Electronic data Back-up procedure, for Medical device QMS and regulatory purpose.


We are contract manufacturer for several principles and what we assemble goes into USA, Europe, Brazil and other asian countries.
In connection with electronic records and documents back-up to meet the subject requirement, we are a bit stuck in how to establish one such process to meet the intent of the regulation as well as prepare a documented procedure.
Any help with a draft procedure and notes highly appreciated ...


Primarily our medical devices business requirement as a contract manufacturer, not considering the disaster recovery process. This must also be in acceptance with the stated regulatory. The Brazil ANVISA in their document want all documents and records electronically filed to have backups.
I am looking at this as a good documentation and records management practice with a good applied risk assessment.


Super Moderator
A few things to consider:

Establish the backup / retrieval policy. How long do you need to keep backups, how frequently do backups need to occur, etc. Most backup systems do a "delta" backup meaning daily backups are only for things that change. That may mean, to recover a file unchanged for several weeks, you have to do a little digging. Worse, if trying to recover a file that hasn't changed in a year, it's not uncommon to purge backup media over a year old. So you need to consider how frequently full backups occur.

Also consider how backups are done. You can have backup media (e.g., DVDs, portable hard drives, etc.) or you can backup to the 'cloud' now. Obviously, there are privacy concerns with the latter that you may need to consider.

Validate the backup procedure to ensure a) everything is getting backed up properly; and b) it can be retrieved. Sometimes, databases, files in repositories, etc. don't gt backed up for various reasons. Also look at the scope of the backup - are all disks being backed up?

Backups should be stored away from the server in case something catastrophic occurs at the server site, your backup data is presumably safe.

If you're backing up to the cloud, you'll need to determine the level of protection required (physical and logical).

Use your supplier qualification for either selecting an offsite storage site (consider physical security, environmental conditions, etc.) or a cloud service (security, policies, etc.). Note that one advantage with going to the cloud is that you can mirror your data in geographically diverse sites so if there's a major catastrophic event, it's still likely your data can be retrieved from the mirror site.

Those are the things that jump to mind. Maybe others will contribute additional considerations.


All the points that Yodon makes are well put.

Once you have a backup plan in place, including requirements for daily-weekly-monthly-offsite storage, you may want to consider a "disaster rehearsal". The plans can seem complete and comprehensive on paper but perform rather differently when tried in the real world.
Top Bottom