| The documents control requirements within the ISO 13485 Standard are a key element of distinction between the two standards. The main idea is to eliminate any confusion and mix up different documents from different sources. Therefore it requires all documents to be controlled. This is not a recommendation but a requirement. You must control your documents. In order to achieve documents control you must maintain a method. This method must be one of the organizations quality procedures and it should be called "Documents Control".
|
ISO 9001
| ISO 13485
| The ISO 9001 Standard requires that document used by the quality management system would be submitted to the next requirements: identified and that the method would be documented.
| The ISO 13485 Standard requires that document used by the quality management system would be submitted to the next requirements: identified and that the method would be documented. | Approved before use
| Reviewed and approved before use
| Status and identification managed and revised
| Status and identification managed and revised
| Types of documents are distinguished
| Types of documents are distinguished
| Available and distributed to relevant parties
| Available and distributed to relevant parties
| | | Another requirement is that document would bear a validation period defined to every type of document under the QMS. In any case the period would be not less than two years from the date of product or other period if required by any regulations. |
TYPES OF RECORDS At first, you must define what documents this procedure would include. Documents can be working procedures, diagrams, technical specifications, price quotes etc. In order not to "swirl" around too many documents, let's make it clear. Let's define what a document is: - Communication of information
- Evidence for correspondence
- Sharing of any kind of knowledge
APPROVED DOCUMENTS
Someone within the organization must supervise all documents and see that they are suitable for working before they are released.
The reason is to prevent any faults where unsuitable documents are being used or information that is classified is handed to wrong bodies. It is required to define for whom it is authorized and when must he approve any document. Who is responsible? The same one who is responsible for the information documented. It must be part of his job description. There are situations that more than one function would be needed to approve one document. It happens when more than one process is documented on one document.
UPDATED DOCUMENTS
This requirement assures that always the last version is the version in use – and not an older. Therefore you must define a method for maintaining updated version and elimination of older versions. How would one know what is the last version? Usually organizations manage list of editions and updates for documents. You can manage the document itself. But most important, it is required to indicate the document itself as the last edition. This way, any employee that would use the document, would be sure that he holds the last edition. Of course, don’t forget to document the method.
It is also required to define what to do with the old versions that are now not updated. How do you handle them? Are they to be destroyed, archived etc. Managing editions must include: - Date of last update
- The reason for the update
- The function who demanded the update
- The function that authorized the update
AVAILABILITY AND DISTRIBUTION OF DOCUMENTS
This is an un separated part of the last requirement. Defining the availability and distribution of documents must include the following: - User authorization – to which it is authorized to use the document.
- The location of the document – where must the document be kept before and after use.
Most of today's process management systems (such as ERP or CRM systems) provide documents control relevant to the process they handle. They present the user with a screen (a screen on a computer system is a document like any other document) with defined information to input. Most of these systems also has authorization module installed. But when systems like the ones mentioned do not exist in the organization, it must provide with his employees the relevant updated documents. That means the latest editions. In order to ensure that, the standard require a documented method. How to obtain that? Well, it depends on your organization and his substructures.IDENTIFICATION OF DOCUMENTS
Any document (internal or external) must be identified somehow. Any internal document must have a name, serial number, catalogue number or whatever. Somehow to define it. The ISO 13485 standard requires that you maintain a method to achieve identification. The identification must include the numbering, coding or however you decided to identify it. But it is required to document the method. You must also include location of documents. How one can trace the document. for example customer's files are scanned to the computer or stored in some closet. The final purpose of all this is to achieve control of the documents - any employee, once he looks at a document or trying to trace a document, would know where to approach: a department, a process, some function or any kind of identification relevant to your organization.
If we look again at process management systems, then it is much simpler. Any document in those systems is identified by a number of some kind, produced by the system. The number is given according to some internal method. In this case you must not document this method but mention it in the procedure that these specific documents are managed.
In case there are documents that are manually managed you must document the method.
All this also applies for external documents. Any documentation that arrives from outside (with presumption that it is a document as defined) is included in the ISO 9001 standard requirement. In this case you must specify what is to do with these documents and where one can trace them in the hour of need. For example, where to file the documents. Again, you define the method according to your organization's nature. DOCUMENTS REMOVAL
You must define a method for documents removal for any reason: unupdated, out of use, etc. the method must include what is it to do with the document and who is responsible, once it is out of use. For example, removing old documents from the organization's server for no further use or removing old forms from the offices that no one would use them again. Some of this things sound trivial and they are, but still this is a ISO 13485standard requirement.. ISO 13485 Vs. ISO 9001 First additional requirement of the ISO 13485 is that documents shall be reviewed before they are approved. It means that the documents control procedure must define a review process: - Which documents are required to be reviewed
- What is required to review on the document
This requirement ensures that every change on any document is controlled: first reviewed and then approved. The responsibility and authorization for documents review and approval may be documented on the Job description. This is not a requirement but our recommendation and our recommendation usually work. Next additional requirement refer to validation time. Validation time is required to last as long as the medical device. Through this requirement, if, at any given time in the future, you would have to make inquiries or interrogations regarding the product, you would have all the documents at hand. In any case, the validation time won't be less than what is required within the regulatory requirements concerning the medical device. When any regional or local regulation requires preserving documents for a defined period of time, this requirement is the head requirement. Please review the next table. It specifies the ISO 13485 documentation requirements for procedures: | Clause | Description
| Document Type
| 4.2.2
| Quality manual
| Manual
| 4.2.3
| Control of documents
| Procedure
| 4.2.4
| Control of records
| Procedure
| 7.3.1
| Design & development planning
| Procedure
| 7.4.1
| Purchasing process
| Procedure
| 7.5.1.2.3
| Servicing activities
| Procedure
| 7.5.2.1
| Validation of computer software
| Procedure
| 7.5.2.2
| Validation of sterile processes
| Procedure
| 7.5.3.1
| Product identification
| Procedure
| 7.5.3.1
| Returned product identification
| Procedure
| 7.5.3.2.1
| Product traceability
| Procedure
| 7.5.5
| Preservation of product (processing)
| Procedure
| 7.5.5
| Preservation of product (shelf-life)
| Procedure
| 7.6
| Control of monitoring & measuring devices
| Procedure
| 8.2.1
| Feedback system
| Procedure
| 8.2.2
| Internal audits
| Procedure
| 8.3
| Control of nonconforming product
| Procedure
| 8.4
| Analysis of data
| Procedure
| 8.5.1
| Issue & implementation of advisory notices
| Procedure
| 8.5.2
| Corrective action
| Procedure
| 8.5.3
| Preventive action
| Procedure
|
We saved you a lot of troubles with this table. As you probably have noticed, there is a big difference between the ISO 13485 and the ISO 9001. Surprised? Wait until you read the article about the ISO 13485 control of records requirements ... aaa aaa |
