Quality Assurance Testing

This topic is part of the SG Systems Global regulatory & operations glossary.

Updated December 2025 • System & Product Verification • QA, QC, Validation, IT, Operations

A Document Control SOP is the primary procedure that explains, step by step, how an organization controls its quality-critical documents and records: how they are created, reviewed, approved, issued, revised, and archived. It operationalizes the site’s Document Control Plan and is one of the most frequently requested SOPs in any audit or inspection. In regulated manufacturing, the Document Control SOP sits at the root of the QMS: if this SOP is vague, inconsistent, or not followed, you can expect findings on batch records, training, CAPA, validation, and data integrity to follow.

“The Document Control SOP is the ‘how’ behind every other SOP—if you get this wrong, everything else is negotiable in the worst possible way.”

1) Purpose & Scope of a Document Control SOP

A well-written Document Control SOP should clearly answer:

• Why document and record control are needed (regulations, standards, internal risk).
• What types of documents and records are in scope (policies, SOPs, WIs, forms, batch records, specs, templates, electronic records).
• Where they are controlled (eQMS, MES, WMS, LIMS, ERP, and physical archives).
• Who is responsible (authors, reviewers, approvers, document control, QA, IT).
• How they are created, changed, distributed, and retired.

Anything not covered here will be filled in by local improvisation—and that’s exactly what inspectors look for.

2) Document Types & Classification Rules

The SOP should define a simple taxonomy for controlled documents, for example:

• Policies and manuals (top-level intent and framework).
• Standard Operating Procedures (SOPs) – “what” and “who”.
• Work Instructions (WIs) – detailed “how” at the line or screen.
• Forms and templates (training forms, log sheets, checklists).
• Master records (MBR/DMR, label specs, test methods, BOMs/recipes).
• Quality agreements and controlled external documents.

Each type should have specific rules for ID format, structure, minimum content, and approval levels—typically summarized in the SOP or referenced annexes.

3) Roles, Responsibilities & Authorities

The Document Control SOP must spell out who can do what:

• Authors: subject-matter experts who draft or revise content.
• Reviewers: technical, QA, regulatory, and cross-functional reviewers as needed.
• Approvers: final sign-off authorities (often including QA for GMP/ISO-critical documents).
• Document Control / QA: administer document numbering, status changes, distribution, and archiving; ensure adherence to the SOP.
• IT / System Owners: manage configuration of eQMS/MES/WMS/LIMS/ERP relative to document and record control.

Independence is key: QA or an independent quality function should have veto rights on quality-critical documents and changes.

4) Numbering, Naming & Versioning

A solid Document Control SOP describes a consistent scheme for identifiers and versions:

• Document IDs (e.g., QA-SOP-001, PRD-WI-023, LAB-TM-010) that encode function and type.
• Versioning rules (major vs minor revisions; how versions are displayed and referenced).
• Naming conventions that keep titles unique, descriptive, and searchable.
• Rules for “uncontrolled copies” and printed extracts.

Numbering is trivial until you have 3,000+ documents and two different “SOP-001s” for different departments. The SOP is where you prevent that mess.

5) Document Lifecycle Procedures

The heart of the Document Control SOP is the lifecycle workflow. It should define, in detail, how to:

• Create: initiate new documents using approved templates; capture rationale (CAPA, risk, project, regulatory change).
• Review: route drafts to reviewers with clear criteria (technical accuracy, regulatory alignment, clarity).
• Approve: obtain signatures (often electronic) from defined roles; QA approval for GMP/ISO documents.
• Issue: set effective dates, publish to the correct locations, remove or flag superseded versions.
• Train: trigger training tasks in the QMS; ensure training is completed by effective date where risk warrants.
• Revise: manage updates under MOC where needed; link revisions to CAPA, risk, and regulatory drivers.
• Archive: move superseded documents to controlled archives with defined retention.

Flowcharts or swim-lane diagrams in an annex are often the easiest way to make this clear for auditors and users.

6) Controlled Records & Data Integrity

A Document Control SOP should treat records with equal seriousness:

• Define which records are controlled (batches/eDHR/eBR, training, deviations, CAPA, audits, calibration, validation, risk assessments).
• Specify where records are generated and stored (paper forms, QMS workflows, MES/WMS transactions, LIMS).
• Instruct on completion, corrections, and error handling for paper records (no obliteration; single-line strikeout, initials, date, reason).
• Reference electronic expectations: ALCOA(+), Audit Trails, e-signatures, backups, and access control.
• Define retention times and retrieval expectations for controlled records.

Auditors will cross-check what the SOP claims against how records actually appear in eQMS, MES, WMS, and LIMS.

7) Integration with Change Control, Risk & CAPA

The SOP must explicitly reference and integrate with:

• Change Control (MOC) – when document changes must be initiated via change requests, how impact is assessed, and who approves.
• Risk Management (QRM) – how documents implement risk controls and how changes trigger risk review updates.
• CAPA – how CAPA actions are translated into new or revised documents and how QA verifies implementation and training.

“CAPA action: update SOP” is meaningless unless the Document Control SOP makes that path clear and verifiable.

8) Training & Access to Controlled Documents

The SOP should define how users discover and learn changes:

• How roles are linked to documents through a training matrix (who needs what).
• How training assignments are generated and tracked when new/revised documents are approved.
• How “read and understand” vs practical competency are verified for high-risk instructions.
• How staff access current versions (e.g., via eQMS, MES terminals, WMS handhelds), and how outdated copies are prevented.

