R
Hello!
We are a contract manufacturer working toward an ISO13485 registration. Question about control of production: we have an old ERP system & are working toward a new one but not in time for a REG audit. The system itself has no security controls per se; i.e. anyone sufficiently skilled & motivated could make changes, however this has not happened without our documented change & approval process so far. We use this system to issue job orders / travelers that designate a lot # and reference the process steps, documents, materials, etc. I am already transferring the forms that print out into our Doc system that does have the customary controls, however we have to issue production lots from the existing system. It ties to everything - shipping, billing, etc. The question then, is can we use a Risk Analysis to possibly justify the continued use of this system for the travelers & let them still contain the same information? Things like materials are referenced which, again tie-in to our ERP system. I understand the necessity of control, and indeed, we are heading in that direction. I just need to know what will be acceptable to a REG auditor in addressing this. THANK YOU Very much for any assistance that you can provide!!
We are a contract manufacturer working toward an ISO13485 registration. Question about control of production: we have an old ERP system & are working toward a new one but not in time for a REG audit. The system itself has no security controls per se; i.e. anyone sufficiently skilled & motivated could make changes, however this has not happened without our documented change & approval process so far. We use this system to issue job orders / travelers that designate a lot # and reference the process steps, documents, materials, etc. I am already transferring the forms that print out into our Doc system that does have the customary controls, however we have to issue production lots from the existing system. It ties to everything - shipping, billing, etc. The question then, is can we use a Risk Analysis to possibly justify the continued use of this system for the travelers & let them still contain the same information? Things like materials are referenced which, again tie-in to our ERP system. I understand the necessity of control, and indeed, we are heading in that direction. I just need to know what will be acceptable to a REG auditor in addressing this. THANK YOU Very much for any assistance that you can provide!!

The Auditors or the FDA is be focused on ?Control? of the system to ensure the documentation that is created out of the system is what was intended and has not been changed outside of your process. If your process is small and stable this could be as simple as an approved specification that is compared against prior to release to manufacturing.