Quality Documentation Manager

Document control system design and management for ISO 13485-compliant quality management systems, including numbering conventions, approval workflows, change control, and electronic record compliance.

Table of Contents

• Document Control Workflow

• Document Numbering System

• Approval and Review Process

• Change Control Process

• 21 CFR Part 11 Compliance

• Reference Documentation

• Tools

Document Control Workflow

Implement document control from creation through obsolescence:

• Assign document number per numbering procedure

• Create document using controlled template

• Route for review to required reviewers

• Address review comments and document responses

• Obtain required approval signatures

• Assign effective date and distribute

• Update Document Master List

• Validation: Document accessible at point of use; obsolete versions removed

Document Lifecycle Stages

Stage Definition Actions Required

Draft Under creation or revision Author editing, not for use

Review Circulated for review Reviewers provide feedback

Approved All signatures obtained Ready for training/distribution

Effective Training complete, released Available for use

Superseded Replaced by newer revision Remove from active use

Obsolete No longer applicable Archive per retention schedule

Document Types and Prefixes

Prefix Document Type Typical Content

QM Quality Manual QMS overview, scope, policy

SOP Standard Operating Procedure Process-level procedures

WI Work Instruction Task-level step-by-step

TF Template/Form Controlled forms

SPEC Specification Product/process specs

PLN Plan Quality/project plans

Required Reviewers by Document Type

Document Type Required Reviewers Required Approvers

SOP Process Owner, QA QA Manager, Process Owner

WI Area Supervisor, QA Area Manager

SPEC Engineering, QA Engineering Manager, QA

TF Process Owner QA

Design Documents Design Team, QA Design Control Authority

Document Numbering System

Assign consistent document numbers for identification and retrieval.

Numbering Format

Standard format: PREFIX-CATEGORY-SEQUENCE[-REVISION]

Example: SOP-02-001-A

SOP = Document type (Standard Operating Procedure) 02 = Category code (Document Control) 001 = Sequential number A = Revision indicator

Category Codes

Code Functional Area Description

01 Quality Management QMS procedures, management review

02 Document Control This area

03 Human Resources Training, competency

04 Design & Development Design control processes

05 Purchasing Supplier management

06 Production Manufacturing procedures

07 Quality Control Inspection, testing

08 CAPA Corrective/preventive actions

09 Risk Management ISO 14971 processes

10 Regulatory Affairs Submissions, compliance

Numbering Workflow

• Author requests document number from Document Control

• Document Control verifies category assignment

• Document Control assigns next available sequence number

• Number recorded in Document Master List

• Author creates document using assigned number

• Validation: Number format matches standard; no duplicates in Master List

Revision Designation

Change Type Revision Increment Example

Major revision Increment number Rev 01 → Rev 02

Minor revision Increment sub-revision Rev 01 → Rev 01.1

Administrative No change or letter suffix Rev 01 → Rev 01a

See references/document-control-procedures.md for complete numbering guidance.

Approval and Review Process

Obtain required reviews and approvals before document release.

Review Workflow

• Author completes document draft

• Author submits for review via routing form or DMS

• Reviewers assigned based on document type

• Reviewers provide comments within review period (5-10 business days)

• Author addresses comments and documents responses

• Author resubmits revised document

• Approvers sign and date

• Validation: All required reviewers completed; all comments addressed with documented disposition

Comment Disposition

Disposition Action Required

Accept Incorporate comment as written

Accept with modification Incorporate with changes, document rationale

Reject Do not incorporate, document justification

Defer Address in future revision, document reason

Approval Matrix

Document Level 1 (Policy/QM): CEO or delegate + QA Manager Document Level 2 (SOP): Department Manager + QA Manager Document Level 3 (WI/TF): Area Supervisor + QA Representative

Signature Requirements

Element Requirement

Name Printed name of signer

Signature Handwritten or electronic signature

Date Date signature applied

Role Function/role of signer

Change Control Process

Manage document changes systematically through review and approval.

Change Control Workflow

• Identify need for document change

• Complete Change Request Form with justification

• Document Control assigns change number and logs request

• Route to reviewers for impact assessment

• Obtain approvals based on change classification

• Author implements approved changes

• Update revision number and change history

• Validation: Changes match approved scope; change history complete

Change Classification

Class Definition Approval Level Examples

Administrative No content impact Document Control Typos, formatting

Minor Limited content change Process Owner + QA Clarifications

Major Significant content change Full review cycle New requirements

Emergency Urgent safety/compliance Expedited + retrospective Safety issues

Impact Assessment Checklist

Impact Area Assessment Questions

Training Does change require retraining?

Equipment Does change affect equipment or systems?

Validation Does change require revalidation?

Regulatory Does change affect regulatory filings?

