There are several levels you need to consider.
A generic level stating the conclusion of whether the final product passed (in any way), or failed. If passing, in what way: normal conformance, conformance after rework, or release under concession that requirements are met though specifications are deviated from. This will include the specific lot number/serial number/UDI assigned to the produced device, as well as any manufacturing and/or expiration date.
A specific level of which DMR, and which specific version of that DMR, was used. If rework was applied, what was it, who did it, when was it done?
A detailed level, stating which lot numbers/serial numbers of components were used, and which measurement value results were obtained (as ascertained by demonstrably calibrated measurement devices) and compared to the specified values in the DMR . It might also state the non-measuring equipment used, as this might be a differentiating factor when you have a quality event.
A circumstantial level regarding control. Were the environments it was created within in control in accordance with the environments specified as necessary according to validation? E.g. Cleanroom, ESD, etc. Were the validated processes set up and run within the specified parameter envelope (e.g. sealing, sterilization)? Was all equipment used in good order?
Depending on which products you make and where you distribute them you can be required to go that deep to meet traceability and risk control requirements. Note the difference between conclusions, and the results that underlie those conclusions.
We have a paper production order composited to select a set of partnumbers and documents to execute, and for certain documents forms attached that must be filled in. Crucial in this is also registration of the time certain activities are executed. The completion of those is the bulk of the Device History Record demonstrating compliance to most of the DMR (b.-f. of the "Medical Device File"). It will be supplemented by parameter logs, which coupled with the timing of activities can evidence the presence in a controlled enviroment as well as the use of validated processes/equipment in the proper state. Such parameter logs can be paper logbooks with the settings used, or (validated) digital monitoring systems.
It is further amended by installation and service records, which are part of the DHR as it is a device whose long-term quality is further controlled by installation and maintenance.
This set of records is described to be the full DHR demonstrating compliance to a full DMR for any one (homogenous set of) device(s) in a procedure.
We store the paper records on-site for a year, but do not yet scan them by default. We often wish we had if something went wrong. However, the use of an ERP means being able to more simply bound which paper records need to be inspected when issues occur.
Additionally you might encounter a 'license to operate' thing, if you have risk controls you are covering with training requirements on users (service technicians, operators).
These are generally no longer regarded as part of the DHR, but they should be part of investigations for complaints and events and fit best with the DHR review part of such investigations.
We are currently in transition to a digital system, but it should cover just about the same things as written above. My colleague notes that an important early thing to do is to include validation of traceability and IT system audit logs because you might still need to make corrections (don't assume the machine is always correct), as well as setting/imposing requirements on date formats if you're international (US vs international) because it might mess with any data analysis you want to rely on.
