quality-documentation-manager

$27

Implement document control from creation through obsolescence:

• Assign document number per numbering procedure

• Create document using controlled template

• Route for review to required reviewers

• Address review comments and document responses

• Obtain required approval signatures

• Assign effective date and distribute

• Update Document Master List

• Validation: Document accessible at point of use; obsolete versions removed

Document Lifecycle Stages

Stage

Definition

Actions Required

Draft

Under creation or revision

Author editing, not for use

Review

Circulated for review

Reviewers provide feedback

Approved

All signatures obtained

Ready for training/distribution

Effective

Training complete, released

Available for use

Superseded

Replaced by newer revision

Remove from active use

Obsolete

No longer applicable

Archive per retention schedule

Document Types and Prefixes

Prefix

Document Type

Typical Content

QM

Quality Manual

QMS overview, scope, policy

SOP

Standard Operating Procedure

Process-level procedures

WI

Work Instruction

Task-level step-by-step

TF

Template/Form

Controlled forms

SPEC

Specification

Product/process specs

PLN

Plan

Quality/project plans

Required Reviewers by Document Type

Document Type

Required Reviewers

Required Approvers

SOP

Process Owner, QA

QA Manager, Process Owner

WI

Area Supervisor, QA

Area Manager

SPEC

Engineering, QA

Engineering Manager, QA

TF

Process Owner

QA

Design Documents

Design Team, QA

Design Control Authority

Document Numbering System

Assign consistent document numbers for identification and retrieval.

Numbering Format

Standard format: PREFIX-CATEGORY-SEQUENCE[-REVISION]

Example: SOP-02-001-A

SOP = Document type (Standard Operating Procedure)

02  = Category code (Document Control)

001 = Sequential number

A   = Revision indicator

Category Codes

Code

Functional Area

Description

01

Quality Management

QMS procedures, management review

02

Document Control

This area

03

Human Resources

Training, competency

04

Design & Development

Design control processes

05

Purchasing

Supplier management

06

Production

Manufacturing procedures

07

Quality Control

Inspection, testing

08

CAPA

Corrective/preventive actions

09

Risk Management

ISO 14971 processes

10

Regulatory Affairs

Submissions, compliance

Numbering Workflow

• Author requests document number from Document Control

• Document Control verifies category assignment

• Document Control assigns next available sequence number

• Number recorded in Document Master List

• Author creates document using assigned number

• Validation: Number format matches standard; no duplicates in Master List

Revision Designation

Change Type

Revision Increment

Example

Major revision

Increment number

Rev 01 → Rev 02

Minor revision

Increment sub-revision

Rev 01 → Rev 01.1

Administrative

No change or letter suffix

Rev 01 → Rev 01a

See references/document-control-procedures.md for complete numbering guidance.

Approval and Review Process

Obtain required reviews and approvals before document release.

Review Workflow

• Author completes document draft

• Author submits for review via routing form or DMS

• Reviewers assigned based on document type

• Reviewers provide comments within review period (5-10 business days)

• Author addresses comments and documents responses

• Author resubmits revised document

• Approvers sign and date

• Validation: All required reviewers completed; all comments addressed with documented disposition

Comment Disposition

Disposition

Action Required

Accept

Incorporate comment as written

Accept with modification

Incorporate with changes, document rationale

Reject

Do not incorporate, document justification

Defer

Address in future revision, document reason

Approval Matrix

Document Level 1 (Policy/QM): CEO or delegate + QA Manager

Document Level 2 (SOP): Department Manager + QA Manager

Document Level 3 (WI/TF): Area Supervisor + QA Representative

Signature Requirements

Element

Requirement

Name

Printed name of signer

Signature

Handwritten or electronic signature

Date

Date signature applied

Role

Function/role of signer

Change Control Process

Manage document changes systematically through review and approval.

Change Control Workflow

• Identify need for document change

• Complete Change Request Form with justification

• Document Control assigns change number and logs request

• Route to reviewers for impact assessment

• Obtain approvals based on change classification

• Author implements approved changes

• Update revision number and change history

• Validation: Changes match approved scope; change history complete

Change Classification

Class

Definition

Approval Level

Examples

Administrative

No content impact

Document Control

Typos, formatting

Minor

Limited content change

Process Owner + QA

Clarifications

Major

Significant content change

Full review cycle

New requirements

Emergency

Urgent safety/compliance

Expedited + retrospective

Safety issues

Impact Assessment Checklist

Impact Area

Assessment Questions

Training

Does change require retraining?

Equipment

Does change affect equipment or systems?

Validation

Does change require revalidation?

Regulatory

Does change affect regulatory filings?

Other Documents

Which related documents need updating?

Records

What records are affected?

Change History Documentation

Each document must include change history:

| Revision | Date | Description | Author | Approver |

|----------|------|-------------|--------|----------|

| 01 | 2023-01-15 | Initial release | J. Smith | M. Jones |

| 02 | 2024-03-01 | Updated workflow | J. Smith | M. Jones |

21 CFR Part 11 Compliance

Implement electronic record and signature controls for FDA compliance.

