Document and Data Control: An Integral Component of Quality Management
Companies that produce products with rigorous quality requirements face numerous challenges associated with meeting quality objectives—ranging from the need to comply with quality standards (such as ISO 9001, FDA 21 CFR Part 11, CGMP and EU GMP Annex 11) to operating in highly-regulated and frequently audited environments.
Organizations of all sizes and across all industries can easily fall prey to quality issues without effective information controls as a core component of their quality management systems. The result can range from organizational inefficiencies and poorly allocated resources to negative brand perception, lost revenue and increased liability.
Without a centralized and organization-wide approach to managing their content, companies leave themselves vulnerable because of the difficulty and complexity of managing critical and sensitive information and processes that affect quality and compliance.
Establishing document and data control processes within a quality management framework improves manufacturing and production processes, enhances collaboration, better utilizes existing resources, and drives organizational efficiencies that affect a company’s bottom-line business objectives.
In this white paper, we’ll cover the inefficiencies of manual quality processes, the types of information typically managed within a quality management system, how data management can improve compliance-related activities, and how an effective solution for information control can significantly improve quality systems and processes.
Challenges of Manual Quality Processes
For many organizations, information control processes are managed separately by different departments. This proves ineffective as individuals in one department lack visibility into important data control procedures implemented within other departments. In addition to the challenge of coordinating disparate electronic data management methods, the problem is frequently exacerbated by the use of archaic, manual processes for storing and organizing critical documentation in physical file folders.
Does your organization need to integrate an information management solution within your quality management platform?
To help answer this, here are a few questions to consider:
- Are you able to efficiently route files, obtain approval signatures, and access records for fast responses to manufacturing and quality related issues?
- If your organization must comply with regulatory standards or mandates, how much time do you spend compiling, organizing and managing the documentation for this effort?
- How many regulatory or compliance related files and records does your company misfile or lose on a regular basis?
- How many staff hours are used to route documents, obtain approvals and locate correct file versions?
Manual information control procedures are errorprone, and may inadvertently compromise an organization’s ability to adhere to regulations and standards such as ISO 9001, FDA 21 CFR Part 11, CGMP and EU GMP Annex 11.
Furthermore, organizations can also incur high costs because of the excess time and resources spent manually managing documentation in order to maintain compliance and mitigate operational risks.
Who is the gatekeeper?
A manual quality process often revolves around one person who manages all essential quality-related documentation. What happens if this person is sick, on vacation or if he/she leaves the company?
Did you get that email?
It’s often difficult to get up-to-date information about the state of quality documentation and processes because related information and communications are often dispersed among unrelated collections of paper documents, electronic data, emails and other content. In this environment, it’s almost impossible to get a quick answer to a simple question such as “have the required people read the new instructions we approved two weeks ago?”
How are quality processes managed?
Many companies have instituted quality policies featuring specific repetitive tasks such as weekly system health checks, periodic maintenance, monthly data recovery tests, or regular SOP reviews. However, organizations often find it challenging to actually ensure these tasks are completed on time and according to policy guidelines because only a very limited number of people (often only one) have visibility into how quality processes are managed.
Where does our documentation reside?
Quality management is information intensive, and the number of associated documents can grow exponentially over time. Many quality related records require approval by signature, which traditionally has meant storing paper-based documents in physical file cabinets. In a manual paper-based quality environment, it’s difficult to find documents and verify the existence of back-up files of signed records— not to mention the significant investment in storage space in order to maintain essential documentation.
Have quality issues been resolved?
Audits, inspections and normal daily operations all produce different kinds of issues, non-conformities, audit findings and protocol deviations. Manual quality issue management is not only tedious, but also error-prone and tends to deteriorate over time. Quality managers can do little other than send endless email reminders and make follow-up phone calls about pending corrective actions.
Today, more and more firms have realized that in order to mitigate risk associated with production processes and procedures, an effective document and data management system must be put in place.
Next generation information management solutions deliver a high level of control, empowering organizations to improve productivity, reduce production costs, ensure compliance, and reduce risk.
Establishing Information Categories
Within a Quality Management System
Organizations that operate in quality-intensive and highly regulated industries produce an overwhelming amount of information. Adequately managing inspection sheets, audit reports, nonconformance documents, corrective and preventative actions (CAPA), customer complaints and inquiries can be daunting and resource-draining tasks.
When integrating a solution for document and data control as a component of a quality management system, one of the first steps is to define the categories of content that exist (or will exist) in the course of business. Once primary categories are defined, more specific types of information within each category can also be defined.
The goal of identifying specific data categories is to paint a comprehensive picture of how a product was designed, what decisions were made during the process (including why certain alternative designs were rejected), how a product was tested, and why that testing was reasonable and adequate. Another important goal is to show how a company responsibly processes and responds to complaints and mishaps.
Following are examples of broad information categories companies typically establish within their quality management system:
- Product Design and Development
- Manufacturing/Quality Control
In addition to these general classifications, organizations should also define additional categories and sub-categories based on the specific types of information they produce during business. For instance, subcategories of “Product Design and Development” may include specifications, drawings, or bills of materials (BOM), and for “Personnel” examples of sub-categories or types could be employee reviews and manuals, training certificates, and so on.
Effective Information Management Helps
Firms Achieve Regulatory Compliance FDA-regulated companies that maintain paper-based systems are falling behind – and the reason for the lag is quite evident. Quality systems based on paper document control processes put companies at a competitive disadvantage. Paper-based systems significantly increase the risk of non-compliance with cGMP in organizations regulated by the FDA or those seeking to comply with ISO and other standards.
