Best Practices for Good Documentation in Regulated Industries

medical researcher writing report in laboratoryGood documentation practices (also known as GdocP or GDP) are guidelines for document management and control designed to help companies in regulated industries meet required quality standards.

GdocP in Pharma and Medtech

GdocP in Pharma and Medtech GdocP are not specific regulatory requirements but instead guidance from various industry bodies to help companies meet the FDA data integrity standards and other regulations. They underpin and support the use of data in all the Good Practice guidelines (known collectively as GxP) for medtech and pharmaceuticals.  These include Good Manufacturing Practices (GMP), Good Clinical Practices (GCP), and Good Laboratory Practices (GLP).

Download our guide to GxP compliance

Why are they important?

The proper adherence to GDocP helps the safe development of the potentially lethal products these sectors trade in. Document control via an organised system of best practice is the way in which traceability and accountability of quality goods and products can be monitored and guaranteed.

A Document Management System (DMS) can demonstrate adherence to the highest standards of, design, development, testing, manufacture and subsequent treatment in drugs and medtech - they make it easy for companies to be audited and assessed by regulators on this basis.

But what are basic principles of Good Documentation Practice? How do documents need to be handled and maintained to meet the high bar of quality standards set by diverse, international regulatory bodies?

The principles of GdocP

At least some of the principles are popularly abbreviated into yet another acronym - ALOCA - C which stands for Attributable, Legible, Original, Contemporaneous, Accurate, Complete. They cover the fundamentals that should inform the way you develop your systems and processes for record and document handling relevant to your regulated work:


Documentation must be readily identifiable as to who created or recorded it, and precautions taken against the falsification or forgery of those details.


Stored documentation must be easily decipherable, with content clearly legible and unobscured.


Original documentation instead of photocopies must be available within your system in order to guarantee accuracy and confidentiality.


Documentation should demonstrate and support contemporaneous record-keeping (documents need to be date and time stamped when they are created and updated).

This ensures the history of design, development, testing and production decision making around end products can be traced and audited if and when necessary.

Accuracy of documentation

The processes and procedures by which companies record, store and keep their documentation up to date must be designed to ensure accuracy and reliability.


Your maintenance and storage of documentation should encompass the entirety of your process.

And to achieve all this, attention must be paid to data integrity:

  • Documents must be protected, secure and stored in backed-up data systems
  • Data must not be able to be altered or erased once entered or recorded without appropriate permissions -
  • There must be no shared passwords or shared data system log-ins, no forging of signatures possible even if requested.

How to implement GdocP

The document management system you choose to implement should support these fundamental requirements.

Of course, not every document produced by your company needs to be subject to the highest levels of document control specified here, but the documentation relevant to all parts of the development and manufacture of the regulated products you market, must be.

How to fail a regulatory audit

Time and again the various demands of documentation best practice appear among the top 10 reasons for failing FDA inspectionsAnd in the UK, the MHRA inspectorate have explained how inadequate documentation around computer systems validation (CSV) frequently contributes to companies failing their audits.

Many of these specific accounts point to a failure of systems and training when it comes to documentation, with processes of validation being sketchily defined or left half complete - pointing to a kind of process fatigue setting in at key moments in a company’s evolution of best practice.

The challenge for businesses, then, particularly growing SMEs working in regulated industries is implementing these requirements in the most efficient way possible. These businesses can struggle to meet these exacting standards, often experiencing them as unduly onerous or unachievable.

So, what’s the best way to meet the exacting standards of GDocP, in a way that makes real commercial sense for an SME in terms of efficiency and execution?

Are your e-signatures FDA compliant? Download our 21 CFR Part 11 checklist to  find out

Eliminate Paper

Paper based document management systems are inefficient, cumbersome and difficult to keep updated. They are prone to falling into disuse - as the effort of upkeep eats into the patience of its users. In spite of this, they are still surprisingly common. In established companies sometimes legacy systems may simply never have been digitised due to lack of time or resource. Similarly, start ups who begin recording their work on paper and may just never lose the habit, even as their piles of folders become increasingly unmanageable. But the truth is paper documentation is never going to be adequate for the kind of controls the modern GdocP demands, nor contribute to the overall efficiency of your business.

Don’t rely on basic file sharing platforms

Some businesses might choose to use file sharing platforms such as Google Docs, Dropbox, or even SharePoint to bring a level of sophistication to their document management . But, even a brief look at the basic level of controls delivered by these off the shelf file sharing solutions, begin to show up their shortcomings as a proper tool for the required document control. Workflows that enable cycles of CAPA and regular sequences of Plan Act Do Check, are either absent or require so much manual set up they are not an efficient use of your time and resource.

Choose digital, but look for flexibility

For those businesses working in highly regulated sectors it's worth looking at proprietary solutions on the market - designed for companies working in regulated environments..

The Document Management Solution you choose, needs to have all the appropriate tools and functionality for specific regulatory control. It needs to come with the sophisticated version control you’d expect, the date and time stamping of records, the ability to detail changes made to records, and the integration of digital signature technology to enable sign off and tracking of approval (as specified in 21 CFR Part 11).

It needs to tick all of the boxes as a safe, secure and auditable record of every part of your document creation and handling, while all the time helping you adhere to the principles of ALOCA-C.

But it also needs to do all this in such a way that is lightweight, flexible and realistic for your business to implement. Consider the weightier eQMS systems on the market designed for large scale pharma firms, the amount of time they take to set up, the weeks and months involved in training and the prescriptive nature of the processes they define. Crucially, they don’t take into account the agility an SME needs as they move from the small scale early stages of ideation and design, into development and then manufacture.

Choosing a DMS solution for GdocP

There are Document Management Systems that operate as cloud based, process driven intranets, digital frameworks for the compliant storage of all your project documentation - that can scale with you - and from the outset make observing GdocP part of your organisational DNA.

Adopting one of these from the beginning of your med tech development journey, could well be the answer to meeting a whole range of GxP requirements in the most cost effective and enduring way for your business.

A comprehensive guide to GxP compliance

Tags: GxP

Joe Byrne

Written by Joe Byrne

Joe Byrne is the CEO of Cognidox. With a career spanning medical device start-ups and fortune 500 companies, Joe has over 25 years of experience in the medical device and high-tech product development industries. With extensive experience in scaling businesses, process improvement, quality, medical devices and product development, Joe is a regular contributor to the Cognidox DMS Insights blog where he shares expertise on scaling and streamlining the entire product development cycle, empowering enterprises to achieve governance, compliance, and rigour.

Related Posts

5 Challenges in Building a Pharmacovigilance System Master File

Managing the integrity and accessibility of a PSMF (Pharmacovigilance System Master File) is a key ...

Effective GxP Compliance: Managing Change Control for Safety

Change control in life science development is critical to ensuring the safety of patients. Having a ...

Demystifying FDA 21 CFR Part 820: A Comprehensive Guide

The FDA’s Quality System Regulation (QSR) for medical device manufacturers is commonly known as FDA ...