Documentation & Change Controls — §11.10(k)

Documentation Controls and Change Management. Adequate controls shall be maintained over systems documentation, including distribution, access, and use of documentation for system operation and maintenance, in accordance with §11.10(k)(1); and revision and change control procedures shall be maintained to ensure an audit trail that documents time-sequenced development and modification of systems documentation, in accordance with §11.10(k)(2). The organization shall implement the following: (a) all system documentation, including requirements specifications, design documents, validation protocols, standard operating procedures (SOPs), configuration settings, and system administration guides, shall be maintained under formal document control; (b) system documentation shall be reviewed and approved by qualified personnel before being issued for use; (c) access to system documentation shall be controlled to prevent unauthorized modification; (d) a change control process shall be established that requires all changes to Part 11 systems to be formally requested, documented, assessed for impact on the validated state and regulatory compliance, approved by appropriate stakeholders (including the Quality Unit), tested, and verified before implementation; (e) the change control record shall include the description of the change, the reason for the change, the risk and impact assessment, the testing and validation performed, the approval signatures, and the implementation date; (f) emergency changes shall be documented retrospectively within a defined timeframe and shall be subject to the same review and approval process; and (g) a complete revision history shall be maintained for all system documentation, enabling the reconstruction of the time-sequenced development and modification history.