Uncategorized
Are Sales Brochures Controlled in ISO9001?
The recent case of Johnson and Johnson is a perfect example of the importance of retaining controlled sales documents. The case proves the business reason for “controlling” your advertising brochures, even in an industry that does not require it.
What is “controlled documented information?”
“Controlled” means that the document is identified in some way so that its legitimacy and content is known. Also, records are kept so that it is known what the content was on a given date. It is a requirement of the ISO9001 standard that “the organization” makes the decision on whether to do this in some cases.
In an FDA regulated industry, such as prescription drugs, the sales brochures are considered “labeling” and therefore are subject to regulation.
What is the ISO requirement?
In ISO9001, it is not specifically stated that sales catalogues, or sales materials presented to customers need to be “controlled”. In clause 7.5.1 the standard states:
The organization’s Quality Management System shall include….documented information determined by the organization as being necessary.
ISO9001 Requirements
In 7.5.3.1 it says “Documented information required by the quality management system and by this International Standard shall be controlled.”
So these above clauses seem to give “the organization” a little flexibility to decide whether or not sales brochures and catalogues need to be controlled
A sales brochure, and other sales materials are sometimes used to give product information to the customers. Therefore there is an implied “commitment” that the company is capable of producing the goods or services that are described in the brochure.
What about Sales Brochures specifically?
Clause 8.2.3 of the standard says “The organization shall conduct a review before committing to supply products and services to a customer.”
And in 8.2.3.2 it states “The organization shall retain documented information, as applicable: a) on the results of the review; b) on any new requirements for the products and services.”
And in 8.2.4 it says “The organization shall ensure that relevant documented information is amended, and that relevant persons are made aware of the changed requirements, when the requirements for products and services are changed.”
Logic
So logically, if a company has sales catalogues, or sales specifications, it is implied that the “review” of the sales literature took place and that some record be kept of exactly what was reviewed and when.
This also basically says that you can’t have a lot of obsolete sales brochures around that you give out to customers with old information.
What about “Sales Presentations?”
When I was in product development I used to develop test reports and other technical data. I would also communicate these directly to customers. Quite often I gave presentations in front of trade groups and other groups of potential buyers. I also had some published articles in trade publications.
So in theory, when I did that, should those documents have been “reviewed” and “version controlled?” Should there have been notes taken and retained about what I told the customers?
At what point does this need to be controlled?
There is a strong implication in the standard that this is also required, and that I should have retained some kind of record as to what I said to whom while representing the product. Also, if anything in my presentation changed, I should have had a review of the new presentation, in theory.
I myself could have been allowed to be the “reviewer.” That still does not get me off the hook about potentially keeping a “review record” and a controlled copy. Presumably this would also have been subject to record storage and retention rules as well, rather than buried on my laptop.
The Johnson and Johnson case
The results of this famous legal case became public the other day.
To update:
Johnson and Johnson was selling an approved, legal product, i.e. “opiates.” It was well known that these products are highly effective in killing pain. It is also well known that these products are highly addictive.
What were the customer expectations?
A key question in the case was whether the Johnson and Johnson sales people explained the addictive properties to doctors. It was the company’s claim, backed up by evidence, that the sales people did tell the buyers (hospitals, doctors and pharmacists) that the product was addictive.
The judge in the case ruled that the company had promulgated “false, misleading, and dangerous marketing campaigns”. According to the above article, From 2000 through 2011, members of Johnson & Johnson’s sales staff made some 150,000 visits to Oklahoma doctors, focusing in particular on high-volume prescribers.”
So, sales materials, catalogues and test data in this case must have played a key role in the decision. Even though the case did not go the company’s way, the documents retained from this period remained key evidence. They have potential to appeal the decision.
Why is this important?
There is some record keeping overhead cost involved in this. The potential benefit is: there is evidence of what you said, and whether or not the product met the customer’s expectations. A company’s ability to defend itself in the case of a lawsuit is at stake.
The Audit Trail
So how, as an auditor, would I audit this?
I suppose the first step would be that I would go to the marketing department or company website. I would ask whether or not the client had any marketing brochures or other information that they publish.
Then, I would ask whether or not it was an internal requirement in their industry that a product data sheet be controlled.
If so, then I would inspect it to determine if it had a control number or other identifier. If it did, I would then ask to see some evidence of a review process for that brochure. The procedure for this might be in some high level marketing communications procedure, if there is one.
