Both FDA’s 21 CFR 820 and ISO 9001 have requirements for document control. The goal with this section of the standards is to demonstrate that your quality system is compliant, that you design and manufacture products to meet design controls, and that your company is addressing risk management concerns. The FDA typically takes the approach that if something isn’t documented, then it didn’t happen.
In ISO 9001, there is a requirement to “establish, document, implement and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standard.” There is also a requirement to have formal procedures for six activities: control of documents, control of records, internal audits, control of non-conforming product, corrective actions and preventive actions.
When planning your approach to document control, there are a few things to consider:
- Identify the owner of each document
- Determine how long each document type will need to be retained
- Where will your documents be stored, and what form will they be stored in (paper, electronic, etc.)
- When planning your process, think 3-5 years in the future – not just focusing on how to implement it for the short-term
Each document that is generated should be identified with the document number, document title, revision information and page numbering. These documents should be reviewed on a set schedule, to make sure they are still providing current and accurate information. Document control is considered the most critical quality assurance discipline, primarily because information captured in these documents drives nearly every action in any organization. Therefore, being able to control this information can mean the difference between success and failure.