“We’re going through changes” - But have you documented them?

Written By CLAIRE GLENISTER

A Change Control isn’t just a quick form—it can be a mini project. So are you treating them accordingly?

Change Control under GDP is a formal, risk-based process to ensure no change compromises product safety, compliance, or traceability.

🕒 When Should You Raise One?

Raise a Change Control for any change that may impact:

  • Product quality, packaging, shelf-life
  • Suppliers, customers, service providers
  • Premises, equipment, vehicles, storage conditions
  • Procedures, systems, documentation
  • Regulatory or legislative requirements

Think “if in doubt, initiate”—better to review and deem a change not required than risk non-compliance.

⚖️ How to Classify a Change

Use a risk-based classification:

  • Major/Critical – high impact on product quality, compliance, or validation; may need revalidation/regulatory submission
  • Minor – minimal impact; documented with a lightweight approach
  • Permanent vs. Temporary – permanent changes require full closure; temporary ones need clear end dates and reversion plans

Classification helps define documentation levels, stakeholder input, and the degree of scrutiny required.

👥 Who Uses Change Controls?

Change Control isn’t just a Quality tool — it's cross-functional:

  • Quality initiates and signs off
  • Regulatory Affairs, Production, Logistics, Finance may all contribute
  • End users and support teams must be engaged too

Ensure your wider business is trained and empowered to raise Change Controls when they spot potential impacts.

🧩 When a Change Control Becomes a Mini Project

Major changes can require:

  • Risk assessment
  • Validation or qualification activities
  • Documentation updates
  • Staff training
  • Financial and IT resource involvement

Who manages this? Often a Project Manager — ideally from Quality or a cross-functional team — ensures progress, coordination, and closure.

⚠️ Pitfalls to Avoid

  • Under-classifying major changes as “minor” to skip effort
  • No defined closure, leaving processes in limbo
  • Lack of leadership, leading to scope creep
  • Document overload burying critical steps
  • Lack of cross-functional input

✅ Best Practice Change Control Process

A strong process typically follows these 8 steps:

  1. Consideration Conduct a initial risk assesment or feasability study
  2. Initiate request with rationale & temporary/permanent tag
  3. Assess impact & risk, now you know what the chnages are
  4. Review & approve by relevant stakeholders
  5. Plan & resource (validation, PM assignment)
  6. Implement & train
  7. Verify effectiveness (audits, testing, monitoring)
  8. Close & document
  9. Post-implementation review

🔍 Ask Yourself:

  • Are changes classified with appropriate rigor?
  • Does the business know when and how to raise a Change Control?
  • Do you assign project ownership for major changes?
  • Are controls in place to close, review, and improve?

If you're unsure, your change control system could use reinforcement.

📢 Final Thoughts

In a complex supply chain, Change Controls aren’t just paperwork—they’re how you stay compliant and responsive to real change. Implemented properly, they protect quality, avoid audits, and empower your team to operate safely.

📞 Need Help with Change Controls?

If you’d like help structuring or reviewing your Change Control processes—especially for major alterations or cross-functional rollouts—contact us today to arrange a Change Control workshop or system review.

#ChangeControl #GDPCompliance #pharmaQA #QualityManagement #RiskAssessment #processimprovement #projectmanagement #pharmasafety #regulatorycompliance

CLAIRE GLENISTER
Previous

Are your SOP’s working for you?