Extensible Controlled Copy Configuration (QualityDocs)

QualityDocs users often require a way to track specific content copies outside of Vault, or prepare copies with specific overlays for specialized use. Through the Extensible Controlled Copy feature, QualityDocs Vaults provide special objects and fields to assist with this business process, supporting download and distribution of controlled copies.

When downloaded, Vault assigns each controlled copy a unique identification number and creates a Controlled Copy Trace object record, allowing users to track the status of those copies outside of the Vault. With a dedicated lifecycle for these object records, users can manage both the distribution and the reconciliation of these copies according to their organization’s needs. Admins may also configure and apply specialized overlays or choose to attach signature pages on the content when consumers download controlled copies. Depending on the document lifecycle state, there may be zero, one, or many controlled copy actions, for example, Request Laboratory Reference Copy and Request Facility Posting Copy.

Note: The functionality in this article refers to object-based Extensible Controlled Copy. To determine if your Vault uses Extensible Controlled Copy, navigate to Admin > Configuration > Objects and look for the Controlled Copy User Input and Controlled Copy Trace objects. If you don’t see these objects, your Vault uses legacy controlled copies.

How to Enable Extensible Controlled Copy

To enable Extensible Controlled Copy functionality in your vault, select the Enable Extensible Controlled Copy setting in Admin > Settings > Application Settings. Enabling Extensible Controlled Copy effectively replaces all legacy document-based controlled copy functionality and disables all existing controlled copy actions and configurations, with the exception of the Distribution report. The report allows you to finish reconciling legacy controlled copies while you transition to Extensible Controlled Copies, but prevents you from generating new legacy controlled copies or adding new entries to the Distribution report.

Note: Once enabled, you cannot disable Extensible Controlled Copy.

Admin Configuration

We strongly recommend that you work with Veeva to help configure Extensible Controlled Copy in your Vault. If you choose not to work with Veeva to migrate controlled copy configurations in your Vault, you must complete the following actions:

Navigate to Admin > Settings > Application Settings and select the Enable Extensible Controlled Copy setting. Note that once enabled, you cannot disable Extensible Controlled Copy.
Configure identical object types on the Controlled Copy User Input and Controlled Copy Trace objects for any type of controlled copy you may need.
Configure object page layouts for each Controlled Copy User Input and Controlled Copy Trace object type. Page layouts do not need to match across the Controlled Copy Trace and Controlled Copy User Input objects.
Configure Atomic Security on the Controlled Copy Trace object fields to prevent users from accidentally updating important fields. Vault does not automatically apply security to fields on the Controlled Copy Trace object.
Update any document lifecycle state user actions that supported legacy controlled copies to use the Download Controlled Copy action.
Update any overlays that supported legacy controlled copies to reference new Extensible Controlled Copy tokens.
Update any permission sets that supported legacy controlled copies to grant appropriate users Create permission on any Controlled Copy User Input object types and Read permission on any Controlled Copy Trace object types.

How Vault Downloads Extensible Controlled Copies

When a consumer selects the Download Controlled Copy user action, Vault opens the Create Record page for the Controlled Copy User Input object in the dialog. Consumers enter data in the fields configured by the Admin. When a consumer completes the request to download the controlled copy, Vault generates the appropriate documents in a ZIP file via an automated job and sends the requesting consumer a notification with a link to download the resulting file. Vault generates the ZIP file’s name in the following format: [label of the user action] - [job ID] - [DateTime].zip

Vault also processes the Controlled Copy User Input record, populates any system-managed fields, and automatically creates associated Controlled Copy Trace records for each document copy requested, copying data from any user-entered fields on the Controlled Copy User Input record into identical fields on the Controlled Copy Trace record. Vault automatically sets the Released from Vault field checkbox on the Controlled Copy Trace record after successful document download. Vault does not set this if an error occurred while attempting to download the controlled copy. You can then use the Controlled Copy Trace record to view, report on, and reconcile controlled copy data.

