Jump to content

  • Quick Navigation
Photo
- - - - -

Validation of Document control - Electronic


  • You cannot start a new topic
  • Please log in to reply
6 replies to this topic

Agrumeambu

    Grade - AIFSQN

  • IFSQN Associate
  • 36 posts
  • 10 thanks
8
Neutral

  • Canada
    Canada

Posted 22 May 2019 - 02:07 PM

Hello !

 

We are in the process of switching to paperless for all our forms and such. I am able to do a validation and internal audit of our documents and archives control, but I am having a bit of issues to see how I could prove that the paperless system is secure, protected and data cannot be changed after it is submitted. We are with SQF, level 2.

 

Anyone have some insight on how to do this ? Or if you are paperless now, how do you prove to your auditor that the documents are compliant to :

 

2.2.2.1 The methods and responsibility for maintaining document control and ensuring staff have access to current documents shall be documented and implemented.
2.2.2.3 Documents shall be safely stored and readily accessible.
 
2.2.2.1 is somewhat easy to prove as they only have access to current documents via tablets. As for 2.2.2.3, they will be safely stored as all tablets will require a NIP that only trained employees will receive, they won't be able to amend/delete any form (Through our app software) and as soon as it is submitted it cannot be changed again on their end and it is emailed as a PDF and kept on the software plaftorm. Afterwards, I am placing all PDFs in our server, so they can be easier to find (By month / week).
 
I am a bit lost as to how validate / internal audit that part...
 
Thank you for all your help !
 
Julie


Sweet'n'low

    Grade - MIFSQN

  • IFSQN Member
  • 105 posts
  • 15 thanks
12
Good

  • United States
    United States
  • Gender:Male

Posted 22 May 2019 - 05:16 PM

If you are going paperless, I would assume IT would have to be involved in some way. IT would also be able to encrypt or set specific parameters for document viewing. (i.e. someone from another department will not have access to your files, and vice versa). 

 

A way to audit and verify that document control is happening would be to try to access specific documents from an external source. 

 

If your IT is not involved, then whomever is responsible for your server would be the person to go to in regards to documentation privacy changes. 

 

Hope this helps. 



mgourley

    Grade - FIFSQN

  • IFSQN Fellow
  • 1,278 posts
  • 950 thanks
214
Excellent

  • United States
    United States
  • Gender:Male
  • Location:Plant City, FL
  • Interests:Cooking, golf, firearms, food safety and sanitation.

Posted 22 May 2019 - 09:23 PM

What are you using for your paperless documents?

 

Marshall



Agrumeambu

    Grade - AIFSQN

  • IFSQN Associate
  • 36 posts
  • 10 thanks
8
Neutral

  • Canada
    Canada

Posted 23 May 2019 - 10:24 AM

Hello !

 

We are trying out GoCanvas. So far I really like them. They are a bit more expensive than the other companies, but they offer more.

 

We are a very small company, so we don't have an IT department on site... I will however check with the technician that usually comes when we have issues, see if he has a way to encrypt it for the outside of the company.

 

Thank you !



Sweet'n'low

    Grade - MIFSQN

  • IFSQN Member
  • 105 posts
  • 15 thanks
12
Good

  • United States
    United States
  • Gender:Male

Posted 23 May 2019 - 08:31 PM

Hello !

 

We are trying out GoCanvas. So far I really like them. They are a bit more expensive than the other companies, but they offer more.

 

We are a very small company, so we don't have an IT department on site... I will however check with the technician that usually comes when we have issues, see if he has a way to encrypt it for the outside of the company.

 

Thank you !

Out of curiosity, as small as your company is, does your own personnel take care of landscaping, if there is any? And by landscaping i mean cutting grass, pulling and spraying weeds, and trimming hedges? 



Agrumeambu

    Grade - AIFSQN

  • IFSQN Associate
  • 36 posts
  • 10 thanks
8
Neutral

  • Canada
    Canada

Posted 24 May 2019 - 10:25 AM

Good morning kkalpakidis !

 

A few years ago we used to do it in-house. We usually have a day or two within the week where production is lower, so we used to take care of landscaping. Production picked up, so now we no longer have the time so we have an external company do it. We still, however, take care of our own office cleaning (dust, floors, etc.).

 

Have a good day !



LostMyMind

    Grade - MIFSQN

  • IFSQN Member
  • 91 posts
  • 60 thanks
29
Excellent

  • United States
    United States
  • Gender:Male

Posted 24 May 2019 - 12:10 PM

Hey,

 

I don't have any experience with this audit scheme, but spent a long time in the IT industry.  Maybe some of these approaches might be useful to you.

 

1.) The provider (Go Canvas) will have a disaster recovery (DR) plan in place.  You should be able to point to that for the 2.2.2.3 section.  Most of these "cloud" providers use Amazon Web Services (or Microsoft's Azure) so they would just likely point to that, but you can just ask them who they are hosted on/by and probably get some documentation on that entity's DR efforts via google.  It's a fairly common question for someone like GoCanvas to answer (They may have info about it online). 

 

2.) For electronic storage in house, typically in manufacturing only a few people have PCs and those are password protected, so you can say that the access is both limited and secured.  If you have your own data backed up off-site somehow (and you should) then you can point to that as well.  

 

3.) PDF's themselves are generally considered secure, although it is possible to break them, but since you would have data stored via Go Canvas and locally, you would bypass any concerns for that.  And that's being darn nit-picky.  

 

4.) Because you are relying on online forms, document control becomes a non-issue.  If you make a change to the underlying design, it is immediately reflected in any subsequent submissions.

 

I wouldn't stress out too much about the security given how you have described how it works.  I cannot see a Food Safety auditor being that IT savvy as to try and nit-pick you around hypothetical risk in this area. 

 

"We use this online provider.  They use this hosting service who has these disaster recovery capabilities and services.  We also store copies locally with our own off-site storage/DR plan.  Our local document storage is controlled this way.  The documentation itself is in PDF format and cannot be changed after submission.  Finally, the forms themselves (being online) automatically provide document control." 

 

Anyway, maybe something of value is buried in here.  Hope the transition goes well.

 

Good luck,

Todd



Thanked by 1 Member:



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users