ISO 13485 Documented Data Protection Procedure Requirement

T

theGrod

Hi,

I do not see where a documented procedure is necessary for your document protection system. This is where you show how you back up and safely store electronic files and records. Thoughts please!!

Thanks
 
Ronen E

Ronen E

Problem Solver
Moderator
theGrod said:
Hi,

I do not see where a documented procedure is necessary for your document protection system. This is where you show how you back up and safely store electronic files and records. Thoughts please!!

Thanks
Click to expand...

I believe such issues are addressed by ISO 27001.
 
Y

yodon

Leader
Super Moderator
Since you posted in medical devices (13485), I'll cite the standard where I think it's applicable (I put some text in bold for emphasis):

4.2.3 Control of documents
Documents required by the quality management system shall be controlled. Records are a special type of document and shall be controlled according to the requirements given in 4.2.4.

A documented procedure shall be established to define the controls needed
...
d) to ensure that relevant versions of applicable documents are available at points of use,
e) to ensure that documents remain legible and readily identifiable,

and then...

4.2.4 Control of records
Records shall be established and maintained to provide evidence of conformity to requirements and of the effective operation of the quality management system. Records shall remain legible, readily identifiable, and retrievable. A documented procedure shall be established to define the controls needed for the identification, storage, protection, retrieval, retention time, and disposition of records.

Does it for me!
 
sagai

sagai

Quite Involved in Discussions
My point of view is that iso 13485 does not make distinction between record and document are in paper or in electronic form.
The only requirement (actually I have just recognize in such depth on Yodon's post) is that protection, but I think iso 13485 requires far less strict control than IT Security ISO27001 does.
For ISO13485 I would say in case you ensure the electronic documents and records can not be modified/deleted only with predefined rights/authorities and you ensure during the record retention period data can not be lost (with the application of minimal control), it will be fine.
I do not think for iso13485 you shall backup and archive, that can be a deep water.
br
Sz.
 
Last edited:
You must log in or register to reply here.

Similar threads

D
Validation of Software regarding ISO 13485:2016
2
Replies
12
Views
549
Denzel
D
B
Electronic QMS Documentation
Replies
2
Views
182
bimeri
B
L
EN 13485 - point 4.1.6 vs 7.5.6
Replies
3
Views
182
shimonv
shimonv
K
Format of documents with requirements
Replies
3
Views
353
Jean_B
J
E
Mobile Scooters Require ISO 13485 in Canada
Replies
2
Views
179
ChrisM
ChrisM
Top Bottom