Extensible Controlled Copy Components

Enabling Extensible Controlled Copy adds the following to your vault:

Controlled Copy User Input Object

This object captures information from the consumer who requests to download a controlled copy. Your organization can add, edit, or remove fields to customize the data collected. Vault creates these object records when a consumer selects a controlled copy user action, and then processes these to generate Controlled Copy Trace records and download the requested content for the consumer. This object supports object types with both standard and custom fields, and Admins can adjust object page layouts to include all relevant fields for data capture.

Controlled Copy Trace Object

This object houses trace records for all controlled copy files generated for your Vault. Controlled Copy Trace supports object types with both standard and custom fields. Vault creates each record and auto-populates many fields when the consumer completes the controlled copy request. Note that users cannot manually create or delete Controlled Copy Trace records; only Vault can create these when a consumer downloads a controlled copy.

Controlled Copy Trace Lifecycle

This lifecycle is associated with the Controlled Copy Trace object, and allows organizations to manage and track Controlled Copy Trace records representing documents removed from the Vault. The Controlled Copy Trace lifecycle includes the following states by default:

Active in Use: This controlled copy is currently outside of the vault.
In Recall: This controlled copy is currently in use outside of the vault, but a recall exists to discontinue it.
Recall Confirmed: This controlled copy is removed from use outside of the vault.

Admins may update these states, configure Atomic Security, or utilize various object lifecycle and workflow actions (such as automatic recall) to create a robust process that represents how your organization accounts for content after it has left your Vault.

Configuring Controlled Copy Objects & Object Types

In order for consumers to download controlled copies, you must configure matching object types on the Controlled Copy User Input and Controlled Copy Trace objects. The two object types must include identical Labels, Plural Labels, and Names (public keys). You can create multiple object types for the various types of controlled copies needed in your Vault.

The fields you select or create when configuring these object types define the fields consumers populate when downloading a controlled copy. For example, we recommend creating fields on each object to capture details such as Reason or Justification, Requested For, and Audience Details.

Note: Consumers will not see configured Download Controlled Copy user actions in the document Actions menu if the object type Names (public keys) are not identical for the Controlled Copy User Input and Controlled Copy Trace objects.

About Controlled Copy Object Fields

In order for Vault to capture data and correctly populate fields on the Controlled Copy Trace record when a consumer downloads a controlled copy, you must create identical fields on both the Controlled Copy User Input and Controlled Copy Trace object types. Note that the Controlled Copy Trace object type can include fields that are not on the Controlled Copy User Input object type, although there is no way for a consumer to populate these.

If field configurations don’t match across the Controlled Copy Trace and Controlled Copy User Input objects, Vault can’t create the Controlled Copy Trace record when a consumer downloads a controlled copy. Common errors include:

A field that is required on the Controlled Copy Trace object does not exist or is not required on the Controlled Copy User Input object.
Corresponding fields across the Controlled Copy Trace and Controlled Copy User Input objects have different field types.
Corresponding text fields across the Controlled Copy Trace and Controlled Copy User Input objects do not have the same Maximum Length.
Corresponding number fields across the Controlled Copy Trace and Controlled Copy User Input objects do not have the same Minimum and Maximum Values.
Corresponding fields across the Controlled Copy Trace and Controlled Copy User Input objects have different Dynamic Reference Constraints configured.

For example, you could make an Intended Use field required on the Controlled Copy User Input object type, but optional on the Controlled Copy Trace object type. Vault automatically copies the field value to the Controlled Copy Trace object. However, if you made the Intended Use field optional on the Controlled Copy User Input object type but required on the Controlled Copy Trace object type, a consumer downloading a controlled copy could forego entering data in the Intended Use field, and Vault could not create the associated Controlled Copy Trace record.

Controlled Copy User Input Object Required Fields

You must add the Vault Document (vault_document__v) field on all Controlled Copy User Input object types. You should not add this field to the Controlled Copy User Input object page layouts, as it could cause errors when consumers request controlled copies from multiple documents via bulk action.

