Document Management
A document
management system is a system (in
the case of the management of digital documents based on computer programs)
used to track and store documents. It is usually also capable of keeping track
of the different versions modified by different users (history tracking). The
term has some overlap with the concepts of content
management systems. It is often viewed as a component of enterprise content management (ECM) systems and related to digital asset management, document imaging, workflow systems and records management systems.
A food safety management system needs to be documented.
This means any organization who is intended to have a ISO 22000 food safety
management system must have, as a minimum, a written food safety policy and
related objectives, the procedures and records required by ISO 22000 standard and
any other documents that you might need to ensure the effective development,
implementation and updating of the food safety management system.
The documentation provides complete history of operations
carried out on a system whether they relate to documents or user accounts.
Typical history information that may be required is:
Who reviewed a document?
What were their comments?
When was the document approved?
Which customers received this version of the document?
With traceability such an important aspect of ISO 22000
this feature provides an invaluable mechanism for making such history
information readily available to all users.
Inform Users of Document Changes.
Inform the user of a new document release.
Notify them that a document has been updated and requires
their review.
Remind the user that they have a document requiring their
review if the requested review date has passed.
Request for their approval of a document for release and notify
a user that a document has been withdrawn and is no longer available.
Users may also take actions such as “putting a watch” on a
particular document that they care about such that if it is updated they are
notified.
It is mandatory to guard against over-complicating the
documentation and it will be a good idea to invest some time in carefully
researching what your organization will need. The organization or its staff may
require some training. Many of the certification bodies have posted information
on their Web sites that will assist you in understanding the basic concepts of
documentation. At this time, most of these will be written from either the ISO
9001 (Quality management) or the ISO 14001 (Environmental management)
perspective, but the basic principles will also apply to the ISO 22000 food
safety management system.
Documentation should be seen as a tool to help your employees
do their jobs properly. It should not be seen as a burden or needless expense.
There are some simple questions that you can ask yourself, to determine whether
or not the documents or the words in a document add value to your management
system:
- Does anyone really need this document or read this section of the document?
- Does proper performance of the activity affect the safety of the product, service or process?
- What is the cost if an activity is not done correctly? Some of the costs include the cost of reworking a product, the cost of recalling a product because of a food safety hazard, and the cost of litigation if customers become sick because of a food safety incident in the marketplace. The costs can be major for any size business. For example, a product recall can cost a food processor several millions of -dollars.
- Is a statement or document really necessary? Is the same requirement addressed elsewhere? Can I just include a reference?
- Is a document just mumbo-jumbo that really doesn’t tell anyone anything? Do I understand it and will my employees understand it?
- Am I really reviewing this document or am I just signing it, hoping that other people review the document to ensure its accuracy?
Typically, if an activity is not performed on a regular
basis, there is a need to document it. The amount of documentation can be
reduced through training and education (Example: Sanitize the counter).
ISO 22000 states that a food business must have the
documents required for the development, implementation and updating of its food
safety management system.
Although following the analysis we will have a
comprehensive view of which the required documents are. Once identified these
documents it will be necessary to analyze in which process they should be
generated, and how they should be handled, studying the procedures and
responsibilities associated with their management. That is, document processes
must be defined. In this respect ISO needs defining how documents will be
created, and how they will be approved before being issued, and explaining how
further review will be carried out to ensure their updating. These three
elements are the key document processes: creation, approval and review.
In addition, the Standard states that a written procedure
must be defined to establish:
Documents
Identification
Documents must incorporate some type of control to allow
its clear identification.
Storage
The organization must define a plan to file/store all the
relevant generated documents.
Security
Documents, depending on their format and way of storage,
must require the implementation of protection methods, for instance, the
generation of back-up copies.
Retrieval
Documents are
created to be used, or potentially used, in the future. When retrieval of
documents is complex, specific retrieval methods must be implemented.
Retention
period
Documents contain information on past facts that can be
meaningless and useless in the future. The organization must define how long
documents must be preserved.
Disposition
The term refers to the order arrangement and distribution.
This requirement is closely related to the storage. The organization shall
define in writing those management and distribution methods that are needed to easily
locate documents.
The documentation requirements of management systems are
often illustrated using a pyramid, as in Figure 1, with a series of levels,
usually numbered from the top, 1-4.