Other Documents Which related documents need updating?

Records What records are affected?

Change History Documentation

Each document must include change history:

21 CFR Part 11 Compliance

Implement electronic record and signature controls for FDA compliance.

Part 11 Scope

Applies To Does Not Apply To

Records required by FDA regulations Paper records

Records submitted to FDA Internal non-regulated documents

Electronic signatures on required records General email communication

Electronic Record Controls

• Validate system for accuracy and reliability

• Implement secure audit trail for all changes

• Restrict system access to authorized individuals

• Generate accurate copies in human-readable format

• Protect records throughout retention period

• Validation: Audit trail captures who, what, when for all changes

Audit Trail Requirements

Requirement Implementation

Secure Cannot be modified by users

Computer-generated System creates automatically

Time-stamped Date and time of each action

Original values Previous values retained

User identity Who made each change

Electronic Signature Requirements

Requirement Implementation

Unique to individual Not shared between persons

At least 2 components User ID + password minimum

Signature manifestation Name, date/time, meaning displayed

Linked to record Cannot be excised or copied

Signature Manifestation

Every electronic signature must display:

Element Example

Printed name John Smith

Date and time 2024-03-15 14:32:05 EST

Meaning Approved for Release

System Controls Checklist

Access Controls:

• Unique user ID for each person

• Password complexity enforced

• Account lockout after failed attempts

• Session timeout after inactivity

Audit Trail:

• All record creation logged

• All modifications logged with old/new values

• User identity captured

• Date/time stamp on all entries

Security:

• Role-based access control

• Encryption for data at rest and in transit

• Regular backup and tested recovery

See references/21cfr11-compliance-guide.md for detailed compliance requirements.

Reference Documentation

Document Control Procedures

references/document-control-procedures.md contains:

• Document numbering system and format

• Document lifecycle stages and transitions

• Review and approval workflow details

• Change control process with classification criteria

• Distribution and access control methods

• Record retention periods and disposal procedures

• Document Master List requirements

21 CFR Part 11 Compliance Guide

references/21cfr11-compliance-guide.md contains:

• Part 11 scope and applicability

• Electronic record requirements (§11.10)

• Electronic signature requirements (§11.50, 11.100, 11.200)

• System control specifications

• Validation approach and documentation

• Compliance checklist and gap assessment template

• Common FDA deficiencies and prevention

Tools

Document Validator

Validate document metadata

python scripts/document_validator.py --doc document.json

Interactive validation mode

python scripts/document_validator.py --interactive

JSON output for integration

python scripts/document_validator.py --doc document.json --output json

Generate sample document JSON

python scripts/document_validator.py --sample > sample_doc.json

Validates:

• Document numbering convention compliance

• Title and status requirements

• Date validation (effective, review due)

• Approval requirements by document type

• Change history completeness

• 21 CFR Part 11 controls (audit trail, signatures)

Sample Document Input

{ "number": "SOP-02-001", "title": "Document Control Procedure", "doc_type": "SOP", "revision": "03", "status": "Effective", "effective_date": "2024-01-15", "review_date": "2025-01-15", "author": "J. Smith", "approver": "M. Jones", "change_history": [ {"revision": "01", "date": "2022-01-01", "description": "Initial release"}, {"revision": "02", "date": "2023-01-15", "description": "Updated workflow"}, {"revision": "03", "date": "2024-01-15", "description": "Added e-signature requirements"} ], "has_audit_trail": true, "has_electronic_signature": true, "signature_components": 2 }

Document Control Metrics

Track document control system performance.

Key Performance Indicators

Metric Target Calculation

Document cycle time <30 days Average days from draft to effective

Review completion rate

95% Reviews completed on time / Total reviews

Change request backlog <10 Open change requests at month end

Overdue review rate <5% Documents past review date / Total effective

Audit finding rate <2 per audit Document control findings per internal audit

Periodic Review Schedule

Document Type Review Frequency

Policy Every 3 years

SOP Every 2 years

WI Every 2 years

Specifications As needed or with product changes

Forms/Templates Every 3 years

Regulatory Requirements

ISO 13485:2016 Clause 4.2

Sub-clause Requirement

4.2.1 Quality management system documentation

4.2.2 Quality manual

4.2.3 Medical device file (technical documentation)

4.2.4 Control of documents

4.2.5 Control of records

FDA 21 CFR 820

Section Requirement

820.40 Document controls

820.180 General record requirements

820.181 Device master record

820.184 Device history record

820.186 Quality system record

Common Audit Findings

Finding Prevention

Obsolete documents in use Implement distribution control

Missing approval signatures Enforce workflow before release

Incomplete change history Require history update with each revision

No periodic review schedule Establish and enforce review calendar

Inadequate audit trail Validate DMS for Part 11 compliance