Controlled Copy Trace Object Required Fields

You must add the following fields on all Controlled Copy Trace object types, although we do not recommend adding these fields to Controlled Copy Trace object page layouts:

Autonumber Prefix (autonumber_prefix__v)
Autonumber Prefix Pattern (autonumber_prefix_pattern__v)
Migrated (migrated__v)
Vault Document (vault_document__v)

Object Page Layouts

After you set up the Controlled Copy User Input and Controlled Copy Trace objects types, you can configure the object page layout for each type to define the fields that the consumer sees and populates in the Controlled Copy User Input dialog when downloading a controlled copy, and in the Controlled Copy Trace object record detail page.

Configuring Atomic Security for Extensible Controlled Copy

The Controlled Copy Trace object is intended to be a record of truth for tracking controlled copies after they leave Vault. Admins are responsible for configuring Atomic Security on all fields representing content that has left the Vault. As a best practice, we recommend applying Atomic Security on all fields, following these general guidelines:

If Vault copies a field from the Controlled Copy User Input record to the Controlled Copy Trace record, Atomic Security for that field should be Read Only for all roles in all states of the Controlled Copy Trace Lifecycle.
If the field is unique to the Controlled Copy Trace object and represents information captured during the reconciliation process or another custom process in your Vault, you can apply Atomic Security at your discretion based on your organization’s needs.

Configuring the User Action

To allow consumers to download controlled copies, you’ll need to configure a user action on the applicable document lifecycle state. The user action type for Extensible Controlled Copy is Download Controlled Copy. There are several fields available for configuration:

Controlled Copy Type: Indicates which controlled copy object type the consumer is requesting. Note that Controlled Copy User Input object types that do not have a matching Controlled Copy Trace object type do not appear in the drop-down.
Autonumber Prefix: Indicates the token pattern Vault uses for autonumbering Controlled Copy Trace records of the selected type. Vault includes a default pattern, or you can create your own.
Overlay: Indicates the overlay templates Vault applies to the content when a consumer downloads a controlled copy. Note that this selection overrides the lifecycle state-based overlay selection. As a best practice, we recommend selecting a single overlay. However, you can select up to five (5) templates, which Vault applies together.
Include signature page: Specifies whether or not Vault includes a signature page with the content when a consumer downloads a controlled copy. If a signature page exists, Vault applies it for that specific document. If not selected, the controlled copy omits the signature page, regardless of whether there are signatures applied.

When configuring new controlled copy actions, be sure to check that the lifecycle state security settings grant the Distribute Controlled Copy permission to users with appropriate document lifecycle roles. For example, no user could access a Download Controlled Copy action on the Approved document lifecycle state if that state’s security settings do not grant the appropriate permission to at least one document lifecycle role.

Note: If you migrated your Vault’s legacy controlled copy configurations to Extensible Controlled Copy, you must manually update all legacy controlled copy user actions.

Autonumber Prefix

Vault applies the autonumber prefix to Controlled Copy Trace records. You can include tokens in your autonumber prefix that reference fields on the Controlled Copy User Input object using the syntax: ${VCC__fieldname__v}. For example, the token ${VCC__name__v} references the name of the Controlled Copy User Input record. Vault also supports the following legacy controlled copy tokens in Vaults with Extensible Controlled Copy enabled:

${docNumber}: Document Number
${docMajor}: Document Major Version Number
${docMinor}: Document Minor Version Number

We recommend that you replace “CC” in the default Controlled Copy autonumber prefix format with a value that corresponds to the menu label, for example, FPC-${docNumber}-${docMajor}-${docMinor}- for the menu label “Request Facility Posting Copy.” If you use the same number format, for example, CC-{####}, for two separate user actions, they share the numbering value so that it is impossible to create two controlled copies with exactly the same copy number.

Configuring Automatic Controlled Copy Recall

When a document with currently-disbursed controlled copies is made obsolete or superseded, your organization may require a recall process to reconcile the controlled copies.

