ISO 13485 Standard - 4.2.4 Control of Records E-mail
ISO 13485 control of Records
Directly related to document control, I will now discuss record control requirements. The ISO 13485 Standard requires definition of what records are included in the quality management system and how they are controlled.

Relationship between Records and the Quality Management System

Why is it so important to define which records to control? Letís presume that tomorrow morning a customer complains about a medical deviceólet us hope that it will never happen. In order to examine the case thoroughly, the records must be approached and investigated. Then, and only then, can the true story about the medical device be found. In other words, the documentation is the statement of defense (and let us hope that we will never have to use it). But, if tomorrow morning we find ourselves in a certain situation or if any question arises, the records will be our savior.

Documented Procedure

A documented procedure defining the control of the records is required. The procedure will describe the methods, activities, and technologies used to implement the control of the records and the required evidence. The procedure will be submitted to the document control process in the organization as required in subclause 4.2.3 (Control of Documents).

Type of Records

A record is evidence of performing a process or activity or an output of a process. According to the standard, records will serve two main purposes:

  • Verification of execution. Records are used to prove conformity to requirements or specifications. A procedure, specification, or other documented requirement demands the execution of a process or activity. With records it is possible to verify that it was done according to the specification: time, sequence, responsibility, and activities.
  • Evaluation of effectiveness. With the records one can review the effectiveness of an activity and appraise the results against criteria.

Examples for records and evidence related to the effectiveness of the quality management system may include:

  • Changes and justifications for the changes
  • Project estimations regarding the objectives of the project
  • Meeting summaries

Such records provide evidence that objectives were (or were not) met. Records are logically the last level of your documentations in your quality management system and relate to processes, procedures, work instructions, specifications, and plans. Each of the above is assigned to a function or a role that is responsible for it. This is a standard requirement. So why not records as well? Although the standard does not require a responsible party to be assigned to a record, this is recommended.
Issues that may be covered with records include records of processes, purchasing, regulatory requirements, and customerís records.

Retention Time

The ISO 13485 Standard requires retaining records as long as the lifetime of the medical device and in any case not less than two years from the date the product was delivered, or other period required by any applicable regulatory requirement. Once again I have prepared a visual example in order to explain it. Let us assume:
The defined lifetime of the medical device is one year after it has been delivered.
ISO 13485 Standard requirement: The organization is required to retain records referring to the medical device for at least two years after the delivery.
Regulatory requirement: The organization is required to retain records referring to the medical device for at least four years after the delivery.
So, on one beautiful morning the organization delivers the medical device and the count begins. Refer to the timeline (Figure 4.6). Let us analyze the various time indications:

ISO 13485 Retention time of Records

A. The organization is not allowed to dispose of any records referring to the medical deviceóthe medical device is still valid and functions.
B. The organization is not allowed to dispose of the records referring to the medical deviceóit has not been two years since the delivery date (standard requirement).
C. The organization is not allowed to dispose of the records referring to the medical device. True, the lifetime of the medical device has terminated, but it has not yet been two years and there is a regulatory requirement that demands records are kept for at least four years.
D. The organization is not allowed to dispose of the records referring to the medical device. It has been two years but there is a regulatory requirement that demands records are kept for at least four years.
E. The organization is allowed to dispose of the records

This webpage contains only a fragment of the chapter 4.2.4 Control of Records from the book: ISO 13485: A Complete Guide to Quality Management in the Medical Device Industry published by:

CRC Press

You may purchase the book through:

Amazon

Complete Guide to Quality Management in the Medical Device Industry

Feel free to submit any question or inquiry regarding the standard or its requirements through the Contact Us Page.

 
Copyright © 2018 13485quality. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.