How much control do you have over the documents your business generates? How much do you need?
What is document control?
Document control refers to the processes a business develops to oversee the creation, review, modification, issuance, distribution and accessibility of their documents. These controls define the way the entire lifecycle of each document is managed from creation through to approval and obsolescence. A document control process ensures there is only ever one master version of each document present within a system, and that each document has a full version history associated with it.
For some businesses it is enough to have basic controls of their documentation. The ability to share files quickly for internal and external collaboration is a priority, together with a way to track changes and restrict access as required. For them, Google Docs, DropBox or Box may be enough. But others need the full array of document control tools to effectively deliver their services and meet compliance demands.
Document Management and Document Control: Is there a difference?
Who needs a document control system?
Any business which produces complex documentation and has a need for clarity, accountability and traceability in their business processes will benefit from a document control system. Electronic Document Management Systems (eDMS) with robust document control tools are used by law firms, high tech product developers and those in the life science sector to manage their complex processes in the most transparent and auditable way possible.
But having formal document control procedures in place is an absolute requirement for those who wish to gain the quality management standard ISO 9001:2015 and medical device developers who need ISO 13485: 2015 to legally trade their products.
Why document control is central to compliance in ISO 9001 & ISO 13485
A document control system is a formal requirement of the Quality Management standards ISO 9001 and ISO 13485 for medical device developers.
For the kind of businesses who need to meet these standards, their documents define the entire way they work.
They are the plans and specifications that show the business how they build their products and how they must function when they are built. They are the written processes and procedures that detail ‘how you do things’ to meet regulatory requirements and commercial goals. They are the evidence that prove to auditors that products have been built correctly and in a way that meets customer needs. They are the evidence that quality issues have been investigated and resolved.
Documentation defines and demonstrates how your business always meets required quality standards throughout the development and production cycle - so they must be properly protected and controlled.
To ensure that this key business documentation is always accurate, up to date and fully auditable, both ISO 9001 and ISO 13485 specify the way in which they must be controlled through:
- Storage
- Protection
- Retrieval
- Retention
- Review
- Approval
- Disposition
- Legibility
- Change control
Document control requirements in ISO 9001:2015: What you need to know
Electronic Document Management Systems are key to imposing controls
With such a range of requirements, electronic document management systems are vital to maintain control over complex and changing quality documentation throughout their lifecycle.
They bring the tools for:
- Document security
- Access rights
- Automation
- Indexing
that make controlling documents part of the ‘way you do things’ as a business
With this in mind, here are 5 key elements of document control your eDMS needs to deliver:
5 key features of an eDMS
1. Workflow automation - the way you need it
Automated workflows ensure quality documentation is dealt with consistently, that they go through required processes of review and approval before they are distributed or any changes are made or published. But not every required approval sequence is the same for every document type in every industry. The right document control solution allows you to develop bespoke sequences of review and approval that fit the way you work and can meet the exact requirements of your sector.
2. Review and approval
Your document control system should be able to support complex sequences of review, approval and publication that reflect the most sophisticated control requirements:
- Recurring annual or biannual review/approval sequence for quality documentation
- Reminder notices when review is outstanding or regular review is imminent
- Sequential ordering of review/approval requests with each contingent on the next
- ‘Document holding’ features - where documentation is grouped together and released only when all files have been approved by key stakeholders. This feature supports required ‘phase gating’ and design controls for regulated design and development processes specified in medical device development
3. Discoverability
The ability to retrieve required documentation on demand is central to the control we have over our operations. Lost and misfiled documents, or incomplete sets of documentation, can cause vital data to be overlooked, errors to be made and companies to fail quality audits. A good document control system should let you apply metadata to your files to make your system more searchable, while ensuring relationships between documents are properly recorded and maintained.
4. Obsolescence and archiving
Your system should ensure that there is only one master version of each document present within a system at any time, so that you cannot confuse them with drafts or a now retired version. When a new version of a document is approved, the old one should be marked as obsolete and removed from circulation, while making it available as part of an audit history. The system should automatically archive obsolete documents for as long as the law requires.
5. Change control
Change control ensures that no quality document, process or procedure can be changed without permission of specified stakeholders.
A document control system automates the approval process so when a change is suggested it is reviewed, responses collated and approval required before it can be updated and republished. The review process should allow the potential impact to procedures, operations, products and customers to be documented, ensuring the whole of the decision making process can be audited at a future date.
When changes are accepted the version history of the document itself is updated showing the changes that have been made, by whom and when.
Conclusion
In a fast moving world of agile development and rapidly shifting technology, specifications, processes and products all need to change rapidly to meet customer demand. And our documentation needs to be updated to reflect and authorise these changes in real time.
Document controls are the tools and processes that stop your documentation and record keeping slipping into chaos. They are the formal circuit breakers that ensure changes to plans, processes, and products are properly assessed/approved before being published and actioned. They prevent mistakes, confusion, unauthorised access and change within your quality systems. They make all your decision-making trackable and your people accountable in line with regulatory requirements. Ultimately, they protect the quality of your end products and the consumers who use them.
To impose the levels of document control required by ISO 9001 and 13485 you need a sophisticated digital tool kit that can flex with the demands of commercial growth.