Hi folks,

I am interested in hearing how, and if, people include forms on databases in there document control systems. I know in my experience that auditors from registration bodies have never picked up on this but as far as my interpretation of the ISO 9001 standard goes they should be subject to the same control as paper forms.

So do people tend to include these electronic forms in their document control? and has anyone ever had a request for a registrar to include these?

Thanks for your help. :)

So do people tend to include these electronic forms in their document control? and has anyone ever had a request for a registrar to include these?Auditors have asked, but I regard the entire database in question as a (the) record, and that is pretty much it. They have never objected to that view.

/Claes

Claes has described the way most organizations view electronic documentation:

The "Record" is the data in the database. This is what is really controlled.
The "Form" used to enter or display the data is like any other blank form - it may be modified (revised), but the data may not be changed. Think of changes to the "form" in the same manner you might think about changing the colors in the screen display or moving from a 15 inch monitor to a 21 inch monitor - the display may look different, but the data remains the same.

Bottom line:
If the documentation system is electronic, auditors are concerned about the integrity of the data, not the screen display.

If the documentation system is electronic, auditors are concerned about the integrity of the data, not the screen display.
Electronic forms can be changed, and the changes can affect the integrity of the data. If the user's only input medium is a form, and the form fields are designed to capture data required for analysis or some other useful purpose, then changing the form can be a bad thing, and should be protected against. IMO, those forms should be revision-controlled.
Now, as a matter of practicality, the access controls of the database should also protect the forms, but there should still be a record (there's that word again) of changes to the forms.
It's also good to remember that the word "record" is defined differently in database construction than it is in ISOland. Claes says that he considers his entire database to be a record (using the ISO definition of the word) but a database record is a related group of fields (or a single distinct field, kept separate from other similar data) and a group of related records is a file.

Hi folks,

I am interested in hearing how, and if, people include forms on databases in there document control systems. I know in my experience that auditors from registration bodies have never picked up on this but as far as my interpretation of the ISO 9001 standard goes they should be subject to the same control as paper forms.

So do people tend to include these electronic forms in their document control? and has anyone ever had a request for a registrar to include these?

Thanks for your help. :)

In my experience, the ISO 9001 auditor was happy with my forms within the database because my master list described the revision history for the forms that were in the database. Yes, I listed if fields were added, deleted, etc. I've been including the revision history of forms with the master list for a few years now, and auditors seem to like it. I still put revision history for procedures and instructions directly on those documents.

--QG

Thinking about this in a logical way, we begin by asking why we should control the forms? Looking at 4.2.3 a-g stuff, we can get our answers. So, how do you meet a-g through electronic forms? Typically, only select individual(s) can change the fields on the form itself. We can also make it so certain fields are required (the form cannot be submitted missing that data). Normally, there is only one place to get the form (only one version available). All of this makes the form “self-controlling”.

4.2.3 a): Someone approves the form (think fields)
4.2.3 b): There is a process to review and modify the form
4.2.3 c): There is only one version ever available, but when a change is made, the person in a) ensures the changes are identified
4.2.3 d): Everyone who needs to form needs to have access to it
4.2.3 e): The form is identified by the program that initiates the form (even if it is on a “desktop” – it will still be identified)
4.2.3 f): If the form is generated off-site, it still needs to meet the above
4.2.3 g): Older versions of the form may be kept for some reason, but disabled to prevent accidental usage.

The rules of document control still apply, but they are much more automatic than with regular paper and electronic documents. Hope that helps.

We are tackling this as we speak...errr.....type :D I am currently heading up a project to eliminate as many hard copy manuals as possible. We are accomplishing this by uploading the manuals to our company intranet site. As a manual is uploaded a notification list is assigned to it. The system than automatically emails these parties notifying them that a new/revised document is ready for them to view/approve. this serves as the approval sign off we currently have in place. Upon their viewing of the document a record is generated/kept in the mainframe showing who approved it. The document up to this point is only visible to the party uploading it and the people on the notification list. Upon approval the document becomes accessible to all.
We are taking the manuals and converting them to PDF files. If anyone wishes to print them a watermark will print out as well stating : Printed copies are uncontrolled". If a controlled floor copy is required the party responsible for uploading can turn the water mark off and print the hard copy.

Pete