Figure 1 – Documentation
Level
1 – requirements are the policy statements.
Level
2 – describes your procedures.
A documented procedure should cover the following key
elements:
Title
– to clearly identify it;
Purpose
– to explain why the procedure exists (this
may be written in the standard itself);
Scope
– to describe what the procedure covers and
its application (i.e. every product, service, department or document this
procedure applies to);
Responsibility
– to clearly set out “who” is responsible;
Activities
– a clear description of actions covered by
the procedure (i.e. the what is to be done as well as the when, where and how);
Records
– if any, required;
Record
of revision – this section should include
“what” or “where” the change occurred, the new revision and the approvals.
Documented
Procedures
ISO 22000 states that you must have documented procedures
for:
Control of documents;
Control of records;
Potentially unsafe products;
Corrections;
Corrective actions;
Withdrawals;
Internal audits;
Level
3 – Work Instructions
Level 3 refers to work instructions. These should describe
how a procedural step is performed by one job title or function. They should
include the “action(s)” and the “record of revision”. Start work instructions
with a verb2. There is no need to state responsibility since this is already
set out in the procedure. If you are writing a work instruction where there are
different people responsible for different tasks, then this document, or a
portion of it, should be in a procedure.
Level
4
Level 4, documentation, includes forms, checklists, flow
charts, templates, “data collection” documents, other job aids (e.g. signs) and
records. There tends to be some confusion between documentation and records.
Documents provide a description on how to do an activity. Records are a special
type of document that are to be established, maintained and controlled to
provide evidence of conformity to requirements and evidence of the effective
operation of your food safety management system. Records must be legible,
readily identifiable and retrievable. They provide a history, to demonstrate
that you have followed your documentation descriptions.
As your organization develops its ISO 22000 food safety management
system, it will be required to carefully document its activities. These will
include the written food safety policy and related objectives, your procedures
and the required records as noted above. However, the scope of the required
documentation is much broader. For example, in establishing your control
measures you are required to document your hazard assessment and your hazard
analysis, including the decision-making process and the selection of control
measures. Your organization will also have to document the validation of your
system and its verification activities. The work of the food safety team and
the management review also require documentation.
Document
Control
Understanding all the requirements for documentation and
establishing a process to ensure that your organization initiates and maintains
the required documentation should be one of the first tasks undertaken once you
decide to start to develop a food safety management system. The documents
related to the ISO 22000 food safety management system must be controlled to
ensure that they are approved prior to issue, reviewed and updated as
necessary, properly identified and available where and when needed, legible,
etc. This facilitates their use and prevents the unintended use of obsolete
documents.
Your business will not only need to document its policies
and procedures but it will have to have in place a procedure for controlling
its documentation, including records. Food safety management systems will
change over time, as will the people doing the activity. Therefore, one reason
for controlling documents is to ensure that the individual using the document
has the most recent version of the document.
Part of document control ensures that all the proposed
changes are reviewed prior to implementation so you can determine their effects
on food safety and their impact on your management system. This procedure will
cover the controls/processes for:
Approval of documents for adequacy, prior to use;
Reviewing and updating documents (and re-approval);
Identification of all changes to and the current revision
status of the document;
Availability of the current version, at points of use;
Ensuring that documents are legible and readily
identifiable;
Identifying documents of external origin and controlling their
distribution;
Preventing the unintended use of obsolete documents and, if
they are retained, ensuring that they are suitably identified.
Records
Records are a special type of document that provides
evidence of conformity to requirements and of the effective operation of the
food safety management system. They need to be legible, readily identifiable
and retrievable. They are defined as “stating results achieved or providing
evidence of activities performed”. Some examples might include evidence of the
work of your food safety team, the decisions from your management review, the
results of internal or external audits, the paper or electronic output of
monitoring equipment, etc. ISO 22000 food safety management system does not
limit the format of either documents or records but it does require that
records be legible, readily identifiable and retrievable. This means they can
be on paper, electronic or in picture or other illustrative formats. You will
need to have a procedure to define how you plan to identify, store, protect,
retrieve and dispose of records. This procedure must define the retention times
for various records. These times may be set by statute or regulation. When
deciding on retention times you must consider the food safety aspects of the
record and, as a minimum, define the retention time in relation to your
product’s intended use and expected shelf-life.
No comments:
Post a Comment