ISO 22716 Section 17 Explained: Documentation — The Backbone of GMP Compliance

4 minute read

ISO 22716

By Robert Low, Lead Management System Specialist

Documentation closes out the numbered sections of ISO 22716, but it does not belong at the back of anyone’s attention. Every other section in this series — personnel, premises, equipment, production, the laboratory, complaints, internal audit — depends on documentation being controlled correctly. A perfectly designed procedure that exists as an uncontrolled, unversioned file on someone’s desktop does not satisfy any of the other sections, no matter how good the procedure’s content is.

This post is part of a series working through ISO 22716 section by section. This is the final substantive section before the series summary.

The Core Principle

Each company needs to establish, design, install, and maintain its own documentation system, appropriate to its organisational structure and product types. An electronic system is explicitly permitted. The standard frames documentation’s purpose plainly: to describe activities so their history can be related accurately, and to prevent the risks of misinterpretation, lost information, confusion, or errors that come from relying on verbal communication alone.

What the Standard Covers

Type of document. Documents can include procedures, instructions, specifications, protocols, reports, methods, and records — covering the full range of evidence the standard expects across every other section. They can be hard copy or electronic.

Writing, approval, and distribution. Documents need to describe operations, precautions, and measures with appropriate detail, with a clearly stated title, nature, and purpose. They need writing legibly and comprehensively, approved and dated by authorised persons before use, and properly prepared, updated, withdrawn, distributed, and classified. Critically, documents need referencing in a way that prevents obsolete versions being used — and outdated copies need actively removing from the work area, not just superseded in a central file while old copies remain accessible on the floor.

Handwritten records. Records requiring handwritten entry need to indicate clearly what should be entered, be written legibly in permanent ink, be signed and dated, and — if a correction is needed — be corrected while keeping the original entry readable, with the reason for correction recorded where appropriate. Using correction fluid or otherwise obscuring the original entry defeats the entire purpose of a controlled record.

Revision. Documents need updating when necessary with the revision number indicated, and the reason for each revision retained.

Archiving. Only original documents should be archived, with only controlled copies actually in use day to day. Archive duration needs defining according to applicable legislation, storage needs to be properly secured, and legibility needs ensuring regardless of whether archives are electronic or hard copy. Backup data needs storing at a separate, secure location at regular intervals.

Where This Commonly Goes Wrong

The most common and consequential gap is outdated documents remaining physically accessible after a new version is approved. A revised procedure gets correctly approved and added to the controlled system, but the old laminated copy on the production floor wall never gets removed — meaning staff working from the wall copy are, in practice, working from an obsolete version, regardless of what the official system says is current.

The second common gap is handwritten record correction. A crossed-out entry that is no longer legible, or worse, correction fluid used to obscure an original entry, undermines the entire audit trail the standard is trying to protect — even when the correction itself was entirely legitimate.

How This Connects to Everything Else in This Series

Every section in this series references documentation in some form — training records under Personnel, cleaning programmes under Premises, calibration logs under Equipment, batch records under both production sections, and audit reports under Internal Audit. Document control software that enforces version control, removes outdated copies from circulation automatically, and maintains a genuine audit trail is, in a real sense, the infrastructure every other section of ISO 22716 depends on to actually function.


This is the final section post in the Cornerstone ISO 22716 series. See the full series summary with links to all 16 sections.

From Cornerstone

Document Control That Removes Outdated Versions Automatically

Cornerstone enforces version control across every procedure, specification, and record — so the document in use is always the one that is actually current.

Need More Help?
We'd Love To Hear From You

Cornerstone Logo White