Document Control ~ Software, QM ~ Document Control


Under Document control it is a documented process that determines how documents are created, reviewed, approved, labeled, distributed and updated.

Organizations certified according to ISO 9001 or ISO 13485 are obliged to maintain document control.

1. Object of the document control

It is obvious that document control is about documents. What is less obvious is what documents are.

Some understand documents as the excess of

  • Specification documents (e.g. procedural instructions, work instructions, templates, checklists, forms) e
  • Records (e.g. measurement protocols, checklists and completed forms).

In some cases, “specification documents” and “documents” are used interchangeably, which contributes to confusion.

Fig. 1: Documents, specification documents and records are subject to document control

Therefore, it is useful to refer to the excess of specification documents and records as “documented information”, as ISO 9001 does since version 2015. When it comes to document control (unlike other standards such as ISO 13485), there is no distinction more between standard documents and records.

2. Objectives of document control

The following applies to auditors: If it is not documented, it does not exist. Documents and records are equally important in the audit.

What is meant by document control becomes clearer in English with “Control of Document”: the purpose of document control is to ensure this

  • the correct (correct, complete) information.
  • at the right time
  • to the right recipients

Are available. This in turn requires it

  • no invalid, incorrect or incomplete information is disseminated,
  • invalid information is withdrawn,
  • you know who needs to receive this information,
  • these persons are informed about new, modified or canceled documents e
  • make sure these people understand this information.
    The life cycle of the document that must be ensured during the document control
Fig. 2: The life cycle of the document that must be guaranteed during the document control

3. Regulatory requirements for document control

The aspects just mentioned can be found in standards like ISO 13485. They require you to determine (by documenting, of course :-)) how to do it

  • evaluate documents before distributing them,
  • Updated and approved documents,
  • ensures that changes are recognisable,
  • ensures that documents are available (and remain readable),
  • ensures that no old versions are in circulation e
  • determines the period for which you want to keep documents (although there are specific minimum requirements).

ISO 13485 does not talk about ‘releasing’ documents, but about their ‘approval’.

4. Typical problems: what always goes wrong during the audit

During audits, manufacturers and auditors regularly encounter problems like these:

  • The documents or information are unknown. Just ask an assembly line worker what the quality policy is…
  • There are outdated work instructions in the workplace.
  • Document control was not verified in internal audits.
  • It is unclear which product or software version the documents refer to.
  • There are no updated documents for a product or software version.
  • Development documents such as development plan, After development had begun some time ago.
  • Procedural instructions do not specify how long and how types of documents should be retained, or ignore legal requirements.
  • There are no defined test criteria against which to evaluate different types of documents. A signature alone is not enough.
  • There are documents in the file system or SharePoint whose status (e.g. draft, released, retired) cannot be identified.
  • In the file system there are several files with the same name but with different contents.
  • The manufacturer cannot explain whether and how it formed documents such as work or process instructions or why this was not necessary.
  • The modified specification documents have not been requalified.

The Johner Institute regularly experiences audits where document control leads to deviations. These complaints are not an expression of excessive formalism, but rather of chaos within the medical device manufacturer, which is not limited to documents.

Prepare for ISO 13485 certification success!

With our innovative e-learning platform you will receive the necessary knowledge and learn how to build a compliant quality management system. Avoid typical mistakes when creating your processes and benefit from our insights from hundreds of QM audits. Our practice-oriented learning content gives you the flexibility to adapt the knowledge to your company and needs.

5. Ways to address documents

5.1 Overview

There are numerous technical options available for document management. These include

  • File system, network drive
    Here you should adjust the read and write permissions and ensure that affected people also have access. This is especially a problem in manufacturing.
  • Cloud Talker
    With services like Dropbox or Google Drive and their mobile clients, your employees can easily access documents. However, limiting read or write rights is not that simple.
  • Document management systems
    Applications such as Microsoft Sharepoint (also available as a cloud service) or Alfresco simplify version control and enable the definition of document workflows for creating, reviewing, sharing, publishing and retiring documents. The difficulties usually lie in the details, setup and configuration of the tools, as well as their training.
  • Wiki →PDF
    Some companies work with wiki systems like Confluence and use plug-ins for approval (electronic signature) or export documents in PDF format, i.e. “only” use the wiki as an editor. Tools from our sister company Medsoto like MedPack and DocuPack even save you from having to print.
  • Version control systems
    Development-related companies predominantly use version management systems such as SVN or Git. However, these systems are more suitable for purely textual documents, e.g. B. in Markdown. Overall ease of use is not always guaranteed. On the other hand, features like branching, tagging, comment committing, and integration into authoring tools open up new possibilities. You can find out more about it in the next chapter.

