ISO 13485 and DHF (Design History File) requirements

K

KoD_RP

#1
Hi All,
I am working on a software house certified under ISO 13485:2012.
We have developed a product under these regulations. A customer now asks for the DHF document, which is not required for 13485.
1. Do you know whether the IEC32604 requires a DHF document?
2. Is there a template available just to get an idea?
3. Is there a correlation between 13485 procedures and the "Design control".

Frankly, I am a bit confused.
4 How do I track different versions of the some document?
5. We have a web based reporting system where the customer can report bugs/changes etc. Based on the request, we update SDS documents, perform test reports etc. Do we have to record the web based entries as well in the DHF?
Any help will be highly appreciated!
Paul
 
Elsmar Forum Sponsor

mihzago

Trusted Information Resource
#2
take a look at this recent post: http://elsmar.com/Forums/showthread.php?t=68109&goto=newpost
it should answer some of the questions.
I assume you mean IEC 62304. IEC62304 does not require DHF, but DHF is nothing more than a collection of all documents, deliverables and artifacts generated during the course of the design and development activity. DHF is not a single document, but many companies create a DHFI (Design History File Index), which references all documents that are part of the DHF.

There is almost a 1 to 1 correlation between the FDA Design Control and ISO 13485, especially the 2016 version which added things like:
7.3.9 Control of Design and development changes
7.3.10 Design and development Files (essentially your DHF).

Any changes you make to your product, and documentation generated to support the changes, also become part of the DHF.
 

yodon

Staff member
Super Moderator
#4
Just to expand a bit more on what mihzago wrote, let me touch on your points 4 & 5.

Item 4 should be nothing more than your standard document control procedures. Can you provide any more information on why this is an issue?

For item 5, 62304 has some specific controls on issues reported from the field and how they are managed and closed out. There are also some requirements for communicating issues. And there are even more requirements for tying those issues into the risk management process as well as trending. Beyond that, QSR (FDA) requirements also expect you to capture web-based reports as feedback (and if they drive changes, they would be done under design [change] controls).
 
K

KoD_RP

#5
Thanks a lot for the feedback Yodon,

Item 4 should be nothing more than your standard document control procedures. Can you provide any more information on why this is an issue?

I am mainly trying to understand the DHF logic. Is it a document where I have to just enumerate the project files or I have to track also the relationship between them e.g. web-based reported issue A led to the change of SDS file B (I am already doing the latter through traceability matrices, review protocols and reference documents).
Regarding your question: All our documents have a history section where we track changes/per version. Assuming that I have 4 versions of the same document, the first during design output phase, the second during validation and the last two after release. For each of these four versions, should the DHF document contain just the file name/location/version/release date or detailed descriptions of the changes as well? I also assume that the DHF document is sorted chronologically.

For item 5, 62304 has some specific controls on issues reported from the field and how they are managed and closed out. There are also some requirements for communicating issues. And there are even more requirements for tying those issues into the risk management process as well as trending. Beyond that, QSR (FDA) requirements also expect you to capture web-based reports as feedback (and if they drive changes, they would be done under design [change] controls).

Thanks for the clarifications. We cover the majority of the specs however we have to slightly alter our QMS to fit the needs of 14971 in order to comply with 62304. Going back to DHF, this means that inside the document we will have to add the actual web link to the corresponding web-based reporting system?

Many thanks,
Paul
 

yodon

Staff member
Super Moderator
#6
The DHF is, at least to me, more of a concept than a document. It's a collection of the entire design history with controls in place to allow you to see the current state of the design configuration (i.e., latest releases of all docs in the design). Your document control system maintains the previous versions for the required time so you are able to retrieve the latest plus the prior revisions.

In terms of having to "alter your QMS to fit the needs of 14971 in order to comply with 62304" - can you elaborate? Certainly 62304 requires some 'integration' with 14971 but I'm not sure how this would drive changes to your QMS.

Regarding the web links to the reporting system, I wouldn't say actual hyperlinks are required (but certainly not prohibited if it would be useful!). I presume there's some kind of numbering system and so you could just reference the numbers. Typically we compile the list of changes (by number with brief description) in a software release into a Version Description Document (VDD). This supports the configuration status accounting requirement. We also use the VDD to list known open issues.
 
K

KoD_RP

#7
Thanks for the feedback!

The DHF is, at least to me, more of a concept than a document. It's a collection of the entire design history with controls in place to allow you to see the current state of the design configuration (i.e., latest releases of all docs in the design). Your document control system maintains the previous versions for the required time so you are able to retrieve the latest plus the prior revisions.

It's clear now. I had in mind something similar, since all prior document versions are tracked, however the "History" term inside the DHF leads to misperceptions.

