The Impact of Controlled Document Management in Life Sciences
What Is An Example of Document Control?
Version control is the most commonly cited example of document control. It includes policies and tools assigning clear and unique identifying version numbers to documents as well as metadata as a document description. While only the latest version is used and shared, the previous versions are retained to maintain a record of why, how, and when a document was created and the revisions that were made to it. In some cases, change tracking is done by including a change history table at the beginning or end of a document.
In addition to version control, a number of other examples of document control are often referenced, including the following.
Audit trail
An audit trail complements version control, keeping a record of who has accessed or changed documents together with security information such as their user ID and IP address. Audit trails are meant to provide an immutable record that can be used to meet regulatory requirements.
Compliance
Documents that are subject to regulatory compliance require document control systems and processes to ensure that rules are followed.
Data security
Data protection is paramount to effective document control. Systems and processes must be in place to protect sensitive information from data breaches and other threats and meet regulatory compliance requirements. Security is a primary concern in the control of documents.
Document creation
Document control processes and procedures direct who creates a document and how it is created. For instance, document controls related to document creation can specify formatting, naming conventions, and what application should be used to create a document (e.g., Microsoft Word vs. Google Docs).
Document end-of-life
When a controlled document becomes obsolete or is no longer needed, part of document control is end-of-life. Document control procedures dictate that that means—destroy or archive. It also defines access controls for these documents.
Document lifecycle
The process of researching, writing, reviewing, maintaining, and disposing of documents falls under document control.
Document publishing
Once documents are approved, document control processes define how, when, and where they can be published, set access controls, and whether it is for internal-only distribution or can be shared externally.
Document review and approval
Having a document review and approval process provides quality assurance to document control. From creation through final revision, having a standard procedure for reviewing documents to make sure that they meet quality, compliance, and applicability requirements, as well as for approvals, is a key part of document control.
Document retrieval
Document control applies to active and archived documents. Regardless of the state of a document, it must be easily and quickly accessible. Documents should also include metadata descriptions to facilitate searching and retrieval.
Document tracking
Document control tools include those used for tracking access, updates, deletions, sharing, and other activities that impact a document.
Revisions
Once documents are complete, revisions are inevitable. Document control requires that there is a process comparable to the review and approval process to collect, review, and approve modifications. An important part of the revision process is establishing protocols for why, when, and by whom revisions can be made.
Sharing and distribution
Document controls provide governance for sharing and distribution in the form of processes, policies, and tools for distributing documents internally and externally. Included are directions on how parties (e.g., individuals, partners, teams) are identified as approved to access a document, how they are notified about access privileges, and how they receive updated versions of a document.
Traceability
As documents are exchanged traceability capabilities provide an important element of document control. With traceability, there is a log of who sent which document, to whom, when, and why.
What Is the Role of Document Control?
The role of document control is to manage documents to ensure reliability and trust in the veracity of the contents as well as ensuring that organizations get the most value from documents with the least risk. A document control system integrates interrelated processes, workflows, and software products to support the production and management of documents within an organization.
Document control is important for any organization, regardless of the industry, as it helps keep documents up to date and having proper approvals by providing structure to manage the entire lifecycle—creation, revision, distribution, updates, and destruction or archiving at the end of life—in a systematic, verifiable way.
There are many reasons why document control is used, including to:
- Avoid using outdated, incorrect, and inaccurate documents that could result in expensive mistakes.
- Enhance productivity and performance.
- Set permissions for users and admins in a compliant environment
- Ensure the safety of employees in organizations, such as construction or engineering firms.
- Ensures the reliability and validity of documents.
- Help meet regulatory compliance requirements.
- Improve the quality of information.
- Keeps verifiable records of activities surrounding the creation and modification of documents.
- Make sure that documents have undergone necessary reviews and approvals.
Additionally, document control helps organizations by eliminating productivity losses caused by:
- Having to recreate missing documents manually.
- Losing files over email or miscommunication.
- Wasting time manually tracking documents
What Are the Types of Document Control Documents?
The term document can encompass a wide range of content that could require document control based on the information that they contain. Examples of items that could be subject to document control are:
- Defect samples
- Drawings, diagrams, and sketches
- Electronic documentation
- Photos
- Product samples
- Recordings (e.g., audio, video)
When determining if document control is necessary, consider the following questions:
- Are controlling processes defined in the document?
- Are requirements defined in the document?
- Does the document address or relate to a regulatory compliance requirement?
- Does the document provide direction for the production of goods or services provided by the organization?
- Does the information in the document require regular updates?
- Does this require document control?
Not everything requires document control, so limiting document control to those that need it helps reduce administrative costs and time associated with the process. - Is the document used for inspections or testing of goods or services provided by the organization?
- Is the document used to collect data to inform decision-making?
Examples of where document control is used are if a document is:
- A user manual or part of training materials
- Checklists
- Client information and records
- Contracts and other legal documents
- Documents that are often revised
- Flow diagrams
- Forms and templates
- Part of data collection (e.g., forms, templates)
- Part of product verification, inspection, or testing
- Policy
- Product specifications or design specifications
- Required for employees need to make decisions
- Standard operating procedures
- Subject to regulatory compliance
- Used for a governance program (e.g., access controls, data governance)
- Validation and qualification documents
What Is Required for Document Control?
