Which Wiki Software is ISO9001 Compliant (Document Control)

[Le Chiffre]

Re: I need to know which wikis are ISO9001 compliant

I agree that this sounds interesting. How do you keep unauthorized persons from editing? Permissions? I always thought that Wikis were pretty much open to everyone, but I am not very knowledgeable about them.

The question of unauthorized edits is the first issue when dealing with wikis, and something I had to convince the auditor of.
Firstly, it's easy to restrict users to read-only as that's the default without logging in and creation of an account can be controlled. Logging in is password protected and is used to identify the contributor.

Wikipedia handles mischievous or misguided edits by continuous monitoring and locking potential trouble-spots. I've never locked one of our wiki articles but do habitually select "Recent changes" at least once a day to review updates. Once it's up and running the churn is very manageable.

To implement a "Controlled status" while allowing updates, I tag a reviewed article with a warning banner along the lines of:

WARNING: This wiki page is controlled, you may be viewing a subsequent draft. Follow this link for the most recent controlled version.

I use the wiki's "permanent link" ability to identify the controlled version. This allows the last controlled version to be retrieved or compared with the current.

This sounds interesting. Can someone describe some more about this or where I can go to find out more?

Before you can install MediaWiki you will need to install:

1. IIS or Apache
2. PHP with MySql support
3. MySql

Installing MediaWiki

1. Download Mediawiki from http://www.mediawiki.org/wiki/Download and Unzip it.
2. Copy/Unzip the files to your web site root (c:\Inetpub\wwwRoot\wiki)
3. Setup IIS/Apache to that the default document for this folder is index.php
4. Go to http://localhost/wiki/index.php and follow the first time config directions.
5. Move the generated wiki\config\LocalSettings.php file to its parent folder (wiki\LocalSettings.php).

Edit the LocalSetting.php as needed:

• $wgGroupPermissions['*']['createaccount'] = true;
• $wgGroupPermissions['*']['read'] = true;
• $wgGroupPermissions['*']['edit'] = false;

Useful links:

• http://meta.wikimedia.org/wiki/Help:Installation
• http://meta.wikimedia.org/wiki/Running_MediaWiki_on_Windows
• http://bugzilla.wikimedia.org/

 

[Marc]

Re: I need to know which wikis are ISO9001 compliant

aside: I sort of had the same thought earlier today - someone change a specification - it's an MS Word document - and I thought "If this were a wiki, we'd be able to tell who changed it." We have no way of knowing who made the change or why.

Word does have a 'Track Changes' feature.

I have to admit that prior to this thread I hadn't thought of using mediawiki (or a wiki in general) for document control. Interesting.

Before you can install MediaWiki you will need to install:

1. IIS or Apache
2. PHP with MySql support
3. MySql

Latest version Requires PHP 5, I think, and MySQL 4 or 5. As those of you here know, you can also integrate it into some programs like vBulletin. Instead of editing the LocalSetting.php file, you set user permissions right in vBulletin. An excellent integration.

Also see: The Elsmar Cove Wiki Questions Discussion Thread and Elsmar Cove Quality Assurance BOK (Body of Knowledge) Wiki. I'd love to see more people here use and help in the wiki here. I think it has potential, but editing and such does have a significant learning curve for many people. It's not really 'programming' per se, but it isn't anywhere near as easy as posting in a forum.

 

[KungFuJoe]

Re: I need to know which wikis are ISO9001 compliant

First, let me correct some of the misinformation that is in the thread above. Most notably, that there are wikis that are or are not ISO compliant. While, to my knowledge, no wiki will give you ISO compliance, many will prevent you from achieving ISO status without changes.

What does that mean? The key for using a wiki for document control (and essentially to run your quality system) is the actual document control process. We're actually talking about the configuration management process portion of your document system. Keep in mind that most quality systems specify who may approve and edit processes. In terms of a wiki, you need something that has user access control, and better yet, email notification of pending edits.

For example, consider how a wiki works. You may allow any user to edit any page. Now, people cannot see that change right away. If they can, you're not ISO (or AS, or whatever) compliant, because you've violated the core approval process. A user could see and use a change before it is approved. So, you need your wiki to hold the changed page offline and notify whoever has approval authority. They can then approve (or dissaprove) the change. In my world, which is the aerospace AS9100 world, I absolutely must have a record of who made the change, and who approved the change before any user sees the change. Make sense?

