Regulatory Open Forum

This message was posted by a user wishing to remain anonymous

Seeking regulatory based opinion on how to apply control to sub-process documented instruction. These would be processes such as material or component ordering, inter-departmental processing, or functional tasks within departments of our business. These processes do not impact safety, effectiveness, labeling, material, or performance of the medical device(s), and are Non-ISO impacting. However, they are documented for accuracy and efficiency of work completed within departments of our business. Current Document Control requirements apply to functions and tasks required by MDSAP or ISO regulation. Any guidance or best practice suggestions on how to apply control to these processes that closely touch our Quality System process is greatly appreciated.

For the medical device sector, remember that if ISO 13485 is being applied, then it requires QMS document control for any document that is required by the QMS, not just for documents required by MDSAP or ISO.  Either way, this would certainly include material or component ordering procedures, as material/component ordering is governed by MDSAP's / ISO 13485's requirements for purchasing controls.  In other words, MDSAP / ISO auditors would rightly disagree with you, and would instead assert that the material and component ordering process could very well impact safety, effectiveness, labeling, material, or performance of the medical device(s).

Regarding "inter-departmental processing, or functional tasks within departments", that description is too generic to enable proper screening for the need for QMS document control.  Accordingly, each such mechanism needs to be more clearly characterized and then screened by the Quality/Regulatory department to assure that the corresponding operating documents are subjected to proper QMS document control where required.

For documents that truly aren't required by the QMS or applicable regulatory requirements for the QMS, then it is permissible to have an informal document control mechanism outside of the QMS document control mechanism.

------------------------------
Kevin Randall, ASQ CQA, RAC (U.S., Europe, Canada)
Principal Consultant
Ridgway, CO
United States
© Copyright 2022 by ComplianceAcuity, Inc. All rights reserved.
------------------------------

Original Message:
Sent: 21-Jul-2022 08:47
From: Anonymous Member
Subject: Sub-Process Documentation Control

This message was posted by a user wishing to remain anonymous

Seeking regulatory based opinion on how to apply control to sub-process documented instruction. These would be processes such as material or component ordering, inter-departmental processing, or functional tasks within departments of our business. These processes do not impact safety, effectiveness, labeling, material, or performance of the medical device(s), and are Non-ISO impacting. However, they are documented for accuracy and efficiency of work completed within departments of our business. Current Document Control requirements apply to functions and tasks required by MDSAP or ISO regulation. Any guidance or best practice suggestions on how to apply control to these processes that closely touch our Quality System process is greatly appreciated.

Thank you Kevin, I greatly appreciate your time and feedback. The system we have currently has been audited for MDSAP/ ISO 13485 and 9001 compliance receiving recommendation for continued certification. Thus, I feel we have the base regulatory requirements covered by procedures and work instructions within control.

The items I'm looking into are a further layer of work instructions found within departments on specific program navigation for purchasing, maintenance of facility equipment (tow motors, hoist, etc.), and engineering processes for setting up programs and how to process requests from one department to another. My apologies on the vagueness of my initial post. 

Again, I appreciate your time and response as I try to decipher the level of control on what feels like a new found wild west.

------------------------------
Sherrinda Baker
Regulatory Affairs Specialist
Versailles OH
United States
------------------------------

Original Message:
Sent: 21-Jul-2022 12:23
From: Kevin Randall
Subject: Sub-Process Documentation Control

For the medical device sector, remember that if ISO 13485 is being applied, then it requires QMS document control for any document that is required by the QMS, not just for documents required by MDSAP or ISO.  Either way, this would certainly include material or component ordering procedures, as material/component ordering is governed by MDSAP's / ISO 13485's requirements for purchasing controls.  In other words, MDSAP / ISO auditors would rightly disagree with you, and would instead assert that the material and component ordering process could very well impact safety, effectiveness, labeling, material, or performance of the medical device(s).

Regarding "inter-departmental processing, or functional tasks within departments", that description is too generic to enable proper screening for the need for QMS document control.  Accordingly, each such mechanism needs to be more clearly characterized and then screened by the Quality/Regulatory department to assure that the corresponding operating documents are subjected to proper QMS document control where required.

For documents that truly aren't required by the QMS or applicable regulatory requirements for the QMS, then it is permissible to have an informal document control mechanism outside of the QMS document control mechanism.

------------------------------
Kevin Randall, ASQ CQA, RAC (U.S., Europe, Canada)
Principal Consultant
Ridgway, CO
United States
© Copyright 2022 by ComplianceAcuity, Inc. All rights reserved.

Original Message:
Sent: 21-Jul-2022 08:47
From: Anonymous Member
Subject: Sub-Process Documentation Control

This message was posted by a user wishing to remain anonymous

Seeking regulatory based opinion on how to apply control to sub-process documented instruction. These would be processes such as material or component ordering, inter-departmental processing, or functional tasks within departments of our business. These processes do not impact safety, effectiveness, labeling, material, or performance of the medical device(s), and are Non-ISO impacting. However, they are documented for accuracy and efficiency of work completed within departments of our business. Current Document Control requirements apply to functions and tasks required by MDSAP or ISO regulation. Any guidance or best practice suggestions on how to apply control to these processes that closely touch our Quality System process is greatly appreciated.

