ISO13485/ISO9001 Convenient Document Management System

#1
Hello everyone,
I plan our future Doc Management System, we are working in electronics for industrial equipment and also plan to extend our business to Medical Device (we are a small company <20 persons). So our DMS must be ISO 9001 & ISO 13485 compliant ;)
During previous experiences in Medical Device companies I used eDMS software and/or a paper-based system with wet ink signature of the creator/checker/approver and archiving of each paper version. I am trying to find a way to avoid these kinds of systems. I have read the forum and the standards and I have thought of a solution that I want to share with you.
I am sure that this system can be ISO 9001:2015 compliant, also it seems to be compliant with ISO 13485 §4.2.4 & 4.2.5.
But I would like to have some feedback to know if it could be enough for an ISO13485 QMS.

Please find below a quick description of the solution (lifecycle/workflow; content of the documents; archiving):

Requirements: ISO 9001:2015 + ISO 13485:2016 + in EU (no FDA)

# Instruction documents life cycle (procedure; WI):
- Creation: redaction in a word template
- Review: check of the word document by other persons & feedback to author (review not documented)
-Approval: check & approve document by Doc Manager --> Doc Manager create a pdf and save it on a network folder with limited write access = doc approved
- Use & consultation: user can access the network folder (read only) to view the documents approved
- Archiving: obsolete documents are transferred on another network folder with restricted access (files are PDF with “obsolete” watermark)

# Instruction document template content:
- Document type; Doc Reference; Doc Title; Doc version; Approval date
- Information about the change since last version (no information about previous changes since obsolete revisions are stored)
- Author name
- Approver name & approval date
- Inscription “Uncontrolled copy when printed”

# Form template lifecycle:
- Some form templates are created in word and then transferred to PDF for use (print or PDF with editable fields)
- Other form templates are created in word/excel; so they can be use directly in word/excel (for calculations)
- Approval: check & approve document by Doc Manager --> Doc Manager save form on a network folder with limited write access = doc approved
- Archiving: obsolete documents are transferred on another network folder with restricted access (files are PDF with “obsolete” watermark

# Form template content:
- Document type; Doc Reference; Doc Title; Doc version; Approval date
- Author name
- Approver name & approval date

# Record archiving:
- Paper: archiving paper records during defined period
- Electronic: archiving in a not alterable format (PDF)

Any feedback is appreciated; I want to make sure to have a system compliant & try to make it as simple as possible for users.
 
#2
I just came across this thread looking for something else. I just give it a try in case you come back ;).

What you should do is challenge your requirements against 4.2.4 Control of documents within ISO 13485.
This chapter does have requirements like review, approve, re-approve (if needed) documents prior to issuing them. Make sure the current revision is available and changes between revisions are visible. At some stage these documents will also become records (thats what you mentioned within # Record archiving), so also have a look at 4.2.5

Just by looking at you requirements it does look like you meet ISO 13485. But better check it yourself again.

The big question (and this is why I stumbled over this thread) is how you approve your documents.
ISO 13485 only says documents have to be approved, but unlike 21 CFR Part 11 (that's not applicable to you) does specify how an approval has to be done. Also in the guidance document to ISO 13485 it only refers to other regulations that might have requirements on how an approval has to be done.

Does anyone have an idea on how an approval within a pure ISO 13485 environment might look like. For me it is similar to what @Remik mentioned. A specific action that is traceable to a specific person (like an ok button within a workflow) but unlike 21 CFR Part 11 without reauthenticating yourself again with Username + Password with every signature.

What are your thoughts on this?
 
#3
Just to bring this topic up a little bit.

Does anyone have an idea on how an approval within a pure ISO 13485 environment might look like? For me it is similar to what @Remik mentioned. A specific action that is traceable to a specific person (like an ok button within a workflow) but unlike 21 CFR Part 11 without reauthenticating yourself again with Username + Password with every signature.

@yodon and @Remik , have you got an idea about it?
 

yodon

Staff member
Super Moderator
#4
Indeed, there's nothing specific in 13485 to drive any particular solution / method so I think it would depend on any regional legislation. I am not aware of anything the EU has like Part 11 for devices. There is "Annex 11" but it's for medicinal products and doesn't go to the extent of Part 11. I don't really know about other jurisdictions. The requirements from Annex 11 for electronic signatures seem to lay a decent foundation:

Electronic records may be signed electronically. Electronic signatures are expected to:
a. have the same impact as hand-written signatures within the boundaries of the company,
b. be permanently linked to their respective record,
c. include the time and date that they were applied.


Implementing that foundation would seemingly put you in a defensible position in the absence of country-specific requirements.
 

Top Bottom