Electronic information management systems provide a framework for centrally organizing, managing and tracking important content and processes. In addition, they support lean manufacturing practices and quality management programs that ensure efficient processes that comply with government regulations and industry standards.
The Demands of Regulatory Information
Management in a Global Environment
Today’s global companies are overwhelmed with data – so much so that their disparate systems struggle to adequately store and organize it all. Worse still, critical information assets are frequently dispersed, disconnected, duplicated and, all too often, inaccurate. Companies know they need a better approach to regulatory information management – what they often don’t know is where to start and how to weave this vital capability across the enterprise’s diverse business applications.
Data is generated by the day-to-day activities that take place in each department. Regulatory operations personnel, for example, produce documents and develop submissions, which they file for approval. However, a submission begins long before the documents are created. In most cases, data gathering is conducted locally, with responsible departments drawing on the minimal amount of information needed to adhere to regulatory requirements or to track commitments.
What is often missing is the ability to aggregate information across the enterprise so that it can be used to conduct more predictive work, such as project planning across the portfolio, resource planning, and pre-and post-marketing activities. In so doing, companies can manage their activities more holistically and better equip themselves to recognize and act upon information that can impact operations.
Clearly, regulatory information management involves far more than just tracking submissions. The processes and technologies employed to enable successful regulatory content management also help companies to consolidate their disparate systems and produce meaningful information that leads to better decision making.
The starting point is managing and structuring data in a clear and consistent manner. Only by having clean, consistent and reliable data is it possible to build a broad picture of how an organization’s resources are currently being used as well as how they can be maximized in the future.
Compliance, Control and Collaboration
With a formal content management solution in place, companies can simplify compliance procedures, streamline processes, automate information exchange and reduce administrative overhead. As a result, teams can work together in a more effective and efficient manner by keeping personnel connected, informed and on task– providing access to the right information to everyone at any time, from anywhere. Complete, accurate and clear documentation is the key to maintaining compliance in a Good Manufacturing Practice (GMP) environment. Accurate and up-to-date information is needed to establish quality management principles, describe specific processes and procedures and maintain records that demonstrate such processes and procedures were followed.
Together, these principles, processes, procedures and records demonstrate that a manufacturer is operating in a state of control, defined as, “a condition in which the set of controls consistently provides assurance of continued process performance and product quality.” Adherence to GMP specifically requires that, “the quality control unit shall have the responsibility for approving or rejecting all procedures or specifications impacting on the identity, strength, quality and purity of the product.”
Digital Signing: Can We Go Paperless?
In most environments, files are kept either in a digital domain within a document repository, a shared drive or a web-based document portal.
But when it is time to approve or authorize a document, it is often printed and signed with a pen—and thus starts its new life as a hard copy.
The need for handwritten signatures keeps companies stuck with paper-based processes.
It’s easy to understand why traditional handwritten signatures are still so widely used.
They are legally binding, and psychologically, they “just feel right.” But signing documents with a pen has serious process issues including a lack of file control, an adverse impact on productivity, an ever-increasing demand for inefficient physical storage, the constant need to ship papers between company offices, and the risk of losing the signed originals due to a disaster.
For these reasons many companies are now utilizing digital signing capabilities.
However, the digital signing approach has issues as well. For example, there currently is no “universally approved” system or methodology; a specific application and skill set is typically required, and related legislation or regulations are often vague and difficult to interpret.
While these factors may make some companies hesitant to adopt digital signing, simple, affordable and secure solutions are available that comply with FDA and GMP guidelines for electronic signatures.
Content Control Enhances Quality Management
Information management is a critical component of quality management systems. Good manufacturing practices, FDA regulations, ISO standards and other regulations and standards require that companies manage file versions, document and execute standard operating procedures (SOP), control employee access, facilitate training initiatives and implement appropriate change control procedures for all organizational information.
To be competitive in today’s global marketplace, it’s paramount to have a tightly integrated and comprehensive solution for managing and controlling information across the enterprise from within a single, centralized repository. When documents and data can be searched, viewed and managed across multiple integrated systems, efficiency is optimized as organizations significantly streamline workflow processes and reduce costs.
With an effective approach to information management integrated within a quality management framework, companies can control and regulate document access, improve visibility and control revisions across multiple departments, while also providing the necessary level of automated notifications and communication to those people who are affected by the changes. Furthermore, all of these benefits can be realized while maintaining compliance with industry regulations and standards.
The Issue of Complexity
When it comes to access to electronic records, many companies resemble medieval cities: city walls are high and heavily guarded, but once granted access, few doors have locks. In IT terms, once a user is inside the company firewall or connected to a domain, they have access to data on shared drives or similar systems. Particularly sensitive content, such as job contracts, compensation data and employee health information, are often kept in private folders, which means even for those with permission to access such information, the ability to share such files is limited or inefficient.
However, larger organizations and those operating in regulated environments must not only protect their networks from external access, they must also have secure internal access controls to documents and data.
Content is shared, but in a highly controlled fashion. Furthermore, policies implemented years ago can become overwhelmingly difficult to maintain when a company grows.
When the “who-can-do-what” matrix grows complex and large, it is very difficult to get reliable answers to simple questions such as “who has access to our contracts?” or “which documents and data does this person have access to?”
Many information management systems can automate internal access controls, helping to alleviate issues associated with effectively enforcing permissions management policies and procedures.