We are using cookies in order to offer you the most relevant information. We have published
new Cookie Policy which you should read to find out more. more.
Please accept cookies for optimal performance.

ISO 12651-2 defines a document as "recorded information or object which can be treated as a unit". Err… Yup!... Got it!... Been treating recorded objects as a unit for, well… forever…  

Sometimes you just have to admire their creativity!

On the more serious side, we’re still talking compliance and for that, there are 6 “essentials” your Document Management (DM) system software should have…

First, the use of the DM is to track, store and control documents, to prove compliance. However, I want to remind you that although compliance is important, getting your users “on board” and using it is even more so - without them, compliance is but a pipe dream.

Second issue related to compliance: if your DM software/System is connected to your QMS, then you need to validate it.So how to get the team on board… we’ll through processes or workflows that realistically reflect how the team actually works. Until recently, documenting the process, or procedure was required for ISO 9001 compliance. This has now changed, sort of. Although there is no requirement to document the procedure/process, there is a requirement to document how you control documents. That’s Six of one, half-dozen of the other. Same, same really.

The second issue related to compliance: if your DM software/System is connected to your QMS, then you need to validate it. If you are validating only for ISO 13485: 2016, then it must be validated simply for its use. For FDA QSR, there is a twist, it must be validated for its “intended use”, which is a bit more involved. For anyone else, just doing ISO or other regulatory compliance, I’d suggest simply following the rules for ISO13485.  

Thirdly, not all DM systems are created equal. How the details are implemented is what sets them apart. So it is important to understand your needs and its use or intended use if you want to ensure it meets your compliance needs. Big business has very different needs from the Startup and the Small Company. Where a strategy based on the organizational hierarchy is important for big business, focusing on the team and the tasks, related to compliance, for example, a project focus, is better for startups and Small companies!

Irrespective of the approach, categorization, tagging, and indexing will help you find the documents and files you need.

Cloud Acces

Whatever you use, there are 6 essentials to every DMS.

1. FDA CFR Part 11 and ISO 13485:2016 regulatory compliance.

Obviously, a DMS should help you in your quest for regulatory and standards compliance. Some features to assist with this include what some vendor calls a QMS Vault combined with verified authorizations, whether eSignatures of some kind of an identity validation function. QMS Approved documents need to be locked up in a secure manner within the DMS. A QMS Vault is a separate and distinct directory, where QMS Approved documents will be securely stored with read-only access. Access is tightly controlled. This protects the “originals” in electronic form.

Yet the key to compliance is being able to produce the documentation for each project in a manner acceptable to the regulators. These types of reports and how they were produced are the key to compliance. Take a good look at how this is done to ensure it still fits your “use”.

 

2. Electronic Trail & Control. There are 7 elements for this.

Versioning. The starting point is versioning. Save a file, new version and old one is retained. Roll-back allows you to view a previous version in the event something is not right with the current. Compliance requires versioning. However, a DM will put limits on the number of versions retained and for how long.

Tagging helps users find files. In the olden days, a document had a “history” box on it. A DM lets you put this as a separate file. Save a file, open a tag box and enter the details. Very easy for users and makes the search very effective.

Stamps. It is very useful to Stamp a document as Original or Draft or Released. Some DM allow this and also annotate the history file to show when it was stamped and by whom. This stuff can also get pretty crazy… so fit your needs. 

QMS Roles and there is more than one doing the approval

Audit Trail. Definitely a compliance issue. You want to know who downloaded it, uploaded it, when and if possible, from where. If you want to catch a thief, this is the starting point.

Change of Control. A document written by one person can change control and be attributed to another. The audit should reflect this as well as the tagging info. This is especially important when working with QMS Roles and there is more than one doing the approval.

 Locking. For compliance, a document that is QMS Approved should then be “locked”. Cannot be modified – EVER! It should not be allowed to be erased either, without CEO explicit permission. FDA is very strict on this matter and Regulatory Approvals must be kept for a specified period depending on the Regulations. For example, FDA requires that for a Class II medical device, a record must be retained for 2 years after production has ceased. Otherwise, jail time is involved… similarly for “doctoring” a QMS Approved document.

 

 

3. Permissions & Security.

A secure system is defined not by its access controls, login, but by the way users are given permitted access to the documents or files. On the one hand, it must allow users to do their job, on the other hand, they should not be allowed to snoop through every company secret. Confidentiality is still on the menu. The optimal way to handle security and permissions is through roles as users work in teams with similar needs. For example, assigning a group of users the role of Reader means they can only read documents, not edit them. Or Developer, that can create new documents but require Approval but only in certain projects. Make it easy enough to let them do their work, but secure enough they cannot steal it all. Lastly, there should be an access log, of what file was accessed by whom, and when, including upload and download. (it was discussed above, but it applies here too).  

 

4. Integration.

A DM that does not integrate into anything is just a Storage System. Dropbox with directories, a traditional library with extra features (but no benefits). A DM should integrate into the workflows and workflow processes that drive the team. Download a compliance form, complete it, upload it. The DM should know how to work within the workflow, as part of the process. The best, however, integrates directly into the Project Management Software. Few out of the box DM can do that and some are integrated by design. After all, a DM is the heart of compliance.

The advantage of DM integrated into Project Management is simple if there is a document that is project related it is associated with and remains in the project. Yet, can be “found” as part of the DM. Project files are used in the project. So storing them there makes the most sense, especially if the DM is capable of finding them wherever they are located. It also means compliance is more straightforward as the bulk of the details related to the project itself.

A DM should integrate into the workflows and workflow processes that drive the team

A desktop app, ala Dropbox™ app or Microsoft OneDrive™ that sync files on your desktop with those in storage are a HUGE productivity boost. But they don’t necessarily integrate into the Projects. One App puts both the desktop files functionality of a Dropbox™ App and of a fully integrated Project Directory functionality. It mirrors the Projects files a user has permission to access on their desktop. Save a file locally and it is synced directly into the project with all the controls expected of a DM system. This is productivity on steroids.

 

5. Easy to implement and simple to use

It’s all about the user. An Intelligently Organized DM system can greatly influence the ability and will of team members to use it. Make it logical to them and they will use it. They will know how to support each other too. It also needs an attractive UI – code for logical to understand. What’s easy to understand is easy to use, and what is easy to use, will be used.  A strong and robust search feature with proper filters will support any needs, so it needs to be flexible. All kinds of files should be supported, with a preview option. Without a preview, users will search using the download and open option absorbing precious network bandwidth. Lastly, dropping a document into a chat is essential. The DMS should be accessible from and for many parts of whatever other systems you use.

 

6. Advanced Document Search

Search for files and documents needs to be easy and as much effortlessly as it can. Any document should be listed and filtered by any parameters, including the search for documents related to specific processes, projects, sub-projects, tags, type of documents, etc., search results should be printed if required. Search for files and documents needs to be easy and as much effortlessly as it can. Any document should be listed and filtered by any parameters, including the search for documents related to specific processes, projects, sub-projects, tags, type of documents, etc., search results should be printed if required.

 

 

Conclusion

A good DMS should work for you, not you for it. It should be user-friendly and team focused to support whatever kind of Project the team is working on. They come in many flavors and colors. DMS is not an end in itself, it is there to support other aspects of how teams work and the tools they use to get that done.

 If it’s not documented, it does not exist.


Download the infographic

 

Comments (0)

*your email will not be published

No comments.

Get a Personal
Walkthrough to See:

  1. eQMS at its best, demoed to you as an auditor would see the audit.
  2. How to work your team to achieve product development success?