificates lose control once they are issued externally
Certificates such as Certificates of Conformance or Analysis typically begin under controlled internal processes. The loss of control often occurs at the point of external release.
Once certificates are emailed or downloaded:
- Their validity period may become unclear
- Their relationship to specific product or batch revisions can be lost
- It becomes difficult to demonstrate whether a certificate was current at the time it was accessed
Without structured control over external access, certificates can quickly lose the context that gives them meaning and compliance value.
4. Regulated documents rely on manual checks and informal oversight
Documents with higher regulatory and patient-safety implications - particularly eIFUs - are often managed with additional manual steps: checklists, procedures, and named individuals responsible for release.
These approaches can work at low volume, but they don’t scale well. When publishing control depends on vigilance rather than system-enforced rules, gaps inevitably appear.
5. External publishing operates outside the quality system
The most telling sign is when externally published documents are managed separately from the organisation’s established document control processes.
Common symptoms include:
- Different teams are publishing through different tools
- Unclear rules about what can be made public
- Reliance on training and good intentions rather than enforced controls.
When external publishing is not governed by the same approval, versioning, and lifecycle rules as internal documentation, it effectively becomes a parallel system. And this is where risk accumulates unnoticed.
Extending document control beyond the organisation
These issues persist because external publishing is rarely designed as part of the document control system. It evolves separately - through websites, shared folders, portals, and email - until it effectively operates as a parallel process.
Controlled public publishing resolves this by treating external access as an extension of document control rather than a separate activity.
Instead of relying on procedures or manual checks, system-enforced controls determine whether a document can be accessed publicly. Only formally approved versions are available. When approval status changes, public access updates automatically.
This means documents can be published, replaced, or withdrawn without breaking traceability. The record of what was available - and when - remains intact.
Different documents require different access models. Some must be openly available to users or regulators. Others require restricted or traceable distribution. A controlled framework supports both without duplicating files or fragmenting the audit trail.
Under MDR, manufacturers are required to ensure that labelling, IFUs, and other product information are controlled, approved, and kept up to date as part of the quality management system. Meeting these obligations consistently is difficult when publishing depends on manual website updates or unmanaged file sharing.
By structurally linking public access to document control, organisations ensure that externally available information remains accurate, current, and governed, even as complexity increases.
What controlled public publishing looks like in practice
Controlled public publishing enables approved documents to be accessed externally through secure links or QR codes, while remaining fully governed within the quality system.
For example:
- A QR code on product packaging or labelling can point users to the latest approved eIFU, without embedding a static document that may become obsolete.
- Public links can be used to share certificates or compliance documentation, with the ability to withdraw or replace access when documents are superseded.
- Updates are managed at the document level, so external access always reflects the current approved content, without manual website uploads or file replacement.
The result is simple for the user and controlled for the organisation. External audiences reach the correct information, while version history, approval state, and withdrawal remain fully traceable.
Publishing with confidence as complexity grows
External document publishing rarely becomes a problem overnight. It evolves gradually as products multiply, teams expand, and more information is shared beyond the organisation.
For medical device manufacturers, the challenge is not whether documents are controlled internally. It’s whether that same control extends to what customers, partners, and regulators can access externally. Datasheets, certificates, and IFUs (including eIFUs) all carry regulatory and commercial weight once they are published.
Bringing external publishing under document control provides confidence that externally available information is accurate, current, and aligned with approved records, even as organisations scale.
Learn more about how Cognidox supports controlled public publishing for medical device manufacturers here.
FAQs
1. Isn’t publishing documents on our website enough to stay compliant?
Not necessarily. Under regulations such as EU MDR and ISO 13485, documents like IFUs must remain controlled within the QMS. Manual website uploads or shared folders can break version control and traceability, making it difficult to prove what was publicly available at a given time.
2. What risks arise from leaving old versions of documents accessible?
Superseded IFUs, datasheets, or certificates can lead to customers relying on outdated or incorrect information. This increases regulatory exposure, audit findings, and potential liability, particularly where safety or performance claims are involved.
3. How does controlled public publishing reduce risk?
Controlled public publishing ensures that only formally approved, current documents are accessible externally. When a document is revised or withdrawn, public access can be updated in line with approval status, preserving traceability. This removes reliance on manual checks and keeps externally available information aligned with your QMS.
%20(1).webp?width=133&height=76&name=ISO%20IEC%2027001%20(1)%20(1).webp)