Regulatory Open Forum

This message was posted by a user wishing to remain anonymous

Hello,
My question is regarding referencing ISO standards throughout our QMS documents.
Can we reference a standard, if we do not have a copy of that standard in house?

I look at your scenario in two ways: from a practical standpoint, and from a compliance standpoint.  First, referencing an ISO standard when the organization doesn't actually have a copy is misleading and impractical.  Moreover, such a practice can also lead to audit nonconformities.  I elaborate further below.

From a practical standpoint, the purpose of QMS documents (e.g., procedures, work instructions, documents of external origin, etc.) is to assure the organization understands not just what to do, but how to do it.  For example, ISO 9000's definition of "procedure" means a specified way to carry out an activity or process.  So, if the procedures contain references to ISO standards not actually possessed by the organization, then those references amount to misleading phantoms that have no objective basis for being there, and that provide no objective support for how to carry out the activity.

From a compliance standpoint, let's take ISO 13485 as an example.  Therein, the organization is required to assure that the QMS documentation includes documents (e.g., documents of external origin, e.g., ISO standards) determined by the organization to be necessary to ensure the effective planning, operation, and control of its processes.  Moreover, if the organization determines that documents of external origin (e.g., ISO standards) are needed for the effective planning, operation, and control of the QMS (such a determination is intrinsic in the organization's referencing of ISO standards in its procedures), then ISO 13485 presumes that those documents of external original are in fact readily on hand.  Indeed, ISO 13485 demands that such documents be controlled by way of proper identification and distribution.  Accordingly, phantom references to ISO standards could easily lead to audit nonconformities against the QMS's documentation and document control.

------------------------------
Kevin Randall, ASQ CQA, RAC (U.S., Europe, Canada)
Principal Consultant
Ridgway, CO
United States
© Copyright 2022 by ComplianceAcuity, Inc. All rights reserved.
------------------------------

Original Message:
Sent: 20-Sep-2022 13:06
From: Anonymous Member
Subject: Referencing ISO Standards throughout our documents

This message was posted by a user wishing to remain anonymous

Hello,
My question is regarding referencing ISO standards throughout our QMS documents.
Can we reference a standard, if we do not have a copy of that standard in house?

My recommendation is you don't list standards in SOPs unless it is absolutely essential. The audience for an SOP is the user and they seldom need to know the underlying standard. Listing the standards, makes the SOP longer, but not better. If there is something in the SOP that seems strange because it implements a part of the standard, then it is worth explaining the source.

Don't list any standard that you don't actually use. If you don't have a copy of the standard, then you can't be using it.

I've seen companies create long lists of standards across many SOPs. This is a bad practice and creates a significant document control problem when the standard changes.

If your company is concerned about the high cost of standards, consider buying them from the Estonian Standards organization, Typically, the cost is about 90% of the cost from other sources.

------------------------------
Dan O'Leary CQA, CQE
Swanzey NH
United States
------------------------------

Original Message:
Sent: 20-Sep-2022 13:06
From: Anonymous Member
Subject: Referencing ISO Standards throughout our documents

This message was posted by a user wishing to remain anonymous

Hello,
My question is regarding referencing ISO standards throughout our QMS documents.
Can we reference a standard, if we do not have a copy of that standard in house?

I find it quite informative for procedures to identify which standard, and perhaps even which clause of a standard, is intended to be met by a procedure.  For example, referencing ISO 13485 clause 8.2.2 in the complaint handling SOP, or referencing ISO 13485 clause 8.2.1 in the feedback/PMS SOP (which can be confused with 8.2.2 complaint handling) is helpful to limit/contain the scope and requirements of the procedure.

I also caution against having SOP users that are ignorant of, or disconnected from, the underlying standard driving the procedure.  For example, I've seen some dicey risk management practices of late that could have been avoided if users had been more fluent with ISO 14971.  Accordingly, the users of an SOP for a regulated process should always be familiar with the applicable standard or regulatory requirement.

In fact, ISO guidelines on QMS documentation state, '...Whenever appropriate, and to limit the size of the documentation, reference to existing recognized quality management system standards or documents available to the document user should be incorporated..."

I think organizations may also find it difficult to secure ISO certifications without their documents referencing the governing standard(s), especially when a standard is transitioning to a new state-of-the art, such as when we transitioned from ISO 13485:2003 to ISO 13485:2016, or when we transitioned to ISO 14971:2019.

------------------------------
Kevin Randall, ASQ CQA, RAC (U.S., Europe, Canada)
Principal Consultant
Ridgway, CO
United States
© Copyright 2022 by ComplianceAcuity, Inc. All rights reserved.
------------------------------

Original Message:
Sent: 21-Sep-2022 11:36
From: Dan O'Leary
Subject: Referencing ISO Standards throughout our documents

My recommendation is you don't list standards in SOPs unless it is absolutely essential. The audience for an SOP is the user and they seldom need to know the underlying standard. Listing the standards, makes the SOP longer, but not better. If there is something in the SOP that seems strange because it implements a part of the standard, then it is worth explaining the source.

Don't list any standard that you don't actually use. If you don't have a copy of the standard, then you can't be using it.

I've seen companies create long lists of standards across many SOPs. This is a bad practice and creates a significant document control problem when the standard changes.

If your company is concerned about the high cost of standards, consider buying them from the Estonian Standards organization, Typically, the cost is about 90% of the cost from other sources.

