Using Document Control Software to Comply With Iso Requirements

Using Document Control Software to Comply With Iso Requirements

The objective of a document control software system is to make sure that good manufacturing methods are recorded and improved on. ISO standards require that the process and the documentation directing the manufacturing methods, and any changes to them, are restricted to authorised personnel with any changes recorded for future examination. Therefore ISO certified organisations are required to have a system for controlling the changes to their documents.

One of the challenges of having an ISO system, whether it is certified or not, is to be able to continuously maintain it after it has been set-up. A paper or hybrid electronic/paper systems will require diligence and perseverance on the part of the organisation and senior management in particular for the processes to be maintained and updated. It is in fact not unheard for a system to be left unattended once certification has been achieved and for it to be resurrected only when an audit is imminent because the organisation has considered it to be too time consuming to maintain. Manual systems can also be error prone with uncontrolled documents being made available or new versions not appearing in time. In order to eliminate these problems organisations are increasingly turning to quality management software systems.

This article focuses on the document control element of a quality management system and on how its processes allow an organisation to increase the efficiency of maintaining its processes, controlling the distribution of documents and generally improving profitability.

We will now cover the areas that we think need to be considered when deciding to opt for a document control software system:


• User/Password protection – The system must require a unique Username/Password combination for each user with access to the system. In addition the password must be an alphanumeric combination to further ensure that it cannot be logically recreated.

• Intruder lockout – An account should be automatically locked out if a user attempts to login using an inaccurate login combination. This is activated when a preconfigured number of false attempts have occurred and protects against unauthorized attempts by individuals to access the system. The System Administrator is the only individual who can re-set a locked out account.

• Document access restrictions – Each person within an organisation has a role. While each role is unique it may or may not interact with another role in the same organisation. As a result a system needs to be able to restrict access on the basis of their role with the documentation. In most cases this is Viewing (Read Access), Authoring (Write Access) and Approving, with users being given one or more roles for the documentation in question.


Document management capabilities ensure that the iterative elements that are required for an ISO system are automated or simplified thereby increasing efficiency.

• Application independence – A system must be able to control documents from a variety of commonly used applications i.e. Word, Excel, video, audio etc…

• Lifecycle management – Documents must follow a strict lifecycle from Draft to Published to Archived. While this can be based on the type of document it must however restrict access at its various stages.

• Document history – All events that a document goes through must be automatically recorded and accessible by the approved users.

• Central and safe storage – Documents must be stored in such a way to ensure only authorised access while at the same time shielding against loss or destruction.


Version control of a document is both time consuming and can lead to embarrassing mistakes when a new version needs to replace an older version. A document control system can provide some key automation benefits:

• Availability of the latest version – Only the latest approved version of a document needs to be available with no confusion to the people who need to use them.

• Automatic routing – As defined by its type a document should follow a routing whereby approvers are automatically notified when a document is to be approved, reviewed or when a change request ha been issued.

• Automatic document replacement – Newer approved versions of a document must automatically replace the older version and shift into archive.

• Automatic email notifications – E-mail notifications should be provided to inform users when they are required to perform a task or need to be aware of an event. This should be able to be deactivated but at the same time there must always be some alternative form of notification that cannot be able to be deactivated. For required tasks this should apply for reviews, approvals and change requests. For events this should apply for publishing, confirmed rejections and rejected change requests.

• Approval history – Managers should be able to view the complete approval status and history of a document as it is going through its workflow routings.

• Automatic publishing on approval – Once a document is approved it should automatically be published to users who have been given access to it and replace any prior versions which are then archived.


An easy to use system administration should ensure that any user can understand the system while having a minimal IT understanding or appreciation:

• Preconfigured routing – Routings rules should be set and fixed under the bonnet with an easy to understand attribute setting all governed by Document Types also known as Approval Types.

• Configurable user access rights – While keeping with the concept of keeping things simple the system administrator should be able to configure read and write access rights by grouping of documents.

• System reporting – A simple report builder should be integrated with the system giving administrators the ability to create reports while at the same time benefiting from a selection of standard built in reports.


A document control system should provide users with an easy to learn experience:

• Platform independence – No restriction as to the platform the system works on or as it integrates with different databases.

• No installation requirements – No need to install software on a client’s infrastructure ensures that the system can be easily evaluated and be up and running in a flash.

• Web-based client access – Ability to connect to the system from any Internet connection regardless of physical location. This means that geographically dispersed clients as well as suppliers and customers can access the system without any additional software or hardware infrastructure requirements.

• Search capability – Ability to search for documents using keywords and only list documents that meet the search criteria and the user’s access rights.

• Grouping of documents – An easy to use graphical interface similar to the Windows treeview with folders and sub-folders where documents can be grouped and searched for logically.

• Training for system administrators and regular users – Training to be available to both of the users using a simple method which can be delivered over the Web and can be easily interrupted and started up where left off.


Once a document control system has been chosen a clear identification of responsibility for each type or class of document must be well thought out and planned. This is to ensure that the system is an effective one and is focused only on the people who have a role in the system. The specific groupings for a system that groups both documents and users are as follows:

• Grouping of documents – Documents within a document control system have a purpose and when that purpose is identified then the documents can be logically grouped. This is to ensure that ultimately only the users who need to have a role in those documents can be given that role.

• Readers of documents – Access to documents must be restricted to the users who effectively need to use the documents as part of their job responsibility. This is where a document control system starts and ends and time must therefore be invested in grouping documents and determining which people have access to each grouping of documents. Certain software system only provide access to groups of users so in addition to grouping the documents the users having access to the document groups in themselves need to be grouped.

• Writers of documents – These are the people who have management responsibility over the documents. They will be originators or authors of the documents and will have the responsibility for updating them. They may also be readers of the documents. Generally, this may either be at a department or functional level or at an organisation level depending on how large or complex the organisation is. When changes are made to a document they will be required to report on the reason and the detail of the changes.

• Approvers of documents – Controlled documents must go through a review and approval process. These are the users who have the task of making sure that the documents are accurate. They will tend to be experts in their relative fields so they may be required only to review and approve documents in their functional areas. They may also be readers and writers of documents.

In identifying these four groupings the supporting structure of the document control system is built and from there a smooth running system can be configured. It is of overwhelming importance that plenty of time is allowed for this stage as it will pay dividends in the long run.


Companies that have moved from a manual to an electronic document control system will say that their day-to-day task has been made easy and that they have made a speedy return on their investment (ROI). However, they will also agree that the transition has required an important investment in time to ensure that the structure of the new system has been well planned out. Finally, they will also have been relieved that when they chose a hosted document control system that it did not necessitate any upgrades in their IT infrastructure.

Source by Christopher Stainow