You can configure your document lifecycle to automatically place Controlled Copy Trace object records associated with an Obsolete or Superseded document into an In Recall state. You can then create a report to notify the appropriate personnel of the need to reconcile those Controlled Copy Trace records.

To automate this process further, you can configure the state change to trigger a workflow for the appropriate personnel to start a recall process.

Automatic recall relies on the following components:

Controlled Copy Trace lifecycle State Types: Assign a state to the Controlled Copy In Use state type for copies issued to locations outside of Vault, such as a manufacturing floor. This is typically the Active In Use state. Assign a state to the Controlled Copy In Recall state type for issued copies that should be subjected to a recall process. This is typically the In Recall state.
Recall Controlled Copies: Add this entry action to the Obsolete or Superseded document lifecycle state. When a document version reaches the state, the document lifecycle state entry action checks for related Controlled Copy Trace records that are in a Controlled Copy In Use state type. Any such records have their state changed to the Controlled Copy In Recall state type. You can apply the entry action to either all Controlled Copy Trace object types, or to a specific type via the Object Type drop-down.

Once these components are configured, you can further automate this process by configuring an auto-start workflow on the In Recall state, assigning a recall process task to a chosen role on the Controlled Copy Trace object record. You can determine how Vault populates this role in multiple ways:

Add the Add User to Role object lifecycle state entry action to the Controlled Copy In Recall state type. This entry action adds the value of the selected User Field (for example, “Requested By”) to the role selected from the Role drop-down. Note that you must enable Dynamic Access Control for the Controlled Copy Trace object when using this entry action. The entry action must run before the Start Workflow entry action.
Use Custom Sharing Rules or Matching Sharing Rules to populate the role.

Configuring Overlays

With Extensible Controlled Copy, you can include tokens that reference Controlled Copy Trace object fields in overlay templates.

Note: If you migrated your Vault’s legacy controlled copy configurations to Extensible Controlled Copy, you must manually update all tokens referencing legacy controlled copy field values in your standard overlay templates or overlay template overrides. Extensible Controlled Copy tokens must include two (2) underscores (__) following VCC.

Standard Overlay Templates

In standard overlay templates, Vault supports the following token syntax for Controlled Copy Trace object reference fields: ${VCC__fieldname__v}. For example, to reference the record’s name, your token would be: ${VCC__name__v}.

You can select all Controlled Copy Trace object fields as tokens with the exception of system fields, such as Status, and long text fields. Vault validates your tokens when you save your overlay template.

Advanced Overlay Overrides

When creating an XFA PDF file to use as an overlay template override, you can include tokens referencing the Controlled Copy Trace object. You must use the “Text Field” type to add a Vault field to your XFA PDF, regardless of the field’s type in your Vault.

For example, syntax for a token referencing the Controlled Copy Trace object would be: VCC__fieldname__v. To reference the record’s name in your XFA PDF file, you would include the token: VCC__name__v.

All Controlled Copy Trace object fields are supported as tokens with the exception of long text fields. Vault validates your XFA PDF file at upload.

The following permissions control an Admin’s ability to configure and work with Extensible Controlled Copy functionality:

Type	Permission	Controls
Security Profile	Admin: Document Lifecycle: Edit	Ability to configure document lifecycles and the Download Controlled Copy user action on document lifecycle states, associate an overlay template with a lifecycle state,
Security Profile	Objects: Controlled Copy User Input: Read, Edit, Create	Ability to configure object types and object page layouts on the Controlled Copy User Input object. Note that you must grant this permission on each Controlled Copy User Input object type.
Security Profile	Objects: Controlled Copy Trace: Read, Edit, Create	Ability to configure object types and object page layouts on the Controlled Copy Trace object, as well as see and report on Controlled Copy Trace records. Note that you must grant this permission on each Controlled Copy Trace object type.

For details on permissions that users need to work with controlled copies, see Downloading Extensible Controlled Copies.