Identification & Control - Documents of External Origin - ISO13485:2003 Clause 4.2.3f

[Viki N.]

Good Morning,

Our company just went through our Triennial Assessment audit (ISO13485:2003). The auditor wrote an action request that went like this: "The control needed to ensure documents of external origin are identified and their distribution controlled is not defined in procedures as required by Clause 4.2.3f."

We have always considered external documents to be our customer prints, specs, etc. This auditor says we need to control documents such as the "ISO Standard" with a stamp that says something to the effect of "controlled document." (We do stamp obsolete on these, when needed)
He also says other external documents would be like owner's manuals for equipment that refers to suggested PM's, etc. and that these should also be controlled.

I'm having some trouble exactly how to define this in our current procedure for these types of documents and not overdo ending up having to control every piece of paper in the company.

Does anyone have any suggestions or tips on how this clause (4.2.3f) is covered in your own quality systems?

Thanks,
Viki

 

[Microbe]

We have a central library for ISO standards etc. If anyone wants to they can sign out a copy. For PM, we tend to incorprate manufacturers recommendations within our own documentation, which we control. We do not control manufacturers specifications. We are a small company, so this approach works for us.

 

[Wesley Richardson]

(ISO13485:2003). The auditor wrote an action request that went like this: "The control needed to ensure documents of external origin are identified and their distribution controlled is not defined in procedures as required by Clause 4.2.3f."

We have always considered external documents to be our customer prints, specs, etc. This auditor says we need to control documents such as the "ISO Standard" with a stamp that says something to the effect of "controlled document." (We do stamp obsolete on these, when needed)
He also says other external documents would be like owner's manuals for equipment that refers to suggested PM's, etc. and that these should also be controlled.

There are six items that you need to consider in order to comply with this requirement.
1. Your procedure needs to state how you control the documents.
2. One category of documents are the client documents. The document numbers and revisions required by the client should be called out in their purchase orders to you. You need to verify that you have and use the revision that they specify, and that you are not using a different revision. This would normally occur at the time of purchase order review. If you do not have the current client document revision, then it needs to be obtained from the client.
3. For equipment manuals, the revision of the manual that is supplied with the equipment is normally considered current, unless you upgrade the equipment and/or software. With a software change only, there may or may not be an updated manual.
4. For external standards, such as ISO, CFR, you need to make sure you obtain the latest copy and use it in your system. For example, CFRs are issued once a year, for a particular title.
5. You should have a database which keeps track of all internal and external documents, their titles, dates, revisions, and if applicable, where copies are kept, if more than one location.
6. I am not aware of a requirement for you to mark the document as "Controlled copy," but your procedure needs to define how you control document copies. Your method of marking Obsolete on prior revisions of documents is very good.

Wes R.

 

[Viki N.]

Thanks for the replies. I think I'm getting a clearer picture now regarding the "external" type documents.
Viki

 

[Roland Cooke]

Wes's reply is excellent.

From my experience, people tend to assume this only means "standards", when clearly most organisations have a large number of external documents which may or may not need to be controlled (maintenance manuals, software items etc etc). Either way they should at least be identified.

 

[jkuil]

Re: Identification & Control - Documents of External Origin - ISO13485:2003 Clause 4.

4. For external standards, such as ISO, CFR, you need to make sure you obtain the latest copy and use it in your system. For example, CFRs are issued once a year, for a particular title.
5. You should have a database which keeps track of all internal and external documents, their titles, dates, revisions, and if applicable, where copies are kept, if more than one location.

Wes R.

Maintaining a database of external standard (ISO, ASTM, AAMI) references is essential in maintaining conformity. Suppliers (e.g. techstreet) and publishers can help you maintaining such databases, because they can be large. Standards not only are being revised, new standards are created all the time, and they may be applicable to your product. You should also monitor the recognition / harmonization status of standards. Regulatory authorities recognize standards when they offer presumption of compliance (in full or in part) to specific essential principles of safety and performance. Different market areas may recognize different (revisions) of standards, so identify the recognition status in your database.

As suggested you may add guidance documents (e.g. FDA Guidance for Industry, GHTF, MEDDEV) and regulations.

You should maintain such a database with a purpose to maintain complaince of your quality system to the standards. Once you identify that a new or revised standard has been published, you should make all required QS document changes to implement all new requirements. Therefore our database also included a reference to the QS documents that define how our company meets a particular standard.

And not the least important, your products should meet the latest revision of recognized standards. So once a new or revised product safety or effectivess requirement is recognized you should be able to provide validation data or PMS data to provide evidence of compliance. In Europe the provide the Date of cessation of presumption of conformity of superseded standard (DOCOPOCOSS) with each new revision (see list of harmonized standards).

 

[Terese]

Re: Identification & Control - Documents of External Origin - ISO13485:2003 Clause 4.

I have a question regarding the requirement for controlling the distribution of external documents as this pertains to copyrighted materials such as ISO, IEC, ASTM, AWS standards, etc. Without the appropriate licensure, it is illegal to post copies internally for general viewing, so maintaining a database is a questionable practice in my mind (and it is becoming more difficult through the growing use of Digital Rights Management software). Additionally, SDOs control the changes to these documents and publish the updated copies, so there needs to be a system in place alerting users to these changes (we use NormScan). So for my question, is it more appropriate that a company's documentation specify how they manage accessiblity of required standards and guidance documentation, ensuring provision of the most current versions, or, is it required that these documents be housed in an internal database?

I am confused as to the requirements. It would seem odd to me that ISO would promote the networking of their Intellectual Property.

If anyone can clear up this ISO 13485 requirement for me (Section 4.2.3), I would greatly appreciate that!

Most sincerly,

Terese

 

[somashekar]

Re: Identification & Control - Documents of External Origin - ISO13485:2003 Clause 4.

So for my question, is it more appropriate that a company's documentation specify how they manage accessibility of required standards and guidance documentation, ensuring provision of the most current versions, or, is it required that these documents be housed in an internal database?

Excellent though. Your first approach is the most appropriate.
Also make a mention in your procedure how you ensure that changes and the current revision status of documents of these external origin are identified.

 

[Terese]

Re: Identification & Control - Documents of External Origin - ISO13485:2003 Clause 4.

Thank you Somashekar for your speedy response! This validates my understanding and helps me to clarify next steps.