Identification & Control - Documents of External Origin - ISO13485:2003 Clause 4.2.3f

V

Viki N.

#1
Good Morning,

Our company just went through our Triennial Assessment audit (ISO13485:2003). The auditor wrote an action request that went like this: "The control needed to ensure documents of external origin are identified and their distribution controlled is not defined in procedures as required by Clause 4.2.3f."

We have always considered external documents to be our customer prints, specs, etc. This auditor says we need to control documents such as the "ISO Standard" with a stamp that says something to the effect of "controlled document." (We do stamp obsolete on these, when needed)
He also says other external documents would be like owner's manuals for equipment that refers to suggested PM's, etc. and that these should also be controlled.

I'm having some trouble exactly how to define this in our current procedure for these types of documents and not overdo ending up having to control every piece of paper in the company. :confused:

Does anyone have any suggestions or tips on how this clause (4.2.3f) is covered in your own quality systems?

Thanks,
Viki
 
Elsmar Forum Sponsor
M

Microbe

#2
We have a central library for ISO standards etc. If anyone wants to they can sign out a copy. For PM, we tend to incorprate manufacturers recommendations within our own documentation, which we control. We do not control manufacturers specifications. We are a small company, so this approach works for us.:)
 

Wesley Richardson

Wes R
Trusted Information Resource
#3
Viki N. said:
(ISO13485:2003). The auditor wrote an action request that went like this: "The control needed to ensure documents of external origin are identified and their distribution controlled is not defined in procedures as required by Clause 4.2.3f."

We have always considered external documents to be our customer prints, specs, etc. This auditor says we need to control documents such as the "ISO Standard" with a stamp that says something to the effect of "controlled document." (We do stamp obsolete on these, when needed)
He also says other external documents would be like owner's manuals for equipment that refers to suggested PM's, etc. and that these should also be controlled.
There are six items that you need to consider in order to comply with this requirement.
1. Your procedure needs to state how you control the documents.
2. One category of documents are the client documents. The document numbers and revisions required by the client should be called out in their purchase orders to you. You need to verify that you have and use the revision that they specify, and that you are not using a different revision. This would normally occur at the time of purchase order review. If you do not have the current client document revision, then it needs to be obtained from the client.
3. For equipment manuals, the revision of the manual that is supplied with the equipment is normally considered current, unless you upgrade the equipment and/or software. With a software change only, there may or may not be an updated manual.
4. For external standards, such as ISO, CFR, you need to make sure you obtain the latest copy and use it in your system. For example, CFRs are issued once a year, for a particular title.
5. You should have a database which keeps track of all internal and external documents, their titles, dates, revisions, and if applicable, where copies are kept, if more than one location.
6. I am not aware of a requirement for you to mark the document as "Controlled copy," but your procedure needs to define how you control document copies. Your method of marking Obsolete on prior revisions of documents is very good.

Wes R.
 
Last edited:
V

Viki N.

#4
Thanks for the replies. I think I'm getting a clearer picture now regarding the "external" type documents.
Viki :)
 
R

Roland Cooke

#5
Wes's reply is excellent.

From my experience, people tend to assume this only means "standards", when clearly most organisations have a large number of external documents which may or may not need to be controlled (maintenance manuals, software items etc etc). Either way they should at least be identified.
 

jkuil

Quite Involved in Discussions
#6
Re: Identification & Control - Documents of External Origin - ISO13485:2003 Clause 4.

4. For external standards, such as ISO, CFR, you need to make sure you obtain the latest copy and use it in your system. For example, CFRs are issued once a year, for a particular title.
5. You should have a database which keeps track of all internal and external documents, their titles, dates, revisions, and if applicable, where copies are kept, if more than one location.

Wes R.
Maintaining a database of external standard (ISO, ASTM, AAMI) references is essential in maintaining conformity. Suppliers (e.g. techstreet) and publishers can help you maintaining such databases, because they can be large. Standards not only are being revised, new standards are created all the time, and they may be applicable to your product. You should also monitor the recognition / harmonization status of standards. Regulatory authorities recognize standards when they offer presumption of compliance (in full or in part) to specific essential principles of safety and performance. Different market areas may recognize different (revisions) of standards, so identify the recognition status in your database.

As suggested you may add guidance documents (e.g. FDA Guidance for Industry, GHTF, MEDDEV) and regulations.

You should maintain such a database with a purpose to maintain complaince of your quality system to the standards. Once you identify that a new or revised standard has been published, you should make all required QS document changes to implement all new requirements. Therefore our database also included a reference to the QS documents that define how our company meets a particular standard.

And not the least important, your products should meet the latest revision of recognized standards. So once a new or revised product safety or effectivess requirement is recognized you should be able to provide validation data or PMS data to provide evidence of compliance. In Europe the provide the Date of cessation of presumption of conformity of superseded standard (DOCOPOCOSS) with each new revision (see list of harmonized standards).
 
T

Terese

#7
Re: Identification & Control - Documents of External Origin - ISO13485:2003 Clause 4.

I have a question regarding the requirement for controlling the distribution of external documents as this pertains to copyrighted materials such as ISO, IEC, ASTM, AWS standards, etc. Without the appropriate licensure, it is illegal to post copies internally for general viewing, so maintaining a database is a questionable practice in my mind (and it is becoming more difficult through the growing use of Digital Rights Management software). Additionally, SDOs control the changes to these documents and publish the updated copies, so there needs to be a system in place alerting users to these changes (we use NormScan). So for my question, is it more appropriate that a company's documentation specify how they manage accessiblity of required standards and guidance documentation, ensuring provision of the most current versions, or, is it required that these documents be housed in an internal database?