All that said, there are wikis that will work this way.I like dokuwiki (found at dokuwiki dot org) with the monobook skin. It took a lot of coding to implement the approval process, and if you're not competent with PHP, I recommend getting someone involved who is. Dokuwiki is specifically designed for working on documentation, which is what we use it for. However, there are issues with it. It uses a simple wiki language, which means anyone working on it will need to learn that language. Second, it's a wiki, so documents will no longer have that professional formatting and look that a Word document has. I merely mention these as FYIs. They may or may not matter to you.

Additionally, I would recommend something called myDMS (find it over at SourceForge). It's simple, and implements the change/approval/notification process very well. It's targeted at a smaller group of users, but it's dead simple and will work great for what it's designed for.

I initially looked at mediawiki (which runs wikipedia), and couldn't make it work the way I needed. Since then, there have been many document approval extensions released, somewhat alleviating my initial problems. Mediawiki will not work unless you add an extension of some kind to handle the approval process. Keep in mind that mediawiki is a beast, and like WordPress, you can find people who make their living working on it and only it. That's a warning about complexity, by the way. I'm not saying stay away, just be aware of what you're getting into.

A huge bonus for almost any wiki comes during audit time, when you can click a button to generate a listing of every page that's changed, along with approvals, differences, etc... That's a nice feeling rather than having to hunt through a file cabinet for changes to every file.

Wikis definitely have their strengths, but keep in mind their weaknesses as well.

Think like your auditor. What are the requirements of a document control system? Does the wiki I'm looking at support these requirements?

Hope this is helpful. Feel free to contact me with any questions.

 

[Le Chiffre]

Re: I need to know which wikis are ISO9001 compliant

Thanks for the explanation and your examples help, but:

For example, consider how a wiki works. You may allow any user to edit any page. Now, people cannot see that change right away. If they can, you're not ISO (or AS, or whatever) compliant, because you've violated the core approval process. A user could see and use a change before it is approved. So, you need your wiki to hold the changed page offline and notify whoever has approval authority.

Visibility of draft documents is not a violation of the approval process, it's transparency. Provided that the document status is obvious to the reader. Look at the amount of draft documents available from national regulators.

I have a simple system with MediaWiki that indicates whether the article is draft or controlled. When coming across a draft, there's always the option to refer back to the last controlled version if necessary. One of the great advantages of developing documents in a Wiki is that everyone has visibility of new developments as they occur and have the chance to provide their input before it gets approved. This matches Agile development methodologies better as feedback can be gained from all interested parties before decisions become irreversible.

 

[Pancho]

Re: I need to know which wikis are ISO9001 compliant

Further to LeChiffre's good comments, many wikis have "workflow" functionality and can implement the traditional draft-edit-approve-publish model, where each of the activities is done by a different person.

But such model is not required by the standard. And forcing that model when not required pours molasses on the documentation process. Approval can be done by the same person that edits a document if that person is competent to do so.

We don't use the workflow functionality. Our procedure for reviewing-updating and re-approving documents calls for the person that edits the document to judge herself to be competent to do so, and empowers her to approve her own change. The responsibility that comes with empowerment and wiki's history-log feature eradicate malice and incompetence.

Further, we found much more common the situation where a bad document was used because a required change had not been made (before the wiki), than the current possible situation where a bad document is used because a change made was incorrect.

Our procedure also calls for the person that detects a problem in a document to use our CAR mechanism if he is not certain of the correction required. Plus whenever a change is made to a document, a notification is sent to the process owner, who performs an asynchronous second review and approval.

The procedure has worked quite well. In over a year of using this procedure and hundreds of thousands of edits we have had a negligible count of reversals, and the documentation has improved at a speed orders of magnitude faster than before the wiki.

There may be some companies where the above is truly too risky. Not ours.

 

[KungFuJoe]

Re: I need to know which wikis are ISO9001 compliant

I'd like to address a few of these comments.

Further to LeChiffre's good comments, many wikis have "workflow" functionality and can implement the traditional draft-edit-approve-publish model, where each of the activities is done by a different person.

This might be true today. When I was looking about a year ago, virtually no wiki had the proper requirements for the workflow process, as we needed them.

But such model is not required by the standard. And forcing that model when not required pours molasses on the documentation process. Approval can be done by the same person that edits a document if that person is competent to do so.

