In a word, “yes”. Document control is a regulatory requirement for lines of business as seemingly diverse as accounting (e.g., 8th EU Directive, Sarbanes-Oxley) and food safety (e.g., Food Safety Modernization Act). Financial auditors and FDA inspectors alike want to see evidence that you are meeting legal requirements and, of course, your documents — procedures, work instructions, policy statements, etc. — are a part of that evidence. It’s in your interest to have those documents under control. Don’t comply and you could face fines, the loss of business, and damage to your reputation.
Document control is also addressed in numerous guidelines and standards. To comply with the standards that apply to your line of business (e.g., ISO 9001, AS9100), you have to have a system for controlling documents, especially those that are critical to the quality, safety, etc., of your products.
And, document control is simply a good business practice. It should be obvious that having everyone in the organization “on the same page” with respect to the mission, objectives, policies and procedures makes the pieces mesh and makes the organization run better.
Unfortunately, document control is sometimes overlooked by upper management as an area for possible process improvement, even though food safety inspectors, quality auditors, and financial auditors commonly write audit findings or qualify their audits on the basis of materially deficient or nonconforming document control practices.
FDA Regulatory Requirements Are Clear
Section 820.40 of Title 21 of the U.S. Code of Federal Regulations (Food and Drugs-Medical Devices-Quality Regulation-Document Control) states that a designated individual or individuals must review documents for adequacy and approve them with a date and signature before issuing them. Documents must be “available at all locations for which they are designated, used, or otherwise necessary and all obsolete documents shall be promptly removed from all points of use or otherwise prevented from unintended use.”
Furthermore, the code states that, unless you specify otherwise, changes to documents must be reviewed and approved by individuals in the same function/organization that performed the original review and approval. Approved changes must be communicated to the appropriate personnel in a timely manner, and records of changes to documents must include a description of the change, note which documents are affected, have the approver’s signature, and state the effective date of the change.
ISO Standards on Document Control Are Equally Clear
ISO 9001 requires (and by extension, many other ISO standards require) that you establish and document a procedure for:
- Reviewing and approving documents prior to issuance;
- Reviews, updates (as needed), and reapprovals;
- Ensuring changes and revisions are clearly identified;
- Ensuring that relevant versions of applicable documents are available where they are needed (or at their “points of use”);
- Ensuring that documents always remain legible and are readily identifiable;
- Ensuring that documents of external origin (e.g., customer-supplied plans, vendor instructions for use and care) are identified and their distribution is controlled; and
- Preventing “unintended” use of obsolete documents (applying suitable identification, such as “OBSOLETE-DO NOT USE”, if they must be retained).
As you might have guessed, a manual system of document control — paper documents, in filing cabinets — can be a lot of work, which often leads to the system’s deterioration and disuse.
OnPolicy.com Streamlines Document Control
If all your documents are electronically based, changes are as a simple as opening the original document on your screen, making the necessary changes, and submitting them for review. If you have an online document management system — like “OnPolicy.com” — for controlling the review, approval, and release of documents, as well as versioning and distribution, effective document control is a “non-issue” come audit time.
- Saves all changes (revisions) as separate documents and lets typical users see only the current revision;
- Notifies appropriate parties of actions (e.g., document review) to be taken;
- Lets you vary the “effective date” of a document (it doesn’t have to be the same as the “release date”);
- Lets you inform certain individuals of a document’s status without them having to take part in the review-and-approval process;
- Confirms that people who are required to read certain documents have read them;
- Lets you know if they haven’t read the document, as required, so you can send them a reminder;
- Leaves a detailed log of document status and activity (i.e., an audit trail);
- Lets you give auditors permission to see all released documents online, so they can perform desk audits without having to gather reams of paper, sort the documents, make copies, store the copies, and ensure their safe disposal;
- Makes only the latest release available to users;
- Ensures that documents are reviewed periodically, in compliance with regulations and/or standards; and
- Lets you assign documents to departments and categories, to enhance navigation and usability.
That’s it! Document access is controlled, revisions are automatic, and the required review-and-approval process, or “Work Flow“, is maintained.
“Onpolicy.com” document compliance software allows you to conform to all document management criteria for revision and access control. It provides compliance document back-up, audit reports, easy remote access for mobile devices, and offers access to the entire Bizmanualz policy and procedure library.
If you need to conform to industry standards and regulations, you need the kind of document control we can provide. See us at http://www.OnPolicy.com for more information.