Control of Records Procedure (SYS-002)

The video provided below shows you exactly what you will receive when you purchase our Control of Records Procedure (SYS-002).

Your cart is empty

Control of Records Procedure

The purpose of this procedure is to ensure that records and data within your quality management system are controlled in such a way that they remain legible, readily identifiable, and retrievable for at least as long as is required by regulatory requirements and your business needs. The version of the control of records procedure that is displayed in the video above has actually been updated. We now include color-coded cross-references to the specific clauses in the ISO 13485:2016 standard and Regulation (EU) 2017/745. This is to help auditors quickly find where the applicable requirements are in the procedure.


This procedure is updated for ISO 13485:2016, and the following is a list of documents included:

  • SYS-002 A, Control of Records Procedure
  • FRM-003 A, Record Destruction Form

We are also including a training webinar explaining the Good Documentation Practices (GDP-101), and the native presentation slide deck, and we provide an exam (i.e., a 10-question quiz) to verify training effectiveness. If you submit the completed exam to us by email in the native MS Word format, we will correct the exam and email you a training certificate with your corrected exam.

Control of Records Procedure Control of Records Procedure (SYS 002)
SYS-002 - Control of Records Procedure, Webinar and Exam Bundle
SYS-002, Control of Records Procedure Bundle; This training includes our procedure for Control of Records, and form for documenting destruction of records. You will also receive a link to download our slide deck and webinar recording on good documentation practices. We also provide a 10 question quiz on good documentation practices and a training certificate when you complete the quiz and submit it to Medical Device Academy for grading.
Price: $299.00

Updates to this procedure for ISO 13485:2016 and Regulation (EU) 2017/745 include the following:

  • Record retention requirement of 10 years for the new EU Medical Device Regulation in Article 10(8)
  • Identified where the content of medical device files is defined
  • Added new requirements related to the protection of confidential health information (i.e., HIPPA and GDPR)
  • Added new requirements related to deterioration and loss of documents.

Please note: This product will be delivered to the email address provided in the shopping cart transaction. After the transaction is verified, please check your email for the download. To view all available procedures click here.

VA File Storage Control of Records Procedure (SYS 002)

Training on the requirements for Control of Records

In addition to a procedure for control of records, you also need to train employees on good documentation practices. Initially, I created a webinar called “GDP 101” that combined control of documents, control of records, and training. Several people recommended that the webinar be revised to focus on the control of records. New webinars will be recorded each week to explain the updates to each procedure and to ensure that there is a training webinar for each procedure.

Three Generic Updates to Control of Records Procedure (SYS-002)

When you update a procedure, you need to do more than change the reference to the version of ISO 13485. For all procedures, I recommend that you make three general improvements:

  1. identify a risk-based approach for that procedure,
  2. identify methods for documenting training effectiveness and competency, and
  3. verify that you have updated the procedure to address regulatory requirements.

In the case of control of records, the most important records should have more rigorous controls and more frequent monitoring of record control to ensure it is effective. For example, the following critical records are frequently sampled by FDA inspectors and should be carefully stored, organized, and monitored:

  • CAPAs
  • Complaints
  • Adverse Event Reports
  • Recalls
  • Nonconforming Material Records
  • Design History Files
  • Training Records

FDA inspectors are not permitted to review records of your management reviews, internal audit records, and supplier records. However, all three records will be sampled by certification bodies, and therefore these three records exempt from the requirements of 21 CFR 820.180 should also be a priority for risk-based control of records.

To address the third of the generic procedural updates, you should be aware that the new EU Medical Device Regulations are expected to increase the required record retention period for non-implant devices from 5 years to 10 years. Implants are expected to remain at 15 years.

Three Procedure-Specific Updates

In addition to the generic procedural updates, three changes in the Standard are specific to the control of records. First, in the section for control of documents (renumbered as Clause 4.2.4), there is now a requirement to prevent the deterioration and loss of documents.

Second, there is now a requirement in Clause 7.3.10 for maintaining design and development files for devices. This may have previously been addressed as a requirement to meet the FDA requirements for maintaining a Design History File (DHF), but not all ISO 13485-certified companies sell a product in the USA.

Third, there is a new requirement related to the protection of confidential health information, such as the information gathered during complaint investigations and clinical studies. Many companies refer to this as HIPAA compliance.

About the Author

Home page video cropped 150x150 Control of Records Procedure (SYS 002)Rob has 20+ years of experience in the medical device industry and another 10 years of experience in biotech manufacturing validation and scale-up. He is a UConn graduate in Chemical Engineering. He was Director of Quality and Regulatory Affairs at four different medical device start-ups, and in 2004 he was co-founder and President/CEO of a laparoscopic imaging company. His quality management system expertise covers all aspects of developing, training, implementing, and maintaining ISO 13485 and ISO 14971 certifications. From 2009-2012, he was a lead auditor and instructor for BSI–one of the largest Notified Bodies in Europe. Today Rob is co-founder and President of Medical Device Academy, a full-service quality and regulatory consulting firm that specializes in helping start-up medtech companies get their first device or IVD product to market. The most favorite part of his job is training others. He can be reached via phone at 802.258.1881 or by email. You can also follow him on Google+LinkedIn or Twitter.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top