When it comes to authorising and approving procedures do you just type them and bang them out or do you print them and see to it that they get physically signed off?
It really surprises me how many systems I see like the first. There is no evidence of you having taken responsibility for either of these requirements. No names, departments, nothing. When I query this I tend to get told well “I’m the only one who writes them”; “I show them the relevant manager first” or “We can’t wait that long to get them issued”. However, without some accountabilty how do you address the requirement to authorise and approve documentation on issue or amendment?
Now, sometimes I see the authors name typed in and perhaps with a date in the footer of the document which is better than nothing. Strictly speaking though you would have to evidence that the ‘author’ is the only person with access to the system to create and amend documents which is a bit of a faff. However, you still can’t evidence that the process owner has had any input into what is strictly his or her domain.
Far better to include two signatories with the process owner (often the Head of Department) authorising it and the QA person approving it. That way the process owner takes responsibility for releasing information as to what happens on his or her patch. Without that, and I have seen this, you get the response “Well I wasn’t asked about it or shown it before it was issued”. The QA person should approve it so as to run the rule over it for adequate contact and auditability.
Now in this day and age you can obviously have, provided again that suitable control exists, electronic signatures to save the physical printing. Would be interested to know what you do so please share your experiences. More helpful support at the 9001 Support Centre.