ISO 13485 and DHF (Design History File) requirements

K

KoD_RP

#1
Hi All,
I am working on a software house certified under ISO 13485:2012.
We have developed a product under these regulations. A customer now asks for the DHF document, which is not required for 13485.
1. Do you know whether the IEC32604 requires a DHF document?
2. Is there a template available just to get an idea?
3. Is there a correlation between 13485 procedures and the "Design control".

Frankly, I am a bit confused.
4 How do I track different versions of the some document?
5. We have a web based reporting system where the customer can report bugs/changes etc. Based on the request, we update SDS documents, perform test reports etc. Do we have to record the web based entries as well in the DHF?
Any help will be highly appreciated!
Paul
 
Elsmar Forum Sponsor

mihzago

Trusted Information Resource
#2
take a look at this recent post: http://elsmar.com/Forums/showthread.php?t=68109&goto=newpost
it should answer some of the questions.
I assume you mean IEC 62304. IEC62304 does not require DHF, but DHF is nothing more than a collection of all documents, deliverables and artifacts generated during the course of the design and development activity. DHF is not a single document, but many companies create a DHFI (Design History File Index), which references all documents that are part of the DHF.

There is almost a 1 to 1 correlation between the FDA Design Control and ISO 13485, especially the 2016 version which added things like:
7.3.9 Control of Design and development changes
7.3.10 Design and development Files (essentially your DHF).

Any changes you make to your product, and documentation generated to support the changes, also become part of the DHF.
 

yodon

Staff member
Super Moderator
#4
Just to expand a bit more on what mihzago wrote, let me touch on your points 4 & 5.

Item 4 should be nothing more than your standard document control procedures. Can you provide any more information on why this is an issue?

For item 5, 62304 has some specific controls on issues reported from the field and how they are managed and closed out. There are also some requirements for communicating issues. And there are even more requirements for tying those issues into the risk management process as well as trending. Beyond that, QSR (FDA) requirements also expect you to capture web-based reports as feedback (and if they drive changes, they would be done under design [change] controls).
 
K

KoD_RP

#5
Thanks a lot for the feedback Yodon,

Item 4 should be nothing more than your standard document control procedures. Can you provide any more information on why this is an issue?

I am mainly trying to understand the DHF logic. Is it a document where I have to just enumerate the project files or I have to track also the relationship between them e.g. web-based reported issue A led to the change of SDS file B (I am already doing the latter through traceability matrices, review protocols and reference documents).
Regarding your question: All our documents have a history section where we track changes/per version. Assuming that I have 4 versions of the same document, the first during design output phase, the second during validation and the last two after release. For each of these four versions, should the DHF document contain just the file name/location/version/release date or detailed descriptions of the changes as well? I also assume that the DHF document is sorted chronologically.

For item 5, 62304 has some specific controls on issues reported from the field and how they are managed and closed out. There are also some requirements for communicating issues. And there are even more requirements for tying those issues into the risk management process as well as trending. Beyond that, QSR (FDA) requirements also expect you to capture web-based reports as feedback (and if they drive changes, they would be done under design [change] controls).

Thanks for the clarifications. We cover the majority of the specs however we have to slightly alter our QMS to fit the needs of 14971 in order to comply with 62304. Going back to DHF, this means that inside the document we will have to add the actual web link to the corresponding web-based reporting system?

Many thanks,
Paul
 

yodon

Staff member
Super Moderator
#6
The DHF is, at least to me, more of a concept than a document. It's a collection of the entire design history with controls in place to allow you to see the current state of the design configuration (i.e., latest releases of all docs in the design). Your document control system maintains the previous versions for the required time so you are able to retrieve the latest plus the prior revisions.

In terms of having to "alter your QMS to fit the needs of 14971 in order to comply with 62304" - can you elaborate? Certainly 62304 requires some 'integration' with 14971 but I'm not sure how this would drive changes to your QMS.

Regarding the web links to the reporting system, I wouldn't say actual hyperlinks are required (but certainly not prohibited if it would be useful!). I presume there's some kind of numbering system and so you could just reference the numbers. Typically we compile the list of changes (by number with brief description) in a software release into a Version Description Document (VDD). This supports the configuration status accounting requirement. We also use the VDD to list known open issues.
 
K

KoD_RP

#7
Thanks for the feedback!

The DHF is, at least to me, more of a concept than a document. It's a collection of the entire design history with controls in place to allow you to see the current state of the design configuration (i.e., latest releases of all docs in the design). Your document control system maintains the previous versions for the required time so you are able to retrieve the latest plus the prior revisions.