Review and Retention
If I found out objective evidence that the brochure was reviewed in the required way, as required, then the client would get the smiley.
At the end of all this I might ask for the high level document control procedure, or the high level procedure for producing sales brochures or technical data. If there was not one, I would start asking questions as to who was controlling all of this.
If I did not see a control number of some type, I would then start asking other questions, as follows: Does this document need to be controlled?
How did you arrive at this decision? What happens when you try to change it? How to you tell the customers something changed?
How does your sales specification match up with reality?
Here are some examples:
The above sales brochure was issued by an ISO certified company, in April of 2019.
It does have a title, and a means of identification. I, as an auditor would be okay with this. But then, I would have to ask what the process is for the approval, and since the brochure has been recently changed, the client should be able to provide “documented information” of the results of the review of this.
A Potential Obsolete Document
Here is another sales brochure from the same company. This particular one was produced in 2009 and was not updated when the ISO9001:2015 standard was implemented. Is it real or not real? I would have to ask further questions.
So, I would have to further ask the question, “is this the most recent brochure?” Also, I would ask whether these documents have a formal review period. I might be able to deduce this from the client’s document review procedure and/or the record retention index.
An Uncontrolled Sales Brochure from an ISO registered company.
It wasn’t too hard to find a document that does not appear to be controlled
This particular document is also from an ISO registered company. It does not have any apparent identification as to the status of the document.
So I, the auditor, would now have a lot of questions. Is this the current document? How can you tell? What was the approval process? How do I know this was reviewed according to your procedure, if any? How much of this becomes a customer expectation?
What is the Rationale?
If there is no requirement for these documents to be controlled and reviewed, I would have to start asking why? What is it about the product, or process, that allows uncontrolled information to get out into the marketplace without record keeping?
I ,the auditor, would keep an open mind, which is my job. There may be some compelling business reason that the company is casual about this information. I would have to listen to more information before making a final determination.
Disclaimers
One possible inoculation a company can make is the proverbial disclaimer at the bottom of the page:
Is there anything more annoying for a customer than one of these? The sales guy is sitting in front of you. He or she hands you a beautiful glossy brochure that took effort to produce. You design a product or products that relies on the technical properties that the selling company has just assured you of. Then at the bottom it says “never mind, none of this matters.”
At what point does some statement in a sales brochure become a “customer expectation” and a “customer requirement” as defined by the ISO standard?
Failure Modes—Potential Non-Conformance
If the company is in a regulated industry, in which the technical information is considered part of the label, then the document must be controlled in some way. Audit trail is easy.
In other industries, the main failure mode is lack of a process to develop and publish this information. There is no specific requirement in the standard for controlling or producing a written “marketing information” procedure. I may have to probe to find out if there is an unwritten procedure or how otherwise I know what the rules are.
Technical Presentations
As a former technical sales person I can say that I routinely went out and presented technical material without a formal approval process. An approval process that says “the author may review and approve his or her own presentation” is still potentially in conformance with the standard. But, that raises more questions, especially if there is no written procedure, and as an auditor I would have to probe into this.
A further failure mode is that there was a “review and approval,” but no objective evidence (record) that it took place. This may or may not include change control records. The review record may be meeting minutes, emails, a signoff checklist, or any of a dozen ways to capture this objectively. Obviously the longer ago this took place, the harder it is to come up with the evidence.
Review and Retention
Another failure mode is that some clients require themselves to have a periodic review of all “controlled documents.” If that is the case, these documents, which are part of the marketing effort, may have been missed.
Another failure mode is document retention. As an auditor I might test this system by finding the client’s document retention matrix. I might then ask for the retention period for sales literature. I would then pick a date within that, and ask for the applicable technical data sheet or sales information that was valid on that date.
The Bottom Line
In some industries, such as the case above, revision control of technical and sales brochures is required. In other cases, even though may not be a direct requirement, there is an “implied requirement. Unless conditions are very unusual, there is some need to identify these documents in some way.
In non-ISO companies, this may not be required. But then the question is: how can the consumer be sure of the most accurate technical information?
The underlying business case for controlling these documents is reduction in liability. There is a clear definition of product features if the company controls its sales documents. This draws a line in the sand, from which a basis of common understanding may be reached between clients and customers.