In terms of having to "alter your QMS to fit the needs of 14971 in order to comply with 62304" - can you elaborate? Certainly 62304 requires some 'integration' with 14971 but I'm not sure how this would drive changes to your QMS.

Our QMS is 13485:2012 certified. We have a Risk Management QP which describes the work flow. We follow a FMEA approach to identify risks and define corrective actions in order to minimize risks. However, we don't explicitly state the way we trace the corrective actions through out the project (risk control), even though at the end of the project we are able to verify that the corrective actions were performed. In addition, we don't evaluate the overall performance of our risk management system. According to 14971, and please correct me if I am wrong, the aforementioned procedures should be stated in the QMS.

Many thanks!
Paul
 

yodon

Staff member
Super Moderator
#8
Our QMS is 13485:2012 certified. We have a Risk Management QP which describes the work flow. We follow a FMEA approach to identify risks and define corrective actions in order to minimize risks. However, we don't explicitly state the way we trace the corrective actions through out the project (risk control), even though at the end of the project we are able to verify that the corrective actions were performed. In addition, we don't evaluate the overall performance of our risk management system. According to 14971, and please correct me if I am wrong, the aforementioned procedures should be stated in the QMS.
You may be mixing terms a bit which could be part of the confusion. ("Corrective actions" are most typically what would be done to address a nonconformity.) One of the outputs of risk management is risk controls or mitigations (what I think you're calling corrective actions). Indeed, you do need to demonstrate that the risk controls are implemented and effective (at the time they're needed). Per 13485, one of the design inputs is the output of risk management. Thus, you do need to demonstrate traceability from the risk control to verification.

Yes, you should have procedures that guide your risk management activities. Per 14971:2012, your risk file (the collection of risk management artifacts) contains, in addition to the analysis and evaluation, the (evidence of) implementation and verification of controls and the assessment of the acceptability of residual risk.
 
#9
Hello, I realize this post is almost 2 years old, but the subject matter you've discussed is closely related to my question.
I understand the concept of DHF and it works fine for a company with a large set of controlled documents over a period of time.

I am consulting for a startup company in France that wants to be certified to ISO 13485:2016. They have over 2 years of uncontrolled documents, having never put a true quality system in place. They've been doing animal testing and have paper records for that. Should I be looking at scanning hand-written proof-of-concept ideas and photos of dry erase boards with drawings representing brainstorming? Should I be including e-mail conversations between early company members discussing their ideas for the product and its technology? All of that constitutes early design inputs and planning.
Thank you for your help.
Scott
 

yodon

Staff member
Super Moderator
#10
Can't say that's the tack I would take. Sounds like what they've been doing up to now is "research" (outside the scope of design). Certainly they've gathered good data (presumably) to prove the concept but without good controls in place (tests under approved protocol, proper record capture, etc.), the reliability of that data would likely cause that data to be dismissed.

It sounds to me like they're ready to move into design and need to properly establish the Design & Development Plan, do the required Risk Management activities, capture the design inputs, etc. and start building the DHF / Medical Device file. I do tend to take a conservative approach - I want my clients as bullet-proof as possible with their submissions / compliance.
 