It's clear now. I had in mind something similar, since all prior document versions are tracked, however the "History" term inside the DHF leads to misperceptions.

In terms of having to "alter your QMS to fit the needs of 14971 in order to comply with 62304" - can you elaborate? Certainly 62304 requires some 'integration' with 14971 but I'm not sure how this would drive changes to your QMS.

Our QMS is 13485:2012 certified. We have a Risk Management QP which describes the work flow. We follow a FMEA approach to identify risks and define corrective actions in order to minimize risks. However, we don't explicitly state the way we trace the corrective actions through out the project (risk control), even though at the end of the project we are able to verify that the corrective actions were performed. In addition, we don't evaluate the overall performance of our risk management system. According to 14971, and please correct me if I am wrong, the aforementioned procedures should be stated in the QMS.

Many thanks!
Paul
 

yodon

Staff member
Super Moderator
#8
Our QMS is 13485:2012 certified. We have a Risk Management QP which describes the work flow. We follow a FMEA approach to identify risks and define corrective actions in order to minimize risks. However, we don't explicitly state the way we trace the corrective actions through out the project (risk control), even though at the end of the project we are able to verify that the corrective actions were performed. In addition, we don't evaluate the overall performance of our risk management system. According to 14971, and please correct me if I am wrong, the aforementioned procedures should be stated in the QMS.
You may be mixing terms a bit which could be part of the confusion. ("Corrective actions" are most typically what would be done to address a nonconformity.) One of the outputs of risk management is risk controls or mitigations (what I think you're calling corrective actions). Indeed, you do need to demonstrate that the risk controls are implemented and effective (at the time they're needed). Per 13485, one of the design inputs is the output of risk management. Thus, you do need to demonstrate traceability from the risk control to verification.

Yes, you should have procedures that guide your risk management activities. Per 14971:2012, your risk file (the collection of risk management artifacts) contains, in addition to the analysis and evaluation, the (evidence of) implementation and verification of controls and the assessment of the acceptability of residual risk.
 
#9
Hello, I realize this post is almost 2 years old, but the subject matter you've discussed is closely related to my question.
I understand the concept of DHF and it works fine for a company with a large set of controlled documents over a period of time.

I am consulting for a startup company in France that wants to be certified to ISO 13485:2016. They have over 2 years of uncontrolled documents, having never put a true quality system in place. They've been doing animal testing and have paper records for that. Should I be looking at scanning hand-written proof-of-concept ideas and photos of dry erase boards with drawings representing brainstorming? Should I be including e-mail conversations between early company members discussing their ideas for the product and its technology? All of that constitutes early design inputs and planning.
Thank you for your help.
Scott
 

yodon

Staff member
Super Moderator
#10
Can't say that's the tack I would take. Sounds like what they've been doing up to now is "research" (outside the scope of design). Certainly they've gathered good data (presumably) to prove the concept but without good controls in place (tests under approved protocol, proper record capture, etc.), the reliability of that data would likely cause that data to be dismissed.

It sounds to me like they're ready to move into design and need to properly establish the Design & Development Plan, do the required Risk Management activities, capture the design inputs, etc. and start building the DHF / Medical Device file. I do tend to take a conservative approach - I want my clients as bullet-proof as possible with their submissions / compliance.
 
