The video provided below shows you exactly what you will receive when you purchase our Control of Records Procedure (SYS-002).
Control of Records Procedure
The purpose of this procedure is to ensure that records and data within your quality management system are controlled in such a way that they remain legible, readily identifiable, and retrievable for at least as long as is required by regulatory requirements and your business needs. The version of the control of records procedure that is displayed in the video above has actually been updated. We now include color-coded cross-references to the specific clauses in the ISO 13485:2016 standard and Regulation (EU) 2017/745. This is to help auditors quickly find where the applicable requirements are in the procedure.
This procedure is updated for ISO 13485:2016, and the following is a list of documents included:
- SYS-002 A, Control of Records Procedure
- FRM-003 A, Record Destruction Form
We are also including a training webinar explaining the Good Documentation Practices (GDP-101), and the native presentation slide deck, and we provide an exam (i.e., a 10-question quiz) to verify training effectiveness. If you submit the completed exam to us by email in the native MS Word format, we will correct the exam and email you a training certificate with your corrected exam.
- Record retention requirement of 10 years for the new EU Medical Device Regulation in Article 10(8)
- Identified where the content of medical device files is defined
- Added new requirements related to the protection of confidential health information (i.e., HIPPA and GDPR)
- Added new requirements related to deterioration and loss of documents.
Please note: This product will be delivered to the email address provided in the shopping cart transaction. After the transaction is verified, please check your email for the download. To view all available procedures click here.
Training on the requirements for Control of Records
In addition to a procedure for control of records, you also need to train employees on good documentation practices. Initially, I created a webinar called “GDP 101” that combined control of documents, control of records, and training. Several people recommended that the webinar be revised to focus on the control of records. New webinars will be recorded each week to explain the updates to each procedure and to ensure that there is a training webinar for each procedure.
Three Generic Updates to Control of Records Procedure (SYS-002)
When you update a procedure, you need to do more than change the reference to the version of ISO 13485. For all procedures, I recommend that you make three general improvements:
- identify a risk-based approach for that procedure,
- identify methods for documenting training effectiveness and competency, and
- verify that you have updated the procedure to address regulatory requirements.
In the case of control of records, the most important records should have more rigorous controls and more frequent monitoring of record control to ensure it is effective. For example, the following critical records are frequently sampled by FDA inspectors and should be carefully stored, organized, and monitored:
- Adverse Event Reports
- Nonconforming Material Records
- Design History Files
- Training Records
FDA inspectors are not permitted to review records of your management reviews, internal audit records, and supplier records. However, all three records will be sampled by certification bodies, and therefore these three records exempt from the requirements of 21 CFR 820.180 should also be a priority for risk-based control of records.
To address the third of the generic procedural updates, you should be aware that the new EU Medical Device Regulations are expected to increase the required record retention period for non-implant devices from 5 years to 10 years. Implants are expected to remain at 15 years.
Three Procedure-Specific Updates
In addition to the generic procedural updates, three changes in the Standard are specific to the control of records. First, in the section for control of documents (renumbered as Clause 4.2.4), there is now a requirement to prevent the deterioration and loss of documents.
Second, there is now a requirement in Clause 7.3.10 for maintaining design and development files for devices. This may have previously been addressed as a requirement to meet the FDA requirements for maintaining a Design History File (DHF), but not all ISO 13485-certified companies sell a product in the USA.
Third, there is a new requirement related to the protection of confidential health information, such as the information gathered during complaint investigations and clinical studies. Many companies refer to this as HIPAA compliance.
About the Author
Rob has 20+ years of experience in the medical device industry and another 10 years of experience in biotech manufacturing validation and scale-up. He is a UConn graduate in Chemical Engineering. He was Director of Quality and Regulatory Affairs at four different medical device start-ups, and in 2004 he was co-founder and President/CEO of a laparoscopic imaging company. His quality management system expertise covers all aspects of developing, training, implementing, and maintaining ISO 13485 and ISO 14971 certifications. From 2009-2012, he was a lead auditor and instructor for BSI–one of the largest Notified Bodies in Europe. Today Rob is co-founder and President of Medical Device Academy, a full-service quality and regulatory consulting firm that specializes in helping start-up medtech companies get their first device or IVD product to market. The most favorite part of his job is training others. He can be reached via phone at 802.258.1881 or by email. You can also follow him on Google+, LinkedIn or Twitter.