Get 4 FREE months of Conformio to implement ISO 27001

Common mistakes with ISO 13485:2016 documentation control and how to avoid them

Documentation control is the first task that most people would prepare for before an upcoming audit. Prior to an audit, we would ensure that any changes made to the work procedures are updated, review the Quality Manual and Quality Management System documents, and ensure that each process owner is aware of their roles and responsibilities. This is an ecosystem that forms the fundamentals of good documentation control.

According to Section 4.2.4 (Control of documentation) of ISO 13485:2016, documents required by the Quality Management System (QMS) should be maintained and controlled to ensure their usability, effectiveness, and adequacy for operation. The organization should archive the documents, based on the projected useful life of the medical device or according to national regulatory requirements – whichever is the longest. ISO 13485:2016 requires that documentation related to the manufacture or testing of a medical device must be retained for the lifetime of the device, but not less than two years after distribution of the device. The retention period must also meet the requirements of the regulatory authorities of the countries in which the device is distributed. It is important to adopt a risk-based approach when you make changes to the work procedures, the Quality Manual, and other related documents that might affect the Quality Management System. For more information on document requirements, see this article on How to meet ISO 13485:2016 requirements for medical device files.


What are the common mistakes when implementing Section 4.2.4?

Today, we are going to discuss three common mistakes people make when working on this section of ISO 13485, as highlighted below:

1) Documents are used without prior approval and review – The consequence is that people do not follow the correct procedures to perform their daily work. For example, people make changes to the prescribed procedure when they perform a task. As a result, they use a procedure that is not updated in the approved work instructions. To avoid the above scenario, it is recommended to perform a routine check on the status of procedures as documented in the system, as compared to the actual procedure that is carried out. In addition, instead of using paper copies, each work station could have a computer screen that is tied into the document control center so that only the current work instruction could be called up. This needs to be done so that there is no discrepancy between what is executed and what is written. It can also help in identifying gaps and improvement opportunities within the existing procedures in the Quality Management System.
2) No defined controls to prevent unintended use of outdated documents – If the organization does not perform archiving on a regular basis, that will lead to the unintended use of incorrect procedures to execute the task. We can take simple steps, such as creating a folder in the common drive to store the outdated documents on a regular basis, and restricting the access only to the process owner or administrator. Alternatively, we can rename each document so that the title includes the version number and the date of our changes. That way, it would be much easier to identify the current document for use.

To find out what documents are mandatory in ISO 13485:2016, check this article: List of mandatory documents required by ISO 13485:2016.

3) No tracking of revision status and changes of documents – In companies where there is a central documentation control department, individual departments tend to take less responsibility over their own processes. They depend on the document controller to update the changes for them. However, in such a scenario, during an audit, the process owners are not able to explain the changes. The recommendation would be to keep a Master Control List with details about the current version of the document, effective date, changes that have been made, and validity of the documents. This is important to provide an overview for tracking purposes. In addition, it is also recommended to conduct a monthly meeting with the Central Documentation Department. This should be done to review the current version of the documents with the Master Control List to avoid discrepancies. That way, the company will be a step closer to being in compliance with the standard.

What are the benefits from good documentation practice?

Do remember that everything discussed in this article could also extend to the maintenance of records. It’s always a good practice to track changes using a Master Control List, and conduct regular reviews of existing procedures for compliance and improvement opportunities with the process owners. Also, regular meetings will help you to discuss the effectiveness of the current Quality Management System.  By doing so, you can enhance your documentation system and improve operational workflow. This could also be a good way to identify any potential improvements or feedback during the internal audit or management review.

Download this free Checklist of Mandatory Documentation Required by ISO 13485:2016 to see the structure of documents necessary for ISO 13485:2016.