Thread starter Similar threads Forum Replies Date
O Distributors and ISO 13485 - DHF and DMR Responsibilities ISO 13485:2016 - Medical Device Quality Management Systems 7
K 3rd party auditor for ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 0
chris1price MDSAP and ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 5
D ISO 13485 Contained NC ISO 13485:2016 - Medical Device Quality Management Systems 3
Brizilla ISO 13485 for a Distributor ISO 13485:2016 - Medical Device Quality Management Systems 7
Q Harmonised Standards (EN ISO 13485 / EN ISO 14971) in MDR (2017/745/EU) ISO 13485:2016 - Medical Device Quality Management Systems 3
J ISO 13485- 8.3.1 Non-conforming material high volume ISO 13485:2016 - Medical Device Quality Management Systems 4
H Contract Manufacturer as Design Owner ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 6
blackholequasar ISO 13485 certification prior to Medical Device Manufacturing... worth it? ISO 13485:2016 - Medical Device Quality Management Systems 4
S Electronic Signatures - Non-Conformance - ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 30
E ISO 13485 software validation ISO 13485:2016 - Medical Device Quality Management Systems 7
D Notified Bodies - ISO 13485 & MDR Technical Files ISO 13485:2016 - Medical Device Quality Management Systems 3
D Deviations - Where in ISO 13485 deviations are covered? ISO 13485:2016 - Medical Device Quality Management Systems 7
B ISO 13485 Certification ISO 13485:2016 - Medical Device Quality Management Systems 2
Y ISO 13485:2015 Software Validation IQ/OQ/PQ ISO 13485:2016 - Medical Device Quality Management Systems 13
J ISO 13485 for Metal Finishing Medical Device and FDA Regulations and Standards News 5
S How to calculate Effective Number of People for ISO 13485 Certification? General Auditing Discussions 2
D Question regarding where "validations" fit according to ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 1
E Any template/ form of Monitoring and Measurement of Processes and product to ISO 13485? ISO 13485:2016 - Medical Device Quality Management Systems 1
H ISO 13485-paragraphs for a SaaS SAMD needed or not? ISO 13485:2016 - Medical Device Quality Management Systems 2
D Question on using audit checklist ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 20
M ISO 13485 and document control for programs ISO 13485:2016 - Medical Device Quality Management Systems 6
M Customer Property - ISO 13485:2016 Clause 7.5.10 ISO 13485:2016 - Medical Device Quality Management Systems 9
pbojsen ISO 13485 Requirements versus FDA product classification and GMP exemptions - Audits ISO 13485:2016 - Medical Device Quality Management Systems 5
D Lead time to schedule an ISO 13485 audit General Auditing Discussions 2
S Does anyone have a checklist to prepare for ISO 13485, Stage I audit? ISO 13485:2016 - Medical Device Quality Management Systems 3
H QMS ISO 13485:2016 - ISO14971 IEC60304 etc ISO 13485:2016 - Medical Device Quality Management Systems 6
B Operational Procedures for ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 7
D ISO 14971 applicability in ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 7
E ISO 13485 in Clinical Trial conduct: Applicable or No ISO 13485:2016 - Medical Device Quality Management Systems 2
G ISO 13485 Certification - Can we get the ISO 13485 certification prior to shipment of the device? ISO 13485:2016 - Medical Device Quality Management Systems 6
N Does anyone use SGS for ISO 13485 / CE certification Registrars and Notified Bodies 0
Ed Panek ISO 13485:2016 Section 5.5.3 ISO 13485:2016 - Medical Device Quality Management Systems 3
ebrahim QMS as per ISO 13485, Clause 4.2 Requirements for regulatory purposes for Medical Devices Authorized Representatives. ISO 13485:2016 - Medical Device Quality Management Systems 3
D ISO 13485 scope (implantable) - Polymers for dental application EU Medical Device Regulations 9
N ISO 13485 7.3.9 Change control in medical device software ISO 13485:2016 - Medical Device Quality Management Systems 6
A ISO 13485 procedure change and reflect to legacy manufacture items ISO 13485:2016 - Medical Device Quality Management Systems 2
D ISO 13485 & CE Certification for Surgical Gloves CE Marking (Conformité Européene) / CB Scheme 0
S Inventory Listing and ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 3
M ISO 13485:2016 Certification Scope ISO 13485:2016 - Medical Device Quality Management Systems 4
D Reports under change management | ISO 13485:2016 & ISO 9001:2015 ISO 13485:2016 - Medical Device Quality Management Systems 3
M Scope for ISO 13485 Certification of a Translation Service Provider ISO 13485:2016 - Medical Device Quality Management Systems 17
Q ISO 13485 7.5.6 Validation - Off the shelf Software ISO 13485:2016 - Medical Device Quality Management Systems 3
A ISO 13485 Certification for Resin Manufacturer ISO 13485:2016 - Medical Device Quality Management Systems 4
A ISO 13485 Sterilization Clause Applicability ISO 13485:2016 - Medical Device Quality Management Systems 7
K ISO 13485 and compliance of electronic signature ISO 13485:2016 - Medical Device Quality Management Systems 5
T ISO 13485 - Assembly instructions written vs. online ISO 13485:2016 - Medical Device Quality Management Systems 5
M ISO 13485:2016 internal audit checklist Medical Device and FDA Regulations and Standards News 8
N 93/42/EEC certification without ISO 13485 EU Medical Device Regulations 3
M How Specific in an ISO 13485:2016 Scope for a Contract Manufacturer ISO 13485:2016 - Medical Device Quality Management Systems 9

Similar threads

Top Bottom