Just wondering if any other companies are in the same situation. In our QMS, we reference a lot of external documents (standards, guidance's, any documents used to develop our SOPs etc) in our SOPs. We give each standard a number and reference that number in our procedures. We dont control the revision of the number (so for example, when a new version of the standard, external document is update, we assign a new number and obsolete the older one). We complete a review of the list every 6 months to ensure currency. We assess the gaps if there are newer versions/revisions released. However, then we have to update all our documents to update the newer reference. As our QMS is developing and with further regulations, this process is getting harder to manage. Just wondering what other companies do to manage this. We tried removing the references from our procedures but regulators have given us findings for not documenting them in the relevant SOPs.
External Referencing and Updates
- Thread starter Regcyc12
- Start date
Elsmar Forum Sponsor
Why do you give each standard a number? it is counterproductive.
Anyways, few suggestions:
1. Minimize the amount of references to external standards, i.e., stay with ISO 13485 when you can.
2. I have seen cases where the SOP just references the"List of applicable standards" instead of specifying each relevant standards.
Anyways, few suggestions:
1. Minimize the amount of references to external standards, i.e., stay with ISO 13485 when you can.
2. I have seen cases where the SOP just references the"List of applicable standards" instead of specifying each relevant standards.
Agree with @shimonv about numbers.
It is much easier to have list of applicable standards somwhere in the document, with full standards name and date, version etc.
And than use only common part of the standard while making a reference throughout the document, for example, just IEC 60601-1 instead of IEC 60601-1:2005+Amd1:2012+Amd2:2020 etc.
It is not always applicable, like when standard name is changed, and, of course, you need to check references to any specific chapters etc. for every standard update, but still it is much easier, IMHO, than list of numbers.
It is much easier to have list of applicable standards somwhere in the document, with full standards name and date, version etc.
And than use only common part of the standard while making a reference throughout the document, for example, just IEC 60601-1 instead of IEC 60601-1:2005+Amd1:2012+Amd2:2020 etc.
It is not always applicable, like when standard name is changed, and, of course, you need to check references to any specific chapters etc. for every standard update, but still it is much easier, IMHO, than list of numbers.
EmiliaBedelia
Trusted Information Resource
You should not re-release these standards in your system. It's 1) wildly inefficient 2) probably against the terms of whatever source you purchase the standards from 3) difficult to manage and ensure everything is up to date.
My (small) company keeps a file of purchased standards in a simple network drive folder which is managed by 1 person. We have 1 person responsible for purchasing standards and 1 person who is responsible for Standards Review and maintaining a list of standards to which we comply. This is strictly enforced because we used to have multiple folders for this kind of thing, and people would purchase duplicate copies of the same standards because they didn't know we already owned it.
Procedures only reference the standard by its reference number. Records such as test reports/protocols DO reference the specific year. We document the standards AND years in the technical documentation for the devices (not the GSPR, however), and we also maintain a list in the QM of major standards like ISO 14971. We use semiannual standards review board to document and determine whether revisions to standards require any action on our part. So far, this has worked well for us.
My (small) company keeps a file of purchased standards in a simple network drive folder which is managed by 1 person. We have 1 person responsible for purchasing standards and 1 person who is responsible for Standards Review and maintaining a list of standards to which we comply. This is strictly enforced because we used to have multiple folders for this kind of thing, and people would purchase duplicate copies of the same standards because they didn't know we already owned it.
Procedures only reference the standard by its reference number. Records such as test reports/protocols DO reference the specific year. We document the standards AND years in the technical documentation for the devices (not the GSPR, however), and we also maintain a list in the QM of major standards like ISO 14971. We use semiannual standards review board to document and determine whether revisions to standards require any action on our part. So far, this has worked well for us.
We have subscriptions to most standards. The publishers are very much a business so you will know with email bombardment that one has changed. We then review the change to see relevance for our spot within the standard.
To be safe for management review we have a slide just for standards and regulatory changes. We write about what changed and what (if anything) we did in response. If a document like a DoC needs updating we do that too.
The actual standards are all on our shared drive by category. We don’t rev control them though. That would be confusing I think.
To be safe for management review we have a slide just for standards and regulatory changes. We write about what changed and what (if anything) we did in response. If a document like a DoC needs updating we do that too.
The actual standards are all on our shared drive by category. We don’t rev control them though. That would be confusing I think.
MrsQuality
Registered
Regulations typically require organizations to comply with the most current revision of applicable standards and guidelines. This ensures that practices and procedures are up-to-date with the latest safety, quality, and compliance requirements. As the requirement is that you stay up to date with the regulations you use in your industry, you only need to reference the general number such as 21 CFR 211, ISO 13485, etc. it is implied that it will be the latest revision. It is also important to do a GAP analysis of the new revision. Should there be changes that will need to be implemented they need to be done by the time the new regulation has been released, if you cannot make those implementations by that time, you will need a Change Control/Deviation to address when you will be able to meet those requirements.
