Documentation control in ISO 13485

Moving to an e-QMS (electronic QMS) solution shall help you with the documentation control, since many of the steps would be automatized and you would need to focus on what really matters rather than caring about versions, changes in the documents, reviews and updates. Your time spent on document control activities will decrease and therefore your document control will be efficient and successful.

The control of documents and records in medical device companies is a crucial aspect of the quality management system, not only because your organization will need to comply with this mandatory requirement but because the documentation control is essential to build the solid foundations of an effective management system and its respective processes.

In this article I will cover the basic elements that any quality management system based on ISO 13485 should follow in order to provide a real high quality to the patients, that are the ultimate recipients of the medical devices.

What is the difference between a document and a record?

Many people struggle with the concepts of “document” and “record” when they start implementing a QMS, so I will clarify these terms before getting deeper into the documentation control activity.

Documents are written information about planning the business processes, therefore they are subjected to be changed and should be changed in order to introduce the necessary improvements. Some examples of documents include the Quality Policy, Quality Manual, Quality Objectives, and any other written Procedure among others.

Records are a type of document with some particularities, because they are created when something has been already done, therefore we could affirm that records are evidences of past events.  On the contrary to documents, records cannot be changed. Records may include training records, customer feedback reports, resign review minutes, and others associated to the organization’s processes such as sterilization records or medical device installation.

Another difference among documents and records is their control. Since documents can be changed, they must be reviewed, approved and updated and the information contained shall be understandable and accessible to the relevant people in your organization. However, records must be not only appropriately identified, but also securely protected since they might contain confidential health information. In addition, to avoid any loss, records must be regularly backed up and disposed when obsolete.

What should be included in the Procedure for the control of documents and records?

According to ISO 13486:2016 the organizations must create a Procedure for the control of internal and external documents that must cover the following elements:

1.      Document review and update

A document review must be performed by the relevant people in the organization and prior the document approval. The use of track changes is a good practice in this activity. In addition, you should make sure that any change will not affect other procedures and if it does, it is communicated to the people involved.

2.      Approval of documents

Authorities should be assigned to every document in order to ensure that the document is adequate and to approve it before their use. This approval can be conducted by signing the document or any other practice stablished by the organization and usually is carried out by the top management of the organization such as CEO.

3.      Revision status and changes

Any revision must be adequately identified by using a specific codification selected by the company and to make sure that the latest version must be available to the users. You can include the history of changes in the document to monitor any change.

4.      Documents available at its point of use

The latest version of a document must be available to where the process is being conducted and to who is performing the activity in particular.

5.      Legibility and readability of documents

Documentation should be easy to read and understand, avoiding complex vocabulary and making documents accessible to anyone involved in the process. A clear example would be work instructions used at the shop floor to conduct a specific process.

6.      Documents of external origin

The organization has to maintain the relevant external documents for the effective planning and appropriate operation of the quality management system. These external documents may include regulatory documents, equipment manuals, international standards, customer specifications, etc. The company needs to make sure that the latest version of the document is available for its use.

7.      Obsolete documents

Ensure that outdated documents are correctly identified and either archived or destroyed to prevent their misuse.  A copy of an obsolete document must be retained for at least the lifetime of the medical device or as stated by the regulatory requirements.

How to structure the documentation?

As we have seen before, the QMS documentation include different types of documents, such as the Quality Manual, Quality Policy, Quality Procedures, work instructions and quality records and this can be represented using the following documentation hierarchy:

Figure 1: Hierarchy of QMS documentation

Level 1: The Quality Manual

The quality manual is a document that provides the documentation structure of the QMS for operating the processes and must include the scope of the management system, the procedures or some reference to them and the interaction between the processes within the QMS.

Level 2: Procedures

A procedure is a written document that describes a process, which is the interacting activities that transform inputs into outputs. Some common procedures in ISO 13485 include the procedure for Design and Development that describes the activities conducted during the D&D process or the Procedure for Production and Service Provision

Level 3: Work Instructions

Work instructions are similar to the procedures but more detailed, for instance they include specific activities that need to be carried out, their sequence and methods used. These work instructions are usually referred in the procedures, but they can also be part of a procedure as well.

Level 4: Forms and records

Records are completed forms, but also minutes of meetings, instruction manuals, etc. and they evidence that a process is being performed as planned according to the procedure or work instructions

Following this hierarchy of documentation can help the organization to achieve a management system with a well stablished structure that will reduce any possible errors and will ease the monitoring of the processes, increasing the overall efficiency of the QMS

Benefits of document control

ISO 13485 requires companies to create numerous documents and records in order to proof that medical device being manufactured is safe enough to be delivered and used by the patient, so the control of the documents will be essential to prevent any error while running the processes or even worse, avoiding any nonconformity in an external audit.

Read More : Advantages and disadvantages of e-QMS in medical device companies