Glad to help.  Here are some basic replies regarding your scenarios, with my additional rationale explained thereafter:

1. A further layer of work instructions (WI) for purchasing (e.g., ordering of material or components):  These WI would likely be required to be under QMS document control (either centralized or decentralized).  What I mean by 'centralized or decentralized' is that FDA's/ISO's requirements for document control don't prohibit each department from keeping their own separate or alternative (i.e., decentralized) document control mechanisms.  As long as such decentralized mechanisms are documented under the QMS and address the fundamental tenets of proper document control (e.g., revision control, preapproval, etc.), then that is permissible.  FDA/ISO don't require a single centralized document control mechanism or group.
2. A further layer of work instructions for maintenance of facility equipment (tow motors, hoist, etc.): If this equipment is used as part of device production, quality control, or any other operation that could impact product quality, then these WI need to be under QMS document control (centralized or decentralized).  For example, this is pursuant to clause 6.3 of ISO 13485.
3. A further layer of work instructions for engineering processes for "setting up programs" and "how to process requests from one department to another":  These descriptors are still too generic to know precisely whether these processes could affect or involve device quality.  But in general, if such engineering programs or requests involve or could impact device/production engineering changes, design/development control, design reviews, etc., then these WI would need to be under QMS document control (centralized or decentralized).  But if these engineering WI are just for generic business operations (such as scheduling staff meetings, making hiring decisions, requests for office supplies, etc.), then such WI could generally be considered to be outside the scope of the QMS.  Yet be careful, as such engineering operations could easily trigger the QMS threshold (such as if they involved scheduling design review meetings, determining staffing needed to support a design project or quality plan, etc.).
   

Here are a few principles driving the answers above:

a) Be mindful of the tiered document hierarchy pyramid (e.g., Tier 1 = policies; Tier 2 = procedures; Tier 3 = work instructions; Tier 4 = records).  Tier 3 (work instructions) are expected to be under proper document control just like Tiers 1 and 2.

b) Tier 3 documents (work instructions) aren't always needed.  But when an organization discovers a real need for Tier 3 documents (i.e., work instructions) for assuring that a regulated operation is properly/sufficiently controlled, then that tends by default to require such important documents to be under document control.  It's hard to argue that such important documents should be exempt from control.  In other words, if an FDA inspector or ISO auditor sees evidence that such work instructions are necessary to assure proper control of regulated operations (such as purchasing and regulated infrastructure maintenance), then those documents will be required to be under document control (centralized or decentralized).

c) Notice my use of the clarifier "regulated operation", "regulated infrastructure maintenance", etc.  The aforesaid required document controls are in relation to regulated operations.  If you can make a sustainable and legitimate argument that the operations aren't actually FDA-regulated or ISO-controlled operations, then that is where such document controls may become optional.

------------------------------
Kevin Randall, ASQ CQA, RAC (U.S., Europe, Canada)
Principal Consultant
Ridgway, CO
United States
© Copyright 2022 by ComplianceAcuity, Inc. All rights reserved.
------------------------------

Original Message:
Sent: 22-Jul-2022 07:02
From: Sherrinda Baker
Subject: Sub-Process Documentation Control

Thank you Kevin, I greatly appreciate your time and feedback. The system we have currently has been audited for MDSAP/ ISO 13485 and 9001 compliance receiving recommendation for continued certification. Thus, I feel we have the base regulatory requirements covered by procedures and work instructions within control.

The items I'm looking into are a further layer of work instructions found within departments on specific program navigation for purchasing, maintenance of facility equipment (tow motors, hoist, etc.), and engineering processes for setting up programs and how to process requests from one department to another. My apologies on the vagueness of my initial post.

Again, I appreciate your time and response as I try to decipher the level of control on what feels like a new found wild west.

------------------------------
Sherrinda Baker
Regulatory Affairs Specialist
Versailles OH
United States

Original Message:
Sent: 21-Jul-2022 12:23
From: Kevin Randall
Subject: Sub-Process Documentation Control

For the medical device sector, remember that if ISO 13485 is being applied, then it requires QMS document control for any document that is required by the QMS, not just for documents required by MDSAP or ISO.  Either way, this would certainly include material or component ordering procedures, as material/component ordering is governed by MDSAP's / ISO 13485's requirements for purchasing controls.  In other words, MDSAP / ISO auditors would rightly disagree with you, and would instead assert that the material and component ordering process could very well impact safety, effectiveness, labeling, material, or performance of the medical device(s).

Regarding "inter-departmental processing, or functional tasks within departments", that description is too generic to enable proper screening for the need for QMS document control.  Accordingly, each such mechanism needs to be more clearly characterized and then screened by the Quality/Regulatory department to assure that the corresponding operating documents are subjected to proper QMS document control where required.

For documents that truly aren't required by the QMS or applicable regulatory requirements for the QMS, then it is permissible to have an informal document control mechanism outside of the QMS document control mechanism.

------------------------------
Kevin Randall, ASQ CQA, RAC (U.S., Europe, Canada)
Principal Consultant
Ridgway, CO
United States
© Copyright 2022 by ComplianceAcuity, Inc. All rights reserved.

Original Message:
Sent: 21-Jul-2022 08:47
From: Anonymous Member
Subject: Sub-Process Documentation Control

This message was posted by a user wishing to remain anonymous

Seeking regulatory based opinion on how to apply control to sub-process documented instruction. These would be processes such as material or component ordering, inter-departmental processing, or functional tasks within departments of our business. These processes do not impact safety, effectiveness, labeling, material, or performance of the medical device(s), and are Non-ISO impacting. However, they are documented for accuracy and efficiency of work completed within departments of our business. Current Document Control requirements apply to functions and tasks required by MDSAP or ISO regulation. Any guidance or best practice suggestions on how to apply control to these processes that closely touch our Quality System process is greatly appreciated.