I am confused as to the requirements. It would seem odd to me that ISO would promote the networking of their Intellectual Property.

If anyone can clear up this ISO 13485 requirement for me (Section 4.2.3), I would greatly appreciate that!

Most sincerly,

Terese
 

somashekar

Staff member
Super Moderator
#8
Re: Identification & Control - Documents of External Origin - ISO13485:2003 Clause 4.

So for my question, is it more appropriate that a company's documentation specify how they manage accessibility of required standards and guidance documentation, ensuring provision of the most current versions, or, is it required that these documents be housed in an internal database?
Excellent though. Your first approach is the most appropriate.
Also make a mention in your procedure how you ensure that changes and the current revision status of documents of these external origin are identified.
 
T

Terese

#9
Re: Identification & Control - Documents of External Origin - ISO13485:2003 Clause 4.

Thank you Somashekar for your speedy response! This validates my understanding and helps me to clarify next steps:D.
 
Last edited by a moderator:
Thread starter Similar threads Forum Replies Date
T Identification and Control of External Documents - 4.4.5 f) of ISO 14001 ISO 14001:2015 Specific Discussions 5
R TS 16949 - Clause 4.2.3 - Identification and Control of Documents of External Origin IATF 16949 - Automotive Quality Systems Standard 15
F Documents of External Origin - Identification, Control and Distribution - 4.2.3 f) Document Control Systems, Procedures, Forms and Templates 13
M Control and Identification of ISO/TS 16949:2009 Documentation. ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
M Shelf Life Control and Identification of items that do not have Shelf Life ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
M Hazard Identification for Pest Control Activities Other ISO and International Standards and European Regulations 9
M Document Identification and Control Numbers ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
G Understanding Identification of Design in QSR 21 CRF Part 820.30 Design Control (f) 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
N Changing Document Control Identification of Job Descriptions Document Control Systems, Procedures, Forms and Templates 5
N ISO 14001 Control vs. Influence - Environmental Aspects Identification ISO 14001:2015 Specific Discussions 6
C Control, Identification and Content of Corporate Electronic Forms Document Control Systems, Procedures, Forms and Templates 7
M Identification and Control of Hard-to-label Product - 1/8" diameter ROD ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
I Hazard Identification and Naming ISO 14971 - Medical Device Risk Management 10
C ISO 45001 6.1.2.1 Hazard Identification Occupational Health & Safety Management Standards 1
J 1.11 Preliminary Identification of Special Product and Process Characteristics APQP and PPAP 4
T ISO 9001 8.5.2. - Identification and traceability to Identify Outputs - Services ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
K Identification of hazards and Risk file IEC 62366 - Medical Device Usability Engineering 7
M Medical Device Identification & Codes - Article 27 Requirements questions EU Medical Device Regulations 1
T Non conformance product identification and traceability 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
qualprod Monitoring of lead time - Good KPI identification? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
qualprod Controlled sticker for product identification? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
Watchcat Identification of Test Sample in Test Reports? Design and Development of Products and Processes 22
B Marking of Medical Electrical equipment and accessories - Cl. 7.2.2 "Identification" and Cl. 7.2.4 "Accessories" IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
M Informational EU – Unique Device Identification (UDI) System – FAQs Medical Device and FDA Regulations and Standards News 0
S ISO 14971 Risk Management - Questions for Hazard identification ISO 14971 - Medical Device Risk Management 2
Z Two Payment Identification Number (PIN) for the same order in DFUF website 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
K Identification and Traceability with an ERP system - Barcode Labels? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
M MDR Annex IX Chapter I, 2.2 (c) - Device identification procedures during manufacture. EU Medical Device Regulations 1
M Informational USFDA final guidance – Unique Device Identification: Convenience Kits Medical Device and FDA Regulations and Standards News 0
Stefan Mundt ISO 9001:2015 - 8.5.2 Identification and Traceability Manufacturing and Related Processes 14
S Looking for procedure on UDI (Unique Device Identification) 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
S UDI (Unique Device Identification) Requirements for Remanufactured devices 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
B Quality Management System documentation identification Document Control Systems, Procedures, Forms and Templates 11
K Document Numbering (Identification) System Document Control Systems, Procedures, Forms and Templates 10
N Requirements for the identification and traceability of demo product for sales force US Food and Drug Administration (FDA) 1
M RFID (Radio Frequency Identification) Registration in Europe and in MENA countries EU Medical Device Regulations 1
qualprod Identification of Training Needs = People Performance? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
H European Pharmacopoeia First Identification Requirements Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 1
Q Identification of gage blocks General Measurement Device and Calibration Topics 8
DeeDeeM IATF16949, clause 8.5.2.1 Identification and traceability-supplemental IATF 16949 - Automotive Quality Systems Standard 1
DeeDeeM IATF 16949 - Clause 8.5.2 Identification and Traceability IATF 16949 - Automotive Quality Systems Standard 7
Q ISO 9001 Cl. 8.5.2 and 8.5.4 - Identification in Products ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
M Measurement Equipment - Identification of Calibration Status General Measurement Device and Calibration Topics 25
J Customer Identification and Traceability in Manufacturing Plans Manufacturing and Related Processes 5
M Risk Identification and Risk Assessment for any Process - Is it necessary? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 22
Edward Reesor UDI (Unique Device Identification): HIBCC or GS1? ISO 13485:2016 - Medical Device Quality Management Systems 39
R Identification of Medical Devices in MDD 93/42 Certificate EU Medical Device Regulations 2
L Managing Finance Processes - Identification of Sub Processes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
M Informational Is Identification of Risks and Opportunities required for QMS Processes? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 96
dubrizo Initial Supplier Identification, Review and Controls ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1

Similar threads

Top Bottom