Control of Records Procedure (SYS-002)

The video provided below shows you exactly what you will receive when you purchase our Control of Records Procedure (SYS-002).

Your cart is empty

Control of Records Procedure

The purpose of this procedure is to ensure that records and data within your quality management system are controlled in such a way that they remain legible, readily identifiable, and retrievable for at least as long as is required by regulatory requirements and your business needs. The version of the control of records procedure that is displayed in the video above has actually been updated. We now include color-coded cross-references to the specific clauses in the ISO 13485:2016 standard and Regulation (EU) 2017/745. This is to help auditors quickly find where the applicable requirements are in the procedure.

Control of Records Procedure Control of Records Procedure (SYS 002)
SYS-002 - Control of Records Procedure, Webinar and Exam Bundle
The Control of Records Procedure Bundle includes our procedure for Control of Records, and form for documenting destruction of records. The bundle includes a new webinar explaining how to review, edit, and implement your procedure for control of records. You will also receive a link to download our slide deck and webinar recording on good documentation practices. We also provide a 10 question quiz on good documentation practices and a training certificate when you complete the quiz and submit it to Medical Device Academy for grading.
Price: $299.00

Please note: This product will be delivered to the email address provided in the shopping cart transaction. After the transaction is verified, please check your email for the download. To view all available procedures click here.

When is the live webinar on how to implement the Control of Records Procedure?

The Control of Records Procedure webinar will be hosted on August 19, 2024 @ 10:30 a.m. ET. The webinar will be hosted live on our YouTube Channel and LinkedIn page via Streamyard. You will receive login instructions if you purchased the Control of Records Procedure prior to the scheduled live webinar. The webinar will also be recorded. You will be able to download the webinar from our Dropbox folder and watch the webinar as many times as needed–including the training of future employees.

What is included in the purchase of the Control of Records Procedure?

This procedure is updated for ISO 13485:2016, and the following is a list of documents included:

  • SYS-002, Control of Records Procedure
  • FRM-003, Record Destruction Form
  • Native Slide Deck for Webinar on how to review, edit, and implement the procedure
  • Login information for the Live Webinar (if purchased before August 19, 2024)
  • Link to a recording that you can download (after August 19, 2024)

We are also including an on-demand training webinar explaining the Good Documentation Practices (GDP-101), and the native presentation slide deck, and we provide an exam (i.e., a 10-question quiz) to verify training effectiveness. If you submit the completed exam to us by email in the native MS Word format, we will correct the exam and email you a training certificate with your corrected exam.

Updates to this procedure for ISO 13485:2016 and Regulation (EU) 2017/745 include the following:

  • Record retention requirement of 10 years for the new EU Medical Device Regulation in Article 10(8)
  • Identified where the content of medical device files is defined
  • Added new requirements related to the protection of confidential health information (i.e., HIPPA and GDPR)
  • Added new requirements related to deterioration and loss of documents.

VA File Storage Control of Records Procedure (SYS 002)

Training on the requirements for Control of Records

In addition to a procedure for control of records, you also need to train employees on good documentation practices. Initially, I created a webinar called “GDP 101” that combined control of documents, control of records, and training. Several people recommended that the webinar be revised to focus on the control of records. New webinars will be recorded each week to explain the updates to each procedure and to ensure that there is a training webinar for each procedure.

Three Generic Updates to Control of Records Procedure (SYS-002)

When you update a procedure, you need to do more than change the reference to the version of ISO 13485. For all procedures, I recommend that you make three general improvements:

  1. identify a risk-based approach for that procedure,
  2. identify methods for documenting training effectiveness and competency, and
  3. verify that you have updated the procedure to address regulatory requirements.

In the case of control of records, the most important records should have more rigorous controls and more frequent monitoring of record control to ensure it is effective. For example, the following critical records are frequently sampled by FDA inspectors and should be carefully stored, organized, and monitored:

  • CAPAs
  • Complaints
  • Adverse Event Reports
  • Recalls
  • Nonconforming Material Records
  • Design History Files
  • Training Records

FDA inspectors are not permitted to review records of your management reviews, internal audit records, and supplier records. However, all three records will be sampled by certification bodies, and therefore these three records exempt from the requirements of 21 CFR 820.180 should also be a priority for risk-based control of records.

To address the third of the generic procedural updates, you should be aware that the new EU Medical Device Regulations are expected to increase the required record retention period for non-implant devices from 5 years to 10 years. Implants are expected to remain at 15 years.

Three Procedure-Specific Updates

In addition to the generic procedural updates, three changes in the Standard are specific to the control of records. First, in the section for control of documents (renumbered as Clause 4.2.4), there is now a requirement to prevent the deterioration and loss of documents.

Second, there is now a requirement in Clause 7.3.10 for maintaining design and development files for devices. This may have previously been addressed as a requirement to meet the FDA requirements for maintaining a Design History File (DHF), but not all ISO 13485-certified companies sell a product in the USA.

Third, there is a new requirement related to the protection of confidential health information, such as the information gathered during complaint investigations and clinical studies. Many companies refer to this as HIPAA compliance.

About Your Instructor

Winter in VT 2024 150x150 Control of Records Procedure (SYS 002)

Rob Packard is a regulatory consultant with ~25 years of experience in the medical device, pharmaceutical, and biotechnology industries. He is a graduate of UConn in Chemical Engineering. Rob was a senior manager at several medical device companies—including the President/CEO of a laparoscopic imaging company. His Quality Management System expertise covers all aspects of developing, training, implementing, and maintaining ISO 13485 and ISO 14971 certifications. From 2009 to 2012, he was a lead auditor and instructor for one of the largest Notified Bodies. Rob’s specialty is regulatory submissions for high-risk medical devices, such as implants and drug/device combination products for CE marking applications, Canadian medical device applications, and 510k submissions. The most favorite part of his job is training others. He can be reached via phone at +1.802.281.4381 or by email. You can also follow him on YouTubeLinkedIn, or Twitter.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top