15 Months to Certification: Using SharePoint as the Platform for an ISO 9001 QMS

<<Your Logo>>

NextDocs Confidential

15 Months to Certification: Using SharePoint as the Platform for an ISO 9001 QMS

Barry PetersVice President, Corporate Quality and Compliance

Telerx Marketing

<<Your Logo>>

NextDocs Confidential

Agenda

• Who is Telerx?

• Importance of ISO

• Vendor Selection

• ISO Business Processes

• Lessons Learned

<<Your Logo>>

Who is Telerx?

• Headquartered in Horsham, PA (Philadelphia suburb)• 15th largest US-based multi-channel contact center and BPO• A wholly-owned independent subsidiary of Merck & Co., Inc.• Established in 1980• Over 1,700 employees• Global Locations

– North America– Latin America– Philippines– China– Europe– X@Home– Client Sites

<<Your Logo>>

Who is Telerx (cont’d.)

• Specialists in customer care, customer relationship management, and business process outsourcing

• Focused on Quality & Operational Optimization • Support complex customer interactions for Fortune 500

companies across multiple verticals – Healthcare/Pharmaceutical– Consumer Products – Retail– High-Tech– Luxury

• Awards

<<Your Logo>>

NextDocs Confidential

Importance of ISO9001

• We provide lower cost customer care solutions

• Our clients want assurance that quality is built into the cost structure

• ISO9001:2008 provides independent certification of a working Quality System

• Supports continuous improvement

<<Your Logo>>

NextDocs Confidential

Vendor Selection

• Utilize existing SharePoint infrastructure

• Understand 21 CFR 11

• Low reliance on vendor for configuration changes post launch

• Reference-able in the verticals we serve (pharma, biotech, consumer packaged goods)

<<Your Logo>>

NextDocs Confidential

Product Purchase/Scope

• NextDocs Document Management v3.1• No HR module• Recently upgraded to v3.6• Validation performed in-house

• 1800 employees over 6 sites and 2 countries• 250 actively involved in document lifecycles

<<Your Logo>>

NextDocs Confidential

Toolkit Purchased

Document lifecycles,overlays, numbering

Digital Signature Engine (Arx)

<<Your Logo>>

NextDocs Confidential

ISO Business Processes

• Document Control• Record Control• Change Control• Design and Development of Product• Internal Audit• Non-Conformances• Corrective/Preventive Action (CAPA)

<<Your Logo>>

NextDocs Confidential

Document Control (ISO clause 4.2.3)

<<Your Logo>>

NextDocs Confidential

Overview

• X-Docs supports Telerx controlled document process• X-Docs is used for controlled documents

– Policies– Standard Operating Procedures (SOPs)– Work Instructions

• Provides an audit trail and proper control to view only the current, approved version

• System controlled actions are maintained by document “lifecycles”• System controlled periodic review

A statement of position to achieve a desired outcome

Supports policies by specifying the plan intended to produce a stated outcome.

Ensures the stated outcome either via step by step detail of the responsibilities for the employees doing the job or providing other means of instruction in order to perform a job.

<<Your Logo>>

NextDocs Confidential

Document Lifecycle – Policies and SOPS

Draft Feedback Approval Training Effective Retired

Where documents are authored

Authorized approvers digitally sign the document here

Author acts on task when “training is complete” in this stage

This is the stage where the current approved version sits

Where a document is no longer needed, it is moved to retired

SME and others provide revision suggestions on the document here

Documents move through by “promotion”

<<Your Logo>>

NextDocs Confidential

Document Lifecycle – Work Instructions

Draft Feedback Approval Training Effective Retired

Where documents are authored

Authorized approvers digitally sign the document here

Author works with mngmt. on training needs if required and acts on task when “complete”

This is the stage where the current approved version sits

Where a document is no longer needed, it is moved to retired

SME and others provide revision suggestions on the document here

Documents move through by “promotion”

<<Your Logo>>

NextDocs Confidential

Document Libraries- Applied to Lifecycle

Draft Feedback Approval Training Effective Retired

Lifecycle Stages

Working

Document Libraries

Working Working Training Effective Working

<<Your Logo>>

X-Docs: Unique Features

• Use of folder permissions to assure access and confidentiality

• Review by Compliance Department programmatic by lookup

• Concept of permission steward utilized in workflows

NextDocs Confidential 15

<<Your Logo>>

NextDocs Confidential

Record Control (ISO clause 4.2.4)

<<Your Logo>>

NextDocs Confidential

Record Control

• Utilizing X-Docs (EDMS) for procedures around record control and retention schedules

• Will utilize SharePoint's Information Management Policies to enforce archival and deletion

• Workflow processes invoked based upon record metadata

<<Your Logo>>

Change Control (ISO Clause 6.3)

NextDocs Confidential 18

<<Your Logo>>

Change Control

• To support ISO section 6.3 as well as PCI certification (DSS1.1)• Changes to infrastructure are reviewed for impact prior to their

implementation• Impact analysis and sign-off is documented via electronic signatures and

workflow• Utilize Auto-numbering feature

NextDocs Confidential 19

<<Your Logo>>

NextDocs Confidential

Design and Development (ISO clause 7.3)

<<Your Logo>>

NextDocs Confidential

Design and Development

• Refers to product or service• In Telerx context, this is from RFP to contract• SharePoint used to route internal solutions documents• Uses simple workflow, auto-numbering and automated document status

updates

<<Your Logo>>

NextDocs Confidential

Internal Audit Program (ISO clause 8.2.2)

<<Your Logo>>

NextDocs Confidential

Internal Audit Program• SharePoint and extended features (NextDocs) perform the following

functions– Audit document lifecycles– PDF rendering– Auto-numbering

• Scheduling handled in a SharePoint list with cross reference to non-conformance log for audit findings

<<Your Logo>>

NextDocs Confidential

Internal Audit Program (Reports)

• Can use for audit report lifecycle and internal review

• Additionally, using watermarking, track changes and PDF rendering for automated document control

<<Your Logo>>

NextDocs Confidential

Non-Conformances/CAPA (ISO Clauses 8.3-8.5)

<<Your Logo>>

NextDocs Confidential

Non-Conformances/CAPA

• Non-conformances are issued whenever there is a non-adherence to an approved policy, standard operating procedure or regulation

• Manner to assure continuous improvement.

• Can arise by self-reporting or in the course of an audit (internal or external)

• Investigation, root cause analysis and CAPA planning are recorded in the list item

• On creation, workflow limits permissions on “need to know” due to client confidentiality.

<<Your Logo>>

NextDocs Confidential

Non-Conformance, CAPA and Effectiveness Checks

Self-reported

Auditfinding

NC LogSharepoint List

Assignowner

Develop CAPAplan

PlanComplete

Escalation no

ExecuteCAPA

EffectivenessCheck (EC)

ECOK?

Complete yes

no

<<Your Logo>>

Lessons Learned

• ISO not just window dressing, does support continuous improvement

• Minimize user training with a large implementation (i.e., use existing toolset)

• Over-emphasize process via systems

• Fast follower vs. early adopter

• Support the user community – internal and external!

NextDocs Confidential 28

<<Your Logo>>

Questions

NextDocs Confidential 29