We are a small medical device manufacturer, with a quality system operating primarily under ISO 13485 with future plans to operate under FDA quality requirements. We are using a paper document control system and have historically approved a separate specification document for every component or material used in a product. Recently, however, we have considered the possibility that there are many cases where this creation of separate approved documents might be overkill.
In particular, the details regarding the components on a PCB, or raw materials used on a molded, cut or machined part, are often only actually used in practice to the extent that the make and model are communicated to the CM as inputs to the process of creating the PCB assembly or custom part. The proposal we are entertaining is that the make and model can simply be defined on the drawing or BOM of the assembly where it is used (in cases where that is sufficient information), so that the parent assembly is the only controlled specification document.
Appreciate your thoughts on the matter. Thanks.
In particular, the details regarding the components on a PCB, or raw materials used on a molded, cut or machined part, are often only actually used in practice to the extent that the make and model are communicated to the CM as inputs to the process of creating the PCB assembly or custom part. The proposal we are entertaining is that the make and model can simply be defined on the drawing or BOM of the assembly where it is used (in cases where that is sufficient information), so that the parent assembly is the only controlled specification document.
- Do you feel that this is adequate to meet ISO 13485 and FDA requirements (assuming a company policy exists to verify that the correct product is received)? Is it perhaps already an accepted practice?
- If this approach is used where the CM manages purchasing and receiving, does the parent assembly specification (or contract?) need to require that the CM verify the input components and materials on receiving inspection? Or would that only apply if the CM isn't itself certified to 13485 or 9001?
Appreciate your thoughts on the matter. Thanks.