Several required features and functions for document control are as follows.
Accessibility
Document control procedures help streamline access to information. Part of document control procedures is direction on making documents available when and where they are needed. It also includes guidance on how documents can be shared internally and externally in a clear, auditable manner. Also, when documents are shared, this document control procedure specifies what notifications are required to let stakeholders know it was shared and if any changes were made.
Automated workflows
Document control is enhanced with dedicated workflows for various types of documents. It includes guidance on reviews and approvals and keeps documents moving through the process with alerts and other notifications to stakeholders.
Document access controls
A cornerstone of data protection, document access controls ensure that only authorized users can access sensitive documents. Document control procedures define access requirements and enforce access rules, such as who can view the document, edit it, approve it, and share it.
Document approval
Document control procedures can be used to define and enforce approval processes. This can include outlining who needs to be part of the document’s review process, the order of review, who has approval rights, what approvals are required before publication, and which concludes the approval process. In addition to streamlining the document approval process, this document control procedure ensures consistency and guarantees that all documents are appropriately approved. It also creates a complete audit trail that supports compliance requirements.
Document control numbers and metadata
Document control numbers and metadata are used to identify documents, which are assigned by the organization that creates them and facilitate document tracking from origination to disposition.
Document control procedures
Having document control procedures in place provides a framework that enables consistent management and storage of documents as well as directions for what happens at end-of-life.
Document updating and approval of amended documents
Document control procedures related to approvals extend to documents that are updated. For amended documents, this document control directs when, how, why, and by whom changes are made. It also provides a structure for approvals of the updated document, usually following the original document approval workflow. Document control procedures for approving amended documents also log all activity to create an audit trail.
External document control
Since some documents are created, supplied, or updated externally, document control procedures need to include directions on handling these. Considerations for external documents revolve around screening to ensure that they do not contain malware and access rights granted to the creator once a document has been moved inside an organization.
Prevent the use of obsolete documents
To prevent the inadvertent use of obsolete documents, document control enforces archiving or destroying them.
Retention of document versions
While the final version of a document is all that most users see, copies of all iterations should be stored to provide a record of all changes made and by whom as the document went through revisions and approvals. This can be done with a numbering or date system for drafts of the same document. Sometimes it is done using different colors or fonts within the document. No matter how versions of documents are tracked, they must be included in data backups to ensure a record of the document history.
What Is the Standard for Document Control?
The standard most commonly associated with document control is ISO 9001:2015, which requires “control over documented information” to ensure the quality of goods and services by protecting the integrity of the data used to produce them.
According to ISO 9001:2015: “Documented information required by the quality management system and by this International Standard shall be controlled to ensure: it is available and suitable for use where and when it is needed; it is adequately protected (e.g., from loss of confidentiality, improper use, or loss of integrity).” |
The ISO 9001:2015 standard also requires organizations to establish a documented procedure to control several aspects of documents, including:
- Approval
- Change tracking
- Disposition
- Identification
- Legibility
- Protection
- Retention
- Retrieval
- Review
- Storage
ISO 9001:2015 also states, "A documented procedure shall be established to define the controls needed:
- to approve documents for adequacy before issue,
- to review and update as necessary and re-approve documents,
- to ensure that changes and the current revision status of documents are identified,
- to ensure that relevant versions of applicable documents are available at points of use,
- to ensure that documents remain legible and readily identifiable,
- to ensure that documents of external origin are identified and their distribution controlled,
- and to prevent the unintended use of obsolete documents, and to apply suitable identification to them if they are retained for any purpose."
Another document control element of ISO 9001:2015 is a quality management system (QMS). Document control is mandated for the documents needed for the quality management system. Regarding a QMS, ISO 9001:2015 states, “A QMS should maintain documented information to the extent necessary to support the operation of processes and retain documented information to the extent necessary to have confidence that the processes are being carried out as planned.” In addition, it says,
“The extent of the QMS documented information can differ from one organization to another due to:
- The size of the organization and its type of activities, processes, products, and services;
- The complexity of processes and their interactions;
- The competence of persons.”
The good news for organizations is that, while ISO 9001:2015 requires having a QMS in place, the way these document controls are implemented and executed can vary based on the size and complexity of their operations. Although a QMS can not be pieced together using a file server or hosted file-sharing service, smaller organizations can invest in something other than an enterprise-grade solution. ISO 9001: 2015 provides the flexibility to create and deploy QMS solutions that meet requirements to ensure quality outcomes.
Discover the Many Benefits of Document Control
Document controls offer organizations many benefits, including the following.
- Anytime-anywhere availability of documents for authorized users
- Better data protection and security
- Compliance with regulatory requirements
- Enhanced document accessibility
- Expedited response time for document retrieval for internal and external requests
- Faster inspections and audits
- Faster search and locating of documents
- Improve Quality
- Improved access to information
- Increased productivity
- Protection of an organization’s reputation
- Reduced operational cost
- Reduction in the use of paper for records
- Scalability to accommodate growing volumes of documents
- Standardized approach to documents that drives consistency
- Streamlined change management
- Support for traceability
Egnyte has experts ready to answer your questions. For more than a decade, Egnyte has helped more than 22,000 customers with millions of customers worldwide.
Last Updated: 23rd January, 2024