Part 11 Scope

Applies To

Does Not Apply To

Records required by FDA regulations

Paper records

Records submitted to FDA

Internal non-regulated documents

Electronic signatures on required records

General email communication

Electronic Record Controls

• Validate system for accuracy and reliability

• Implement secure audit trail for all changes

• Restrict system access to authorized individuals

• Generate accurate copies in human-readable format

• Protect records throughout retention period

• Validation: Audit trail captures who, what, when for all changes

Audit Trail Requirements

Requirement

Implementation

Secure

Cannot be modified by users

Computer-generated

System creates automatically

Time-stamped

Date and time of each action

Original values

Previous values retained

User identity

Who made each change

Electronic Signature Requirements

Requirement

Implementation

Unique to individual

Not shared between persons

At least 2 components

User ID + password minimum

Signature manifestation

Name, date/time, meaning displayed

Linked to record

Cannot be excised or copied

Signature Manifestation

Every electronic signature must display:

Element

Example

Printed name

John Smith

Date and time

2024-03-15 14:32:05 EST

Meaning

Approved for Release

System Controls Checklist

Access Controls:

• Unique user ID for each person

• Password complexity enforced

• Account lockout after failed attempts

• Session timeout after inactivity

Audit Trail:

• All record creation logged

• All modifications logged with old/new values

• User identity captured

• Date/time stamp on all entries

Security:

• Role-based access control

• Encryption for data at rest and in transit

• Regular backup and tested recovery

See references/21cfr11-compliance-guide.md for detailed compliance requirements.

Reference Documentation

Document Control Procedures

references/document-control-procedures.md contains:

• Document numbering system and format

• Document lifecycle stages and transitions

• Review and approval workflow details

• Change control process with classification criteria

• Distribution and access control methods

• Record retention periods and disposal procedures

• Document Master List requirements

21 CFR Part 11 Compliance Guide

references/21cfr11-compliance-guide.md contains:

• Part 11 scope and applicability

• Electronic record requirements (§11.10)

• Electronic signature requirements (§11.50, 11.100, 11.200)

• System control specifications

• Validation approach and documentation

• Compliance checklist and gap assessment template

• Common FDA deficiencies and prevention

Tools

Document Validator

# Validate document metadata

python scripts/document_validator.py --doc document.json

# Interactive validation mode

python scripts/document_validator.py --interactive

# JSON output for integration

python scripts/document_validator.py --doc document.json --output json

# Generate sample document JSON

python scripts/document_validator.py --sample > sample_doc.json

Validates:

• Document numbering convention compliance

• Title and status requirements

• Date validation (effective, review due)

• Approval requirements by document type

• Change history completeness

• 21 CFR Part 11 controls (audit trail, signatures)

Sample Document Input

{

  "number": "SOP-02-001",

  "title": "Document Control Procedure",

  "doc_type": "SOP",

  "revision": "03",

  "status": "Effective",

  "effective_date": "2024-01-15",

  "review_date": "2025-01-15",

  "author": "J. Smith",

  "approver": "M. Jones",

  "change_history": [

    {"revision": "01", "date": "2022-01-01", "description": "Initial release"},

    {"revision": "02", "date": "2023-01-15", "description": "Updated workflow"},

    {"revision": "03", "date": "2024-01-15", "description": "Added e-signature requirements"}

  ],

  "has_audit_trail": true,

  "has_electronic_signature": true,

  "signature_components": 2

}

Document Control Metrics

Track document control system performance.

Key Performance Indicators

Metric

Target

Calculation

Document cycle time

<30 days

Average days from draft to effective

Review completion rate

>95%

Reviews completed on time / Total reviews

Change request backlog

<10

Open change requests at month end

Overdue review rate

<5%

Documents past review date / Total effective

Audit finding rate

<2 per audit

Document control findings per internal audit

Periodic Review Schedule

Document Type

Review Frequency

Policy

Every 3 years

SOP

Every 2 years

WI

Every 2 years

Specifications

As needed or with product changes

Forms/Templates

Every 3 years

Regulatory Requirements

ISO 13485:2016 Clause 4.2

Sub-clause

Requirement

4.2.1

Quality management system documentation

4.2.2

Quality manual

4.2.3

Medical device file (technical documentation)

4.2.4

Control of documents

4.2.5

Control of records

FDA 21 CFR 820

Section

Requirement

820.40

Document controls

820.180

General record requirements

820.181

Device master record

820.184

Device history record

820.186

Quality system record

Common Audit Findings

Finding

Prevention

Obsolete documents in use

Implement distribution control

Missing approval signatures

Enforce workflow before release

Incomplete change history

Require history update with each revision

No periodic review schedule

Establish and enforce review calendar

Inadequate audit trail

Validate DMS for Part 11 compliance