This is, to me, a point of contention. Section 4.2.3 Control of Documents states that a documented procedure be in place to approve documents for adequacy prior to issue. It might just be that since I'm registered under AS9100, my auditors take a much stricter interpretation of this sentence than yours. I would say that one person's opinion cannot constitute a review. Furthermore, I would argue that somewhere in a factory setting, if an employee can get a hold of a draft procedure and use it as if it were the approved procedure, they will. Maybe this is just Murphy's law for me.

Additionally, we're registered under both the GE P3TF21 and Pratt & Whitney ASQR-01 quality systems, both of which prohibit this sort of thing. When you deal with life and safety critical items like we do in the aerospace industry, one person's judgement does not equate to a "review".

We don't use the workflow functionality. Our procedure for reviewing-updating and re-approving documents calls for the person that edits the document to judge herself to be competent to do so, and empowers her to approve her own change. The responsibility that comes with empowerment and wiki's history-log feature eradicate malice and incompetence.

This is your choice, and as long as your auditor is fine with it, and more importantly, it works for you, which it must, this is great. I suppose that the overarching intention of the ISO standard is to help your business, not to proscibe a business model that hinders you in any way.

We average maybe 10 to 12 work instruction edits a year. Our processes might as well be grooved into stone tablets. As you seem to have orders of magnitude more edits than we due, a wiki's ease of editing makes more even sense for you.

Additionally, it hasn't been mentioned yet, but one of the biggest advantages of a wiki for my group, at least, is the search feature. We have a little over 25,000 pages of work instructions. Searching for keywords is now much easier than when we used Word or PDF documents. Additionally, hyperlinking is huge for us. People on the shop floor are able to move through documents with ease, come to a process they require clarification on, and click on embedded movies, pictures, or reference materials. Truly a huge efficiency boost.

So, I'm certainly not trying to be contentious or negative. I'm merely pointing out a potential pitfall. However, given the overwhelming amount of positive features that come from implementing a wiki, I wholeheartily recommend it.

 

[Stijloor]

Re: I need to know which wikis are ISO9001 compliant

Friends!

Great discussion! Lovin' it.

Stijloor.

 

[Pancho]

Re: I need to know which wikis are ISO9001 compliant

Indeed, Stijloor, quite enjoyable.

We average maybe 10 to 12 work instruction edits a year...
We have a little over 25,000 pages of work instructions.

Very impressive. I hope one day we can achieve a fraction of that level of perfection in our documents. Maybe with the wiki and all the editing...

So, I'm certainly not trying to be contentious or negative. I'm merely pointing out a potential pitfall. However, given the overwhelming amount of positive features that come from implementing a wiki, I wholeheartily recommend it.

I understand. It is enlightening to read other viewpoints. Our co-Cover Machrk pointed out in another discussion that in addition to risk and maturity of documentation, the size of the company also influenced the editing procedure. (We are working on that one also. ) And we definitely agree on the wiki benefits.

 

[CottonS]

Re: I need to know which wikis are ISO9001 compliant

This has been very interesting. We have most of our information in an Index (excel) and then hyper-linked to each document. Revision number and date, responsibility, and what kind of document it is is all in the index. The index is read-only and locked so no one can edit it with out the password, which I have. All of the documents that are on the index are locked so the documents can not been changed. The drive that all the files are on can not be accessed by floor team members but they can access the documents through the hyper-linked. We are not ISO yet, but moving that way. I did pass audit by a customer this week with this system.
I will look into the wiki information and see if this will help us out. I am hoping to have ISO certification by the end of this year. This company has never had an audit and I have been there 6 months and had to build the system from scratch with minimal resources.
I am proud to say that they found three minors that are now fixed during the audit.
I have learned so much from this site. Thank you to everyone who writes and give advice for all of us to see.

 

[John Broomfield]

Re: I need to know which wikis are ISO9001 compliant

Indeed, Stijloor, quite enjoyable.



Very impressive. I hope one day we can achieve a fraction of that level of perfection in our documents. Maybe with the wiki and all the editing...



I understand. It is enlightening to read other viewpoints. Our co-Cover Machrk pointed out in another discussion that in addition to risk and maturity of documentation, the size of the company also influenced the editing procedure. (We are working on that one also. ) And we definitely agree on the wiki benefits.

Pancho,

I understand a significant expense of running a public wiki is protecting it from vandalism.

Do you see the wiki approach to standards-making as feasible?

Contributors, whose input is accepted, may then be able to use the standards for free.

It could widen inputs to standards beyond those who work for large companies and can afford the travel costs for TC176 meetings for example.

Does anyone know of any examples of standards-making (and maintenance) by wiki?

John