15 Months to Certification: Using SharePoint as the Platform for an ISO 9001 QMS
Post on 25-May-2015
5303 Views
Preview:
Transcript
<<Your Logo>>
NextDocs Confidential
15 Months to Certification: Using SharePoint as the Platform for an ISO 9001 QMS
Barry PetersVice President, Corporate Quality and Compliance
Telerx Marketing
<<Your Logo>>
NextDocs Confidential
Agenda
• Who is Telerx?
• Importance of ISO
• Vendor Selection
• ISO Business Processes
• Lessons Learned
<<Your Logo>>
Who is Telerx?
• Headquartered in Horsham, PA (Philadelphia suburb)• 15th largest US-based multi-channel contact center and BPO• A wholly-owned independent subsidiary of Merck & Co., Inc.• Established in 1980• Over 1,700 employees• Global Locations
– North America– Latin America– Philippines– China– Europe– X@Home– Client Sites
<<Your Logo>>
Who is Telerx (cont’d.)
• Specialists in customer care, customer relationship management, and business process outsourcing
• Focused on Quality & Operational Optimization • Support complex customer interactions for Fortune 500
companies across multiple verticals – Healthcare/Pharmaceutical– Consumer Products – Retail– High-Tech– Luxury
• Awards
<<Your Logo>>
NextDocs Confidential
Importance of ISO9001
• We provide lower cost customer care solutions
• Our clients want assurance that quality is built into the cost structure
• ISO9001:2008 provides independent certification of a working Quality System
• Supports continuous improvement
<<Your Logo>>
NextDocs Confidential
Vendor Selection
• Utilize existing SharePoint infrastructure
• Understand 21 CFR 11
• Low reliance on vendor for configuration changes post launch
• Reference-able in the verticals we serve (pharma, biotech, consumer packaged goods)
<<Your Logo>>
NextDocs Confidential
Product Purchase/Scope
• NextDocs Document Management v3.1• No HR module• Recently upgraded to v3.6• Validation performed in-house
• 1800 employees over 6 sites and 2 countries• 250 actively involved in document lifecycles
<<Your Logo>>
NextDocs Confidential
Toolkit Purchased
Document lifecycles,overlays, numbering
Digital Signature Engine (Arx)
<<Your Logo>>
NextDocs Confidential
ISO Business Processes
• Document Control• Record Control• Change Control• Design and Development of Product• Internal Audit• Non-Conformances• Corrective/Preventive Action (CAPA)
<<Your Logo>>
NextDocs Confidential
Document Control (ISO clause 4.2.3)
<<Your Logo>>
NextDocs Confidential
Overview
• X-Docs supports Telerx controlled document process• X-Docs is used for controlled documents
– Policies– Standard Operating Procedures (SOPs)– Work Instructions
• Provides an audit trail and proper control to view only the current, approved version
• System controlled actions are maintained by document “lifecycles”• System controlled periodic review
A statement of position to achieve a desired outcome
Supports policies by specifying the plan intended to produce a stated outcome.
Ensures the stated outcome either via step by step detail of the responsibilities for the employees doing the job or providing other means of instruction in order to perform a job.
<<Your Logo>>
NextDocs Confidential
Document Lifecycle – Policies and SOPS
Draft Feedback Approval Training Effective Retired
Where documents are authored
Authorized approvers digitally sign the document here
Author acts on task when “training is complete” in this stage
This is the stage where the current approved version sits
Where a document is no longer needed, it is moved to retired
SME and others provide revision suggestions on the document here
Documents move through by “promotion”
<<Your Logo>>
NextDocs Confidential
Document Lifecycle – Work Instructions
Draft Feedback Approval Training Effective Retired
Where documents are authored
Authorized approvers digitally sign the document here
Author works with mngmt. on training needs if required and acts on task when “complete”
This is the stage where the current approved version sits
Where a document is no longer needed, it is moved to retired
SME and others provide revision suggestions on the document here
Documents move through by “promotion”
<<Your Logo>>
NextDocs Confidential
Document Libraries- Applied to Lifecycle
Draft Feedback Approval Training Effective Retired
Lifecycle Stages
Working
Document Libraries
Working Working Training Effective Working
<<Your Logo>>
X-Docs: Unique Features
• Use of folder permissions to assure access and confidentiality
• Review by Compliance Department programmatic by lookup
• Concept of permission steward utilized in workflows
NextDocs Confidential 15
<<Your Logo>>
NextDocs Confidential
Record Control (ISO clause 4.2.4)
<<Your Logo>>
NextDocs Confidential
Record Control
• Utilizing X-Docs (EDMS) for procedures around record control and retention schedules
• Will utilize SharePoint's Information Management Policies to enforce archival and deletion
• Workflow processes invoked based upon record metadata
<<Your Logo>>
Change Control (ISO Clause 6.3)
NextDocs Confidential 18
<<Your Logo>>
Change Control
• To support ISO section 6.3 as well as PCI certification (DSS1.1)• Changes to infrastructure are reviewed for impact prior to their
implementation• Impact analysis and sign-off is documented via electronic signatures and
workflow• Utilize Auto-numbering feature
NextDocs Confidential 19
<<Your Logo>>
NextDocs Confidential
Design and Development (ISO clause 7.3)
<<Your Logo>>
NextDocs Confidential
Design and Development
• Refers to product or service• In Telerx context, this is from RFP to contract• SharePoint used to route internal solutions documents• Uses simple workflow, auto-numbering and automated document status
updates
<<Your Logo>>
NextDocs Confidential
Internal Audit Program (ISO clause 8.2.2)
<<Your Logo>>
NextDocs Confidential
Internal Audit Program• SharePoint and extended features (NextDocs) perform the following
functions– Audit document lifecycles– PDF rendering– Auto-numbering
• Scheduling handled in a SharePoint list with cross reference to non-conformance log for audit findings
<<Your Logo>>
NextDocs Confidential
Internal Audit Program (Reports)
• Can use for audit report lifecycle and internal review
• Additionally, using watermarking, track changes and PDF rendering for automated document control
<<Your Logo>>
NextDocs Confidential
Non-Conformances/CAPA (ISO Clauses 8.3-8.5)
<<Your Logo>>
NextDocs Confidential
Non-Conformances/CAPA
• Non-conformances are issued whenever there is a non-adherence to an approved policy, standard operating procedure or regulation
• Manner to assure continuous improvement.
• Can arise by self-reporting or in the course of an audit (internal or external)
• Investigation, root cause analysis and CAPA planning are recorded in the list item
• On creation, workflow limits permissions on “need to know” due to client confidentiality.
<<Your Logo>>
NextDocs Confidential
Non-Conformance, CAPA and Effectiveness Checks
Self-reported
Auditfinding
NC LogSharepoint List
Assignowner
Develop CAPAplan
PlanComplete
Escalation no
ExecuteCAPA
EffectivenessCheck (EC)
ECOK?
Complete yes
no
<<Your Logo>>
Lessons Learned
• ISO not just window dressing, does support continuous improvement
• Minimize user training with a large implementation (i.e., use existing toolset)
• Over-emphasize process via systems
• Fast follower vs. early adopter
• Support the user community – internal and external!
NextDocs Confidential 28
<<Your Logo>>
Questions
NextDocs Confidential 29
top related