------------------------------
Dan O'Leary CQA, CQE
Swanzey NH
United States

Original Message:
Sent: 20-Sep-2022 13:06
From: Anonymous Member
Subject: Referencing ISO Standards throughout our documents

This message was posted by a user wishing to remain anonymous

Hello,
My question is regarding referencing ISO standards throughout our QMS documents.
Can we reference a standard, if we do not have a copy of that standard in house?

Hi,

I think referencing the standards in Introduction or similar is beneficial in the SOP. That this SOP is intended to cover the requirements of this and that standard /legislation. So that the user of the SOP has a feeling that there are external requirements for this SOP. And if the users are having insomnia, they have something to help on that as well.

Then I would have another "Compliance table" which would have the standard /regulation clauses/claims and link to the SOP (preferably on chapter / subchapter level) and use that as a cheat sheet on audits and when doing changes to SOPs.

And generally, you have to have the documents available, they are relevantly cheap considering the hourly rate of an auditor. Buy one and make it available.

------------------------------
Lasse Suvanto
Quality Manager
Finland
------------------------------

Original Message:
Sent: 21-Sep-2022 12:23
From: Kevin Randall
Subject: Referencing ISO Standards throughout our documents

I find it quite informative for procedures to identify which standard, and perhaps even which clause of a standard, is intended to be met by a procedure.  For example, referencing ISO 13485 clause 8.2.2 in the complaint handling SOP, or referencing ISO 13485 clause 8.2.1 in the feedback/PMS SOP (which can be confused with 8.2.2 complaint handling) is helpful to limit/contain the scope and requirements of the procedure.

I also caution against having SOP users that are ignorant of, or disconnected from, the underlying standard driving the procedure.  For example, I've seen some dicey risk management practices of late that could have been avoided if users had been more fluent with ISO 14971.  Accordingly, the users of an SOP for a regulated process should always be familiar with the applicable standard or regulatory requirement.

In fact, ISO guidelines on QMS documentation state, '...Whenever appropriate, and to limit the size of the documentation, reference to existing recognized quality management system standards or documents available to the document user should be incorporated..."

I think organizations may also find it difficult to secure ISO certifications without their documents referencing the governing standard(s), especially when a standard is transitioning to a new state-of-the art, such as when we transitioned from ISO 13485:2003 to ISO 13485:2016, or when we transitioned to ISO 14971:2019.

------------------------------
Kevin Randall, ASQ CQA, RAC (U.S., Europe, Canada)
Principal Consultant
Ridgway, CO
United States
© Copyright 2022 by ComplianceAcuity, Inc. All rights reserved.

Original Message:
Sent: 21-Sep-2022 11:36
From: Dan O'Leary
Subject: Referencing ISO Standards throughout our documents

My recommendation is you don't list standards in SOPs unless it is absolutely essential. The audience for an SOP is the user and they seldom need to know the underlying standard. Listing the standards, makes the SOP longer, but not better. If there is something in the SOP that seems strange because it implements a part of the standard, then it is worth explaining the source.

Don't list any standard that you don't actually use. If you don't have a copy of the standard, then you can't be using it.

I've seen companies create long lists of standards across many SOPs. This is a bad practice and creates a significant document control problem when the standard changes.

If your company is concerned about the high cost of standards, consider buying them from the Estonian Standards organization, Typically, the cost is about 90% of the cost from other sources.

------------------------------
Dan O'Leary CQA, CQE
Swanzey NH
United States

Original Message:
Sent: 20-Sep-2022 13:06
From: Anonymous Member
Subject: Referencing ISO Standards throughout our documents

This message was posted by a user wishing to remain anonymous

Hello,
My question is regarding referencing ISO standards throughout our QMS documents.
Can we reference a standard, if we do not have a copy of that standard in house?

You will get a Nonconformity for that if we dont have the current standard in house...
Also to reference standard throughout your SOP can be difficult to control where there is an updated or this standard becomes obsolete.
The best way is to reference the standards in one place Maybe in your quality manual...

------------------------------
Bedwuine Senatus
QA/RA Director
Springfield NJ
United States
------------------------------

Original Message:
Sent: 20-Sep-2022 13:06
From: Anonymous Member
Subject: Referencing ISO Standards throughout our documents

This message was posted by a user wishing to remain anonymous

Hello,
My question is regarding referencing ISO standards throughout our QMS documents.
Can we reference a standard, if we do not have a copy of that standard in house?

This message was posted by a user wishing to remain anonymous

I think referencing a specific standard in a QMS document, especially high level documents, can be very helpful to the user. At my company we maintain a list of all standards that the QMS users have access to (ie standards monitored and maintained by QA) as well as a list of overarching standards that we are certified to. This way, in an SOP for example, we can reference the certification list as one document (eg MDSAP, ISO 13485, IVDR, the big ones) and then we will reference standards/guidance specific to that SOP in detail. The user can then access those specific guidance documents if needed. 

Regardless of how you do it, you really should have that standard available to the users.
Original Message:
Sent: 20-Sep-2022 13:06
From: Anonymous Member
Subject: Referencing ISO Standards throughout our documents

This message was posted by a user wishing to remain anonymous

Hello,
My question is regarding referencing ISO standards throughout our QMS documents.
Can we reference a standard, if we do not have a copy of that standard in house?