Directly related to document control, I will now discuss record control requirements. The ISO 13485 Standard requires a definition of what records are included in the quality management system and how they are controlled.
Extent, scope, and size of records
The term records refers to the data and information, and the media on which they are contained, necessary for the planning and operation of the QMS and for the realization of the medical device in all its life-cycle phases (from development until disposal). This data and information come from many sources in the organization or other relevant parties (regulatory bodies, third parties like suppliers, or customers and patients). This data and information are needed to demonstrate conformance to product requirements, to the ISO 13485 Standard, and applicable regulatory requirements. Records have two objectives:
- Provision of evidence of conformity to requirements
- Provision of evidence of effective operation of the quality management system
In the book ISO 13485:2016 A Complete Guide to Quality Management in the Medical Device Industry – I provide a complete list of records that are required to be managed by the ISO 13485:2016 Standard.
Life-cycle of a record
The life-cycle of a record refers to the stages a record goes through from creation to disposal. Suggested phases in the life-cycle of a record:
- Creation—The record is created.
- Storing—The record is stored.
- Use—The record is being viewed, used, or processed.
- Copy—The record will be copied or multiplied.
- Modification—The record is modified.
- Archiving—The record is being archived and will not be used.
- Deletion—The record will be deleted.
A documented procedure for the method of controlling records
The ISO 13485 Standard demands a method for controlling records that serves the organization for the purpose of effective planning, operations, performance, and control of processes. In clause 4.2.1, we were given the requirements for the different types of records that will support our quality management system. Now it is required to define a method for controlling them. The method will refer to any kind of media on which the records are maintained: paper printed, magnetic, or electronic. The method will be documented as a procedure. I am used to naming this procedure “records control.” In practice, all the requirements and techniques that are mentioned in this section (4.2.5) will be included in the procedure. This procedure will be submitted to the control documents as required in clause 4.2.4—Control of documents. One method for supporting the requirements effectively is by defining and creating charts or tables for describing the different characteristics of the records.
Standard requirements for records
The ISO 13485:2016 Standard requires maintenance of specific records in addition to those that prove conformity and effectiveness. These records will be submitted to the record control activities just like any other
records. n the book ISO 13485:2016 A Complete Guide to Quality Management in the Medical Device Industry – I provide a complete list of records that are required to be managed by the ISO 13485:2016 Standard. True, the standard basically indicates in each clause where records are expected (with the wording “see 4.2.5”: any clause that ends with that note means that you must maintain a record), but there are many requirements in the standard where records are expected without the wording “see 4.2.5.”
Attribution of Records to Users of the QMS
Attributing the record to the user of the QMS that produced it is important to the ISO 13485 Standard, documenting on a record who performed the activity. As stated before, a record is evidence of performance. Each record must have the identity of the person who filled it or at least the function that is responsible for it. For example, each ERP
entry saves information like
- Username of the user who created the entry
- Date when the record was created (normally a timestamp)
- The username of the user who last changed the entry
- Date when the record was last changed (normally a timestamp)
Regulatory requirements for records
When regulations require the implementation of certain controls of records, they should be planned, established, implemented, and maintained. For example, implementing certain systems form managing records, managing validation results of sterilization processes, or handling health records of users or patients. The ISO 13485 Standard gives such regulatory requirements the same scale as any standard requirement for records when it relates to the realization and the use of the medical device. In practice, you must identify such requirements and include them in the list of controlled records.
Device history record
The device history record is a system that is generally required by the FDA (Sec. 820.184—Device history record, to be exact) that suggests a method for managing records related to the realization of the medical device. It is not an ISO
13485 Standard requirement, but I find this method very effective and can recommend its implementation.
The device history record (DHR) is a file containing records concerning the realization processes of a specific model or version of a medical device. These are the records that prove conformity to the requirements and specifications and demonstrate the effectiveness of the realization processes: certifications of materials, quality test reports, and delivery notices. The DHR method and content will be planned according to the characteristics of the medical device and its realization processes.
Audit trial
Another method for managing and tracking changes of records is the setting of an audit trail. An audit trail is a system that allows reconstruction of the course of events relating to the life-cycle of a record—from the creation to modification, archiving, or disposal of a record. The audit trail system manages metadata over one record and has the ability to save a record throughout its life-cycle from its original state to its present state. Each action that was performed to a record is documented. Therefore, the audit trail enables the user to monitor and control changes in records used by the QMS by collecting data regarding the change that was carried out: date and time, who performed the change, and in which context, and the system saves the old value before the change. An audit trail facilitates tracing and retrieval of a record along its life-cycle.
This webpage contains only a fragment of the chapter 4 – Quality management system from the book:ISO 13485:2016: A Complete Guide to Quality Management in the Medical Device Industry, Second Edition published by:
Comments are closed.