Standard Operating Procedure for Control of Shared Drives and eDMS Use in Regulatory Affairs

Department	Regulatory Affairs
SOP No.	RA/2026/781
Supersedes	NA
Page No.	1 of X
Issue Date	17/04/2026
Effective Date	17/04/2026
Review Date	17/04/2028

Purpose

This Standard Operating Procedure (SOP) establishes a controlled and standardized approach for managing shared drives and electronic Document Management Systems (eDMS) within the Regulatory Affairs department. It ensures the integrity, security, accessibility, and traceability of regulatory documents and records in compliance with applicable regulatory requirements and internal quality management systems. This SOP supports the control objective of safeguarding document integrity while facilitating efficient regulatory operations and collaboration.

Scope

This SOP applies to all Regulatory Affairs personnel involved in creating, reviewing, approving, storing, retrieving, and archiving regulatory documents within shared drives and the eDMS platform. It covers electronic and digital document control processes for regulatory submissions, labeling, dossiers, correspondence, and other regulatory documentation. The SOP excludes systems and repositories outside Regulatory Affairs and internal IT infrastructure management activities not related to document control.

Responsibilities

• Regulatory Affairs Staff: Create, upload, and maintain regulatory documents on shared drives and eDMS as per SOP requirements.
• Document Controllers: Monitor access rights, maintain filing structures, ensure completeness, and assist in audits relating to document management.
• Reviewers and Approvers: Review and approve documents within eDMS workflows to ensure accuracy and compliance prior to release.
• Quality Assurance (QA): Conduct periodic audits and verify compliance with this SOP and applicable regulatory requirements.

Accountability

The Head of Regulatory Affairs is accountable for ensuring the implementation, adherence, periodic review, and continuous effectiveness of this SOP. This role is responsible for escalation of non-compliance, arranging necessary training, and ensuring all regulatory documentation management meets applicable internal and external standards.

Procedure

The management and control of shared drives and eDMS use in Regulatory Affairs shall be conducted as follows:

1. Preparation and Access Control: Prior to document upload or access, personnel must have appropriate system credentials granted by the Document Controller, based on their role and job function. Access rights shall be reviewed and updated quarterly to ensure compliance with the principle of least privilege.

2. Document Creation and Upload: All regulatory documents must be created in approved templates. Upon completion of draft versions, documents shall be uploaded to the designated shared drive folder or directly into the eDMS repository with appropriate metadata (title, version, author, date, classification).

3. Version Control and Review Workflow: In the eDMS system, documents enter a controlled workflow requiring review and approval through assigned users. Each version must be distinctly numbered, and previous superseded versions archived but accessible for audit purposes.

4. In-Process Controls and Verification: Document Controllers must periodically verify folder structures, naming conventions, metadata accuracy, and completeness of files. Any discrepancies or non-conformance shall be logged, investigated, and corrected promptly.

5. Document Retrieval and Usage: Authorized personnel shall retrieve documents through the eDMS interface or shared drive paths. Retrieval logs must be maintained automatically by eDMS or manually tracked to ensure traceability of document usage.

6. Data Integrity and Security: Backup schedules and access logs shall be maintained by IT in line with company policies. Users must never share login credentials and must log out when not using the system. Sensitive documents may be restricted to “read-only” where applicable.

7. Record Retention and Archival: Upon document obsolescence, superseded or outdated files shall be archived within the eDMS archive module or moved to designated archival shared drive folders. Retention periods shall follow regulatory and company policies.

8. Handling Deviations: Any deviation from this SOP, including unauthorized access, accidental deletion, or data loss, must be reported immediately to the QA and IT departments for investigation and corrective action.

9. Training and Competency: All users shall receive training on shared drive and eDMS SOPs during onboarding and periodic refresher training thereafter. Training records shall be maintained according to internal procedures.

10. Documentation and Audit Trails: All activities within the eDMS, including document creation, modification, approvals, and retrievals, are automatically logged and maintained for audit purposes. Manual records such as access request forms or exception reports shall be maintained as applicable.

Abbreviations

• eDMS – electronic Document Management System
• QA – Quality Assurance
• SOP – Standard Operating Procedure
• IT – Information Technology
• GMP – Good Manufacturing Practice

Documents

1. Access Request Form for Regulatory Shared Drives and eDMS (Annexure-1)
2. Regulatory Document Upload and Version Control Checklist (Annexure-2)
3. Deviation Report Form for Document Management Incidents (Annexure-3)

References

• 21 CFR Part 11 – Electronic Records; Electronic Signatures
• EMA Guidelines on Quality Systems
• ICH Q10 Pharmaceutical Quality System
• Company Quality Management System Document Control Policy
• GAMP 5 – A Risk-Based Approach to Compliant GxP Automated Systems

Version

1.0

Approval

Prepared By
Checked By
Approved By

Annexures

Annexure-1: Access Request Form for Regulatory Shared Drives and eDMS

Purpose: To document requests and approvals for access rights to shared drives and eDMS systems within Regulatory Affairs.

Field	Details
Request Date	10/04/2026
Requester Department	Regulatory Affairs
Requester Role	Regulatory Specialist
Requested Access Type	Read/Write
System Requested	eDMS – Regulatory Module
Justification	Need to upload and review regulatory submissions documents
Reviewed By	Regulatory Document Controller
Approval Status	Approved
Approval Date	12/04/2026
Access Granted By	IT Administrator
Access Granted Date	13/04/2026

Annexure-2: Regulatory Document Upload and Version Control Checklist

Purpose: To verify compliance with document upload procedures and version control requirements in Regulatory Affairs shared drives and eDMS.

Checklist Item	Yes / No	Comments
Document created using approved template	Yes
Appropriate metadata entered (title, version, author, date)	Yes
Uploaded to correct folder or repository location	Yes
Version number correctly updated	Yes
Document routed for review and approval via eDMS workflow	Yes
Superseded versions archived properly	Yes
Access rights verified for document	Yes
Audit trail available and complete	Yes

Annexure-3: Deviation Report Form for Document Management Incidents

Purpose: To record and manage deviations related to the control of shared drives and eDMS use within Regulatory Affairs.

Field	Details
Deviation ID	DM-2026-001
Date of Incident	05/04/2026
Reported By	Regulatory Associate
Description of Deviation	Unauthorized deletion of draft submission document from shared drive.
Impact Assessment	Potential delay in submission; data recovery initiated.
Immediate Corrective Actions	Access privileges reviewed; backup restored document.
Root Cause Analysis	Incorrect access rights assigned to temporary user.
Permanent Corrective Actions	Revised access control process implemented; additional training conducted.
Status	Closed
Reviewed By	QA Manager
Review Date	10/04/2026

Revision History

Revision Date	Revision No.	Revision Details	Reason for Revision	Approved By
17/04/2026	1.0	Initial issue	New SOP creation