5.2 Example: document control (for technicians only)

5.2.1 Procedure

Engineers can use a combination of Git, Pandoc, and Jenkins tools. With this tool chain you can achieve the following workflow:

  • Document in Markdown
    The author creates a document in Markdown. This is a purely textual language that is very easy to learn. Example: You underline text with an equal sign (“=======”) to mark it as a heading. These texts are directly readable and appear as well-formatted web pages in systems like Github.
  • Storing documents in Git (with corresponding branches)
    The author sends his changes or his new document to a development branch. As soon as it is released, the changes are “merged” into the master branch. When we work on client documents, we create our own branches.
  • Creating Word documents
    Why many people prefer working with Word: Each commit triggers a compilation process that automatically creates a Word document. The version of these Word documents is automatically modified during compilation and stored in the version control system (Git).
  • Work with Word documents
    Optionally, users can synchronize these documents with their computer.

You can also avoid generating Word documents.

5.2.2 Evaluation

Advantages

  • Clear and transparent workflow
  • Simple tracking of changes using Git’s built-in tools (this is time consuming with Word and is only possible using the compare function)
  • Uniform document layout. By editing the template, all documents receive a uniform or new layout.
  • Working with multiple releases in parallel: We can easily merge improvements we have developed for a customer into our main branch.
  • The documents are available to users in the usual Word format.
  • A conversion to PDF, LaTeX, HTML etc. it is “integrated”.

Disadvantages

  • You need to configure the system consisting of Git, Pandoc, and Jenkins (including the build script) and maintain an appropriate tooling landscape.
  • Creating and editing documents requires knowledge beyond using Word.
  • The Markdown language allows only limited layout customization (although you can also align text in tables, lists in lists, footers, etc.).

6. Perspectives

Many organizations still understand document control and its requirements very literally, i.e. as control of documents on paper or as files, e.g. B. as PDF. Most authorities and notified bodies require such documents.

However, document-oriented approaches are a concept of the past. Modern businesses are moving from document-based processes to data-driven processes. This allows them to:

  • greater compliance (e.g. through automated testing),
  • reduced workload (e.g. by automating content creation and review)
  • faster time-to-market and therefore also
  • greater competitiveness.

However, regulatory requirements for document control remain, such as transparency on the (release) status of information or protection against information loss.

The Johner Institute supports medical device and IVD manufacturers in their digital transformation, e.g. B. as part of the Fit for Future program. Producers convert their documents into structured data.

7. Summary

Without precise document control, organizations have little chance of successfully passing an audit. Not only do they create unnecessary regulatory risk, they also increase the likelihood that their products and services will not comply and put patients at risk.

A carefully compiled tool chain helps to minimize the “overhead” in document control. This way you can ensure that the right people have and understand the right information at the right time.

The future of document control is the control of structured information and no longer of documents. Manufacturers should prepare for this and advance their digital transformation.


Changing history

  • 2024-07-29: Link to revised article on electronic signatures added in Chapter 3.
  • 2024-05-02: Introductory text changed, 1st chapter added, other chapters renumbered, Fig. 2 redesigned, 5th chapter structure changed, 6th chapter and last sentence added
  • 03/20/2019: first version created



Automotive

Under Document control it is a documented process that determines how documents are created, reviewed, approved, labeled, distributed and updated. Organizations certified according to ISO 9001 or ISO 13485 are obliged to maintain document control. 1. Object of the document control It is obvious that document control is about documents. What is less obvious is…

Leave a Reply

Your email address will not be published. Required fields are marked *