ISO 13485 Standard - 4.2.3 Control of Documents E-mail
ISO 13485 control of docuements
Documents must be controlled. This is a key element of a quality management system. In order to achieve document control, a method must be maintained. The main idea is to provide control over the documents under the quality management system and to eliminate any confusions and mixups of different documents from different sources. This method must be one of the organization’s quality procedures

A Documented Method

The standard demands a method for controlling the documentation that serves the organization for the purpose of effective planning, operations, performance, and control of processes. In subclause 4.2.1 we were given the requirements for the different types of documentation that will support our quality management system. Now it is required to define a method for controlling them. The method will refer to any kind of media: paper printed, magnetic, electronic, or models. The method will be documented as a procedure. I am used to naming this procedure: document control. I wonder why??? This procedure will be submitted to its own control as required in subclause 4.2.3 (Control or Documents). Since the topic of controlling your documents refers to a lot of different types and kinds of documents with various characters, I recommend managing the controls using tables. In addition to description of activities, the definitions regarding the documents will be charted on tables according to the issues that the method will cover: table of updates, table of distribution, table of editions, table of revisions, table of changes, table of control, etc. Throughout the chapter, I provide you with some examples.

Definition of Document

The organization needs to distinguish between documents that will be controlled and documents that will not be included under the QMS. I suggest you define which documents will be included in your quality management system and will be controlled by this method and procedure. In order not to have too many documents “swirling” around, let’s clarify. Allow me to define what a document is:

  • Plans, requirements, or specifications for realization or activities
  • Input for a process
  • Communication of information
  • Sharing of knowledge, information, or data

Unlike a record that is considered as evidence for performance of a process and records the output of a process, the document presents a specification or input for a process. Types of documents in an organization include: diagrams, drawings, process charts, technical specifications, product plans, DMR, quality plans, forms, checklists, routing cards, customer’s specifications, manufacturing specifications, process flow diagrams, production plans, standard procedures, quality work procedures, bills of materials, computer files, instructions, test instructions, test protocols, agreements with suppliers, approved lists of suppliers, material specifications, regulations or directives, assembly plans, internal audit plans, corrective action forms, reports of nonconformity, and international standards.
The method will relate to external documents as well. External documents will be distinguished, registered, and controlled. The method shall first identify these external documents that are part of the realization processes of the product and thus require control, for example, a drawing or product received from a customer. This is a classic external document that must be controlled for edition or revision. Examples of external documents may be drawings, packaging instructions, diagrams of production tools, quality requirements, design files, and customer’s approvals or agreements. External documents include regulatory requirements. It is necessary to verify that the updated edition of the regulations is available.
I suggest a table that will specify all the documents under the QMS. The fields of the table are:

  • Identification number
  • Description or name
  • Relevant process/relevant department
  • Responsible for review
  • Responsible for approval
  • Media
  • Location
  • Internal/external
  • Other characteristics such as public or classified
Approval and Release of Documents

Each document used by the organization must be supervised, reviewed, and approved before submission for use. The objective is to ensure that the document was appropriately designed, is suitable for working, and will assist the organization in meeting the medical device objectives as well as regulatory requirements. For each document the role, function, or authority that reviews, approves, and releases it will be defined. The definition will be in the procedure. The function or authority that reviews and approves the document must have some degree of relevancy to the document and the related activity. The standard specifically demands the following:

  • The function or person that designed or planned the document
  • Other function or person relevant to the activity of the document

How is relevancy determined? You need to review qualifications, experience, and background of the subject and their relevancy to the activities. This requirement will ensure that documents will be checked by appropriate functions or roles and all important aspects will be accounted for. For example, when you are designing a routing card for a production process, the production manager is responsible for reviewing that all the required fields are on the form and then approving it. But if you are planning a process validation form, there are other parties that would like to share their opinion about it: the development guys and the QA guys. The authority for the review and approval is related to the activities that the document specifies. There are situations when more than one function would need to review and approve the document. This may occur when more than one process will be documented in one document, for example packaging instructions. Then the storage and the production manager will need to discuss the matter and together create the optimal document.


Activities for archiving old documents and obsolete editions will be determined. It is necessary to define what is to be done with old versions that are not updated, how one handles them, and whether they are to be disposed of or archived. Invalid documents that are not disposed of are to be indicated or marked. The mark will ensure beyond any doubt that no one will use them. If you print out several documents and they are now invalid, you have two options: destroy them or mark each one with a stamp. If the documents are saved on the company’s server, an authority will be appointed for deleting or archiving the obsolete ones and replacing them with updated ones. You are responsible for implementing the awareness of this issue throughout the organization. The storage of unupdated documents will be defined. The activities will define the location of the archiving, the retention time, and in which media. Once again I suggest managing a table that describes the archiving parameters for each type of document.

This webpage contains only a fragment of the chapter 4.2.3 Control of Documents from the book: ISO 13485: A Complete Guide to Quality Management in the Medical Device Industry published by:

CRC Press

 You may purchase the book through:



Complete Guide to Quality Management in the Medical Device Industry


Copyright © 2018 13485quality. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.