1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Control of Documented Information Using Google Docs

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by PaulK, May 2, 2016.

  1. PaulK

    PaulK Member

    Joined:
    Sep 11, 2015
    Messages:
    5
    Likes Received:
    1
    Trophy Points:
    2
    Looking for advice regarding control of documented information (7.5.3) and the use of Google Docs. Is anyone using Google? Does it work? I know it will track changes but I'm not sure that will satisfy 7.5.3.2 c) control of changes (e.g. version control).

    Or, maybe asked another way under 2008, Control of Documents-has anyone successfully navigated through a Surveillance audit Control of Documents with no control number, rev level and date?

    Thanks.
     
  2. normzone

    normzone Well-Known Member

    Joined:
    Aug 3, 2015
    Messages:
    137
    Likes Received:
    77
    Trophy Points:
    27
    Ooh, interesting question. I don't have any answers, but I'll watch with interest.

    As a younger generation of auditors emerges, more understanding of and trust in software is emerging.
     
  3. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    It has been awhile since I worked with it, but I expect one could move a document to an archive location.

    Of equal importance is risk of loss. Google Docs looks great but I have never, ever had a client say they have received information from them regarding what to do if clicking on the thing one day and "poof!" the document is gone.

    I have, however had a client say one of their documents disappeared.

    When asking for a retrieval procedure a few years back, Google sent the IT guys what looked like a flyer explaining that they had redundant backups, etc. But that is not what I had asked for. It proved to be a dead end.
     
    pkfraser likes this.
  4. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    Since ISO 9001:2015 promotes risk-based thinking, data stored in the cloud or web-based storage should be cautiously considered. Risks can include hacking, seizure by government, data capture, web viruses, storage company can also access your data, etc.
     
  5. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Hey! Careful now!
     
  6. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    Yes, as Andy said: Careful! Being younger could help an auditor come ready with a wider knowledge of alternatives, but considering risk of loss is still important. I can offer that it never seemed to enter the minds of the IT people I was dealing with at the time.
     
  7. MarkMeer

    MarkMeer Well-Known Member

    Joined:
    Dec 3, 2015
    Messages:
    138
    Likes Received:
    62
    Trophy Points:
    27
    FYI: related thread regarding the use of cloud-based applications for Quality System purposes:
    http://www.qualityforumonline.com/f...ware-rule-out-cloud-based-apps.652/#post-5819

    I've undergone a ISO 13485:2003 surveillance audit with some of our spreadsheets based in Google Sheets, with no comments from the auditor.
    ...however, I suspect it all depends on the auditor. And, moving forward, it seems as though there is increasing emphasis on validation of QMS software, so we'll see....

    How does using Google Docs rule out control numbers, rev levels and dates?
     
  8. MarkMeer

    MarkMeer Well-Known Member

    Joined:
    Dec 3, 2015
    Messages:
    138
    Likes Received:
    62
    Trophy Points:
    27
    Here's how we do it:
    1. All docs have ID, version, and date in the header.
    2. There is a controlled version, which only authorized individuals have permission to edit (it's read-only to everyone except QA).
    3. When changes are to be made, a draft copy is created (with ID, updated version, and "DRAFT" in the date field), and write-permissions are granted to all anyone who is involved in changes.
    4. Once the draft is approved, the effective date is added, the permissions are changed so the draft becomes read-only, and the old version is archived by moving to a folder with viewing permissions so no-one can see access it except QA (or other authorized admin accounts).
     
    Jamie Lill likes this.
  9. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    It's a good question. Some pretty effective document management doesn't need those things ON the document...