Thread starter Similar threads Forum Replies Date
O Distributors and ISO 13485 - DHF and DMR Responsibilities ISO 13485:2016 - Medical Device Quality Management Systems 7
K ISO 13485 clause 8.5.2 'Any necessary CA shall be taken without undue delay' ISO 13485:2016 - Medical Device Quality Management Systems 2
J How much to charge for helping a startup company with initial ISO 13485 certification? Consultants and Consulting 3
J ISO 13485 System 'soft start' - How to best reflect this in initial audits, management review minutes and other records? ISO 13485:2016 - Medical Device Quality Management Systems 3
D ISO 13485 - 7.3.6 Design and development verification - Do most folks create a separate SOP? ISO 13485:2016 - Medical Device Quality Management Systems 4
C ISO 13485 :2016 - CAPA - Does every CAPA need to be checked by regulations? ISO 13485:2016 - Medical Device Quality Management Systems 9
D ISO 13485 8.2.1 and 8.2.2 - Customer Feedback and Customer Complaints ISO 13485:2016 - Medical Device Quality Management Systems 5
Sravan Manchikanti How to interpret '8.3 Control of nonconforming product' for SaMD device while implementing ISO 13485 & MDSAP ISO 13485:2016 - Medical Device Quality Management Systems 4
M Getting started in ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 21
P ISO 13485:2016 MDSAP Certification Fee Survey ISO 13485:2016 - Medical Device Quality Management Systems 6
C SOP Template needed for ISO 13485 6.3 Infrastructure ISO 13485:2016 - Medical Device Quality Management Systems 9
T ISO 13485 8.3 - Non-Conforming Materials - on-line rework or part of process? ISO 13485:2016 - Medical Device Quality Management Systems 11
B Do IFU designs have to be document controlled under ISO 13485? Document Control Systems, Procedures, Forms and Templates 2
H ISO 13485 - Separate Microbiology Audits ISO 13485:2016 - Medical Device Quality Management Systems 3
C Production and Post Production feedback - ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 4
T ISO 13485 - 5.5.1 Responsibility and authority - Small Company Independence ISO 13485:2016 - Medical Device Quality Management Systems 13
D Test summary report example for design validation wanted - ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 1
T ISO 13485 - Process validation at critical suppliers ISO 13485:2016 - Medical Device Quality Management Systems 7
O ISO 13485 vs. GMP - Comparison matrix wanted EU Medical Device Regulations 4
O ISO 13485 - Is management review required before stage 1? ISO 13485:2016 - Medical Device Quality Management Systems 6
O In addition to the standard, what other ISO 13485 sources do people recommend? ISO 13485:2016 - Medical Device Quality Management Systems 5
Watchcat ISO 13485 for IVD (In-vitro Diagnostic Device) Manufacturers? ISO 13485:2016 - Medical Device Quality Management Systems 9
K Contamination Control - Class Is medical devices (Clause 6.4.2 ISO 13485:2016 (E)) ISO 13485:2016 - Medical Device Quality Management Systems 12
H ISO 13485:2016 Gap Analysis by NB ISO 13485:2016 - Medical Device Quality Management Systems 7
F ISO 13485 - EU countries that could request another audit ISO 13485:2016 - Medical Device Quality Management Systems 2
O Adding ISO 13485 to an AS9100 QMS ISO 13485:2016 - Medical Device Quality Management Systems 10
JoCam Increase to bi-annual ISO 13485 audits ISO 13485:2016 - Medical Device Quality Management Systems 2
S ISO 13485 Lead Auditor - Debate between our Quality Team and Regulatory Auditor - Internal Auditor Training ISO 13485:2016 - Medical Device Quality Management Systems 17
A ISO 13485 - Clause 8.3.3 appropriate actions in response to nonconforming product ISO 13485:2016 - Medical Device Quality Management Systems 2
N Address of Legal Manufacturing Site in ISO 13485 certificates? ISO 13485:2016 - Medical Device Quality Management Systems 1
M ISO 13485 for general purpose disinfectants? ISO 13485:2016 - Medical Device Quality Management Systems 9
L How to deal with an ISO 13485 Supplier Audit nonconformance ISO 13485:2016 - Medical Device Quality Management Systems 17
D ISO 13485, FDA 21 CFR 820 and Auditing the Accounting Department ISO 13485:2016 - Medical Device Quality Management Systems 5
M ISO 13485 extended Site (Two companies) ISO 13485:2016 - Medical Device Quality Management Systems 2
S SOP for ISO 13485:2016 Quality related Software validation ISO 13485:2016 - Medical Device Quality Management Systems 9
C ISO 13485 Requirement in Australia/NZ for class 1? ISO 13485:2016 - Medical Device Quality Management Systems 1
E Sharepoint for ISO 13485 QMS for small IVD company ISO 13485:2016 - Medical Device Quality Management Systems 7
K Restricted Scope of ISO 13485 Certification ISO 13485:2016 - Medical Device Quality Management Systems 7
JoCam Difference between Approval and Registration - ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 2
K ISO 13485:2016, Clause 4.2.3 Medical Device File ISO 13485:2016 - Medical Device Quality Management Systems 4
J ISO 14971 applied to ISO 13485? Low risk class 1 devices ISO 13485:2016 - Medical Device Quality Management Systems 3
T Document control ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 5
D Sample Calibration SOP for ISO 13485 General Measurement Device and Calibration Topics 4
F ISO 13485 8.2.3 Reporting to regulatory authorities: Question regarding a procedure for this clause. ISO 13485:2016 - Medical Device Quality Management Systems 4
Q Is that any difficulty to do software DFMEA and PFMEA in ISO 13485? ISO 13485:2016 - Medical Device Quality Management Systems 5
F Hi friends, can anyone show me an example of a procedure for ISO 13485 6.4.1 Work Environment? ISO 13485:2016 - Medical Device Quality Management Systems 2
A We are ISO 13485:2016 should we be audited to ISO 14971 ISO 13485:2016 - Medical Device Quality Management Systems 16
E Equipment Qualification - IQ/OQ per ISO 13485:2016 section 7.5.6 Process validation ISO 13485:2016 - Medical Device Quality Management Systems 7
D Impartiality of Internal Auditor ISO 9001/13485 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
DuncanGibbons Clear differences between ISO 13485 and AS 9100D requirements ISO 13485:2016 - Medical Device Quality Management Systems 10

Similar threads

Top Bottom