In practice, this is where you prove that procedures are not just written, but known and followed at the point of work.

9) Digital Implementation – eQMS, MES & WMS

The Document Control SOP must reflect reality: that many “documents” are now screens, workflows, and configurations:

• How eQMS manages documents, templates, records, and training links.
• How MES uses controlled master data for routes, recipes, checklists, and work instructions presented to operators.
• How WMS uses controlled label templates, kitting rules, and QA status codes to drive material movements.
• How system validation (CSV) and configuration management are tied back to document control (specs, URS, configuration records).

The SOP should avoid pretending everything is paper if your plant is largely digital; inspectors will notice the mismatch instantly.

10) Common Weaknesses in Document Control SOPs

• Policy-only content. High-level statements with no practical “how to” for users.
• Paper-centric fiction. SOP talks only about binders while real control happens in eQMS/MES/WMS with no mention.
• Unclear scope. No definition of which documents/records are controlled vs uncontrolled.
• Weak supersession control. No steps to remove obsolete copies from the line or to block use in systems.
• No linkage to CAPA/MOC. Documents change without traceability to root cause or change control.
• Ignored in practice. Line staff “have their own version” of instructions; SOP is not followed.

Auditors will test all of these by sampling both documents and behaviors on the shop floor and in your systems.

11) How a Document Control SOP Fits with V5 by SG Systems Global

Procedural backbone in V5 QMS. The Document Control SOP is implemented natively in the V5 Quality Management System (QMS) module. Document workflows (draft → review → approve → issue → revise → archive) can be configured to exactly match your SOP, with roles, e-signatures, and effective dates enforced automatically.

Execution at the line via V5 MES. Once documents (SOPs, WIs, MBRs/DMRs) are approved in V5 QMS, the V5 MES presents the correct versions at terminals for operators. Changes to master records or work instructions driven by the Document Control SOP are reflected as updated routes and screens in MES, tied back to their document IDs and versions in the eDHR/eBR.

Label, status & record control via V5 WMS. The V5 WMS uses controlled label templates, QA status descriptors, and kitting rules derived from documents governed by the SOP. When specs or labels change, WMS can be updated under change control so that only current, controlled data is used on pallets, UDI labels, and shipments.

End-to-end governance in the V5 Solution Overview. Within the V5 Solution Overview, your Document Control SOP is visible not just as a PDF but as live behavior: document versions linked to CAPA, training, eDHR/eBR, inventory records, and QA status. During audits, QA can walk inspectors from the SOP to the configured workflow in V5 QMS, and then to real examples in MES and WMS.

Integration & analytics via V5 Connect API. Using the V5 Connect API, organizations can integrate controlled documents and records with ERP, PLM, LIMS, and BI tools, and analyze KPIs like document-change frequency, training completion on new versions, and correlation between document changes and deviation/CAPA trends—turning the Document Control SOP into a measurable, continuously improved process.

Bottom line: V5 gives you the infrastructure to actually enforce your Document Control SOP across QMS, MES, and WMS, so “current approved version only” isn’t a hope—it’s how the system behaves by design.

12) FAQ

Q1. How is a Document Control SOP different from a Document Control Plan?
The Document Control Plan describes the overall strategy, scope, and architecture of document and record control. The Document Control SOP translates that plan into concrete steps and responsibilities. Think of the plan as “what and why” and the SOP as “how, who, and when”.

Q2. Does every site need its own Document Control SOP?
Multi-site organizations can use a global Document Control SOP if systems and practices are harmonized, but local annexes may be needed for site-specific tools or regulations. If practices differ significantly between sites, separate SOPs (under a common policy/plan) are safer and easier to defend.

Q3. Should external documents (standards, pharmacopeias, vendor manuals) be covered?
Yes—at least to define how they are identified, kept current, and referenced. The SOP should clarify which external documents are controlled, where they are stored, and who is responsible for monitoring updates.

Q4. How detailed should the Document Control SOP be?
Detailed enough that a trained user can execute document control tasks consistently and that an auditor can reconstruct how a given document moved from draft to archive. Overly vague statements like “documents shall be controlled” are not acceptable; key steps and decision points must be explicit.

Q5. How often should the Document Control SOP itself be reviewed?
At least on a defined cycle (e.g., every 2–3 years) and whenever major changes occur in regulations, standards, systems (eQMS/MES/WMS), or audit/CAPA findings that highlight weaknesses in document control. Reviews should be documented and lead to updates where justified.

Q6. How do digital platforms like V5 support the Document Control SOP?
V5 QMS implements the SOP’s workflows with e-signatures, version control, and audit trails, while V5 MES and V5 WMS enforce document-driven behavior at the point of work. The V5 Connect API exposes document and record metadata for analytics, making it straightforward to monitor compliance with the SOP and improve it over time.

Related Reading
• Core Governance: Document Control | Document Control Plan | Quality Management System (QMS) | ISO 13485 Requirements
• Risk & Change: Risk Management (QRM) | Management of Change (MOC) | CAPA – Corrective & Preventive Action
• Data & Records: Data Integrity | Audit Trail (GxP) | eDHR Software
• V5 Platform: V5 Solution Overview | V5 QMS | V5 MES | V5 WMS | V5 Connect API