Star Wars medtech lesson: Rogue documents led to Empire’s downfall


Warning: This story is filled with terrible Star Wars references. Management would like to apologize in advance. In our defense, David Butcher at MasterControl started it —the story comes from his original post. 

Death Star watermelon medtech documents

[Image courtesy of J. Albert Bowden II on Flickr, per Creative Commons 2.0 license]

When Rogue One: A Star Wars Story arrives in theaters this week, we will learn how the Rebel Alliance brought down the Death Star by stealing the plans to the space station schematics, says David Butcher, communications specialist at Master Control.

Much like the fate of Boba Fett (he is totally still alive), fans have long wondered about this missing plot line. In A New Hope, the theft ultimately enabled the Rebellion to uncover the key weakness that Luke Skywalker exploited to destroy the Empire’s ultimate weapon.

For the Empire, failing to secure its critical information—the Death Star plans—was catastrophic. For an organization working in a regulated environment such as medical devices, failing to wrap a Tauntaun around all of its critical documents and data can also be devastating.

Despite the risks of managing controlled content in a regulated environment, many companies continue to maintain manual document management or document control processes that are error-prone, cause delays and introduce product quality problems.

Common issues include: wasting time looking for files and rebel scum; confusion about the right version of a document; manually merging changes from multiple contributors; working on the wrong or outdated version; sending the wrong version to someone, and judging little green Jedi by their size.

Your eyes can deceive you, don’t trust them.

Imagine producing a batch of pharmaceutical ingredients and only then discovering that an outdated version of the standard operating procedure (SOP) was followed. The consequences can be disastrous.

Butcher notes that the force is strong with automating document control processes. Automating document management and control enables organizations to search their feelings and securely create, modify, store and control their critical documents and records.

When regulated organizations use automated systems they have an advantage in the ability to cease the unauthorized or unwanted circulation of printed and electronic “rogue” documents. For organizations using manual systems, rogue documents often get shuffled around offices and shop floors or transmitted via email. In many cases, important documents can be copied, distributed and shared with unauthorized people. Rogue documents can result in inefficient processes, time wasted, rework and poor decisions, as well as costly penalties, delayed time to market, product recalls and even loss of clients.

By automating their document control processes, regulated organizations can better watch that crossfire from rogue documents in the following ways:

Document collaboration binds the galaxy together

When it comes to creating or updating documents, issues often occur when employees use manual collaboration methods such as routing via paper or email. These methods often generate multiple versions of the same document and increase the likelihood of numerous disparate edits that need to be reconciled. Moreover, in a manual system, the document being passed around for changes can easily be misplaced or sit in a collaborator’s desk or inbox indefinitely.

Robust document control software enables authorized personnel to easily collaborate, no matter their location, in a secure environment. A virtual collaboration workspace lets users route, review, revise or approve a document in real time. Such a workspace and allows each collaborator to view the contributions of others immediately and add input without waiting for someone else to unlock the document. Redlines visible to all team members minimize duplication of efforts.

To further manage collaborative changes that will result in a single version of a document, the system should automate document routing, approval and escalation, and follow-up should be automatic (i.e., do or do not, there is no try). Customizable notifications should notify collaborators or approvers in a route to act on their specific tasks. To expedite collaboration and approval, the system should incorporate time-based escalation, so if a team member is unavailable for a certain period of time, the document is sent to the next person authorized to approve it.

Revision control can prevent ‘Attack of the Clones.’

Tracking down the right document is made all the more difficult when multiple versions of the document are in circulation. In a paper-based or partly electronic system, there could be multiple unwanted versions of a document, meaning users may use an obsolete or uncontrolled version of an SOP, technical drawing or product specification that is too readily available.

Ineffective version control and archiving is a common problem for companies with paper-based document management systems.

When the newest revision of a document is approved and released, the previous version(s) should be automatically archived so only the current version is accessible. An automated document control system helps ensure that employees are using the most recent – and correct – version. With automatic revision control, a document in the revision process becomes available for reference only upon approval of the revision.

To further control rogue electronic documents, an electronic system should enable copies to “self-destruct” after the time allotted to a document expires. The software should provide capabilities to manage printed copies of documents – such as expiration dates automatically watermarked on the document – and prevent unauthorized printing, saving or copying of documentation.

The ‘Force’ of document security

The theft of the Death Star plans – the premise of Rogue One – highlights, among other things, the importance of securely managing an organization’s critical information. Document security is vital for organizations facing strict regulatory requirements relating to document control. For instance, the Food and Drug Administration’s (FDA) 21 CFR Part 11 emphasizes security practices that limit access to authorized users and hold them accountable for written policies.

A robust electronic system will enable FDA-regulated companies to maximize document security in a number of ways. It provides vault functionality that ensures authorized access only, as well as a reliable audit trail of any change made to a document. The software allows system administrators to create individually tailored user and roles; some users’ rights may be limited to viewing while others’ may include edit privileges. Login and approval are automatically locked when either is compromised.

It is important to remember that effective document control requires balancing security with accessibility. That is why any electronic document and quality system should serve as a single, centralized source repository, enabling authorized users to search for, access and review the latest version of any stored document. This way, documents will not get lost because the automated system can track every document’s exact location while employing approval history tracking, time-stamped audit trail, reporting and electronic signature capabilities.

[Want to stay on top of MDO content? Subscribe to our weekly e-newsletter.]

Want to stay on top of MDO content? Subscribe to our e-newsletter.

Speak Your Mind