ISO 13485:2016 Mandatory Documents and Records
This document provides a complete list of all mandatory documents and records required by ISO 13485:2016 for medical device Quality Management Systems.
Overview
ISO 13485:2016 Mandatory Documents and Records
This document provides a complete list of all mandatory documents and records required by ISO 13485:2016 for medical device Quality Management Systems.
Overview
ISO 13485:2016 requires organizations to establish and maintain 31 documented procedures along with a Quality Manual and Medical Device Files. Additionally, numerous records must be maintained to provide evidence of conformity.
Important Notes:
- The 31 documented procedures do not need to be 31 separate documents
- Multiple procedures can be combined into one document
- One procedure can be split across multiple documents
- Not all procedures may be applicable to every organization (exclusions must be justified)
- Additional documentation may be required by applicable regulatory requirements
1. Quality Manual (Required by 4.2.2)
Description: Foundational QMS document
Must Include:
- Scope of QMS with justified exclusions
- Documented procedures or references to them
- Description of interaction between QMS processes
- Structure of documentation used in QMS
Applicable To: All organizations
2. Medical Device File (Required by 4.2.3)
Description: File for each medical device type or family
Must Include:
- General description and intended use
- Label and instructions for use specifications
- Product and/or manufacturing specifications
- Procedures for purchasing, manufacturing, servicing
- Measuring and monitoring procedures
- Installation requirements (if applicable)
- Risk management file(s)
- Verification and validation information
- Design and development file(s) when applicable
Applicable To: All organizations for each device type/family
3. The 31 Documented Procedures
Clause 4: Quality Management System
1. Risk Management Procedures (4.1.5)
Description: Requirements for risk management throughout product realization Must Address:
- Risk management methodology
- Risk analysis and evaluation
- Risk control measures
- Risk acceptability criteria
- Risk management review Referenced Standard: ISO 14971
2. Software Validation Procedure (4.1.6)
Description: Validation of computer software applications used in QMS Must Address:
- Risk assessment of software
- Validation approach and activities
- Acceptance criteria
- User responsibilities
- Validation before initial use and after changes
- Revalidation criteria
3. Control of Documents Procedure (4.2.4)
Description: Control of all QMS documents Must Address:
- Document approval before issue
- Document review and update
- Identification of changes and revision status
- Availability of relevant document versions
- Document legibility and identification
- Control of external documents
- Prevention of obsolete document use
- Identification of retained obsolete documents
4. Control of Records Procedure (4.2.5)
Description: Control of all QMS records Must Address:
- Record identification
- Storage and security
- Integrity protection
- Retrieval procedures
- Retention time determination
- Record disposition
- Legibility requirements
- Change identification
Clause 5: Management Responsibility
5. Management Review Procedure (5.6.1)
Description: Systematic review of QMS by top management Must Address:
- Review frequency (at least annually)
- Review agenda and inputs
- Review outputs and actions
- Attendee requirements
- Record-keeping requirements
6. Internal Communication Procedure (5.5.3)
Description: Communication regarding QMS effectiveness Must Address:
- Communication channels
- Communication frequency
- Responsible parties
- Topics to be communicated
- Documentation of communications
Clause 6: Resource Management
7. Human Resources/Competence Procedure (6.2)
Description: Ensuring personnel competence Must Address:
- Competence requirements determination
- Training needs identification
- Training provision and evaluation
- Education, training, skills, and experience requirements
- Competence records maintenance
- Awareness of personnel contributions
8. Infrastructure Maintenance Procedure (6.3)
Description: Maintenance of facilities and equipment (when affecting quality) Must Address:
- Maintenance activities definition
- Maintenance scheduling
- Maintenance records
- Impact on product quality
- Verification after maintenance
9. Contamination Control Procedure (6.4.2)
Description: Control of contaminated or potentially contaminated product (when applicable) Must Address:
- Contamination identification
- Contaminated product handling
- Segregation requirements
- Decontamination procedures
- Special arrangements for control
Clause 7: Product Realization
10. Customer Communication Procedure (7.2.3)
Description: Communication with customers Must Address:
- Product information provision
- Inquiry, contract, order handling
- Customer feedback including complaints
- Advisory notices
- Communication channels and responsibilities
11. Design and Development Procedures (7.3.1 - 7.3.10)
Description: Control of design and development process Must Address:
- Design and development planning
- Input determination and review
- Output provision and approval
- Design reviews at suitable stages
- Verification against inputs
- Validation for intended use
- Transfer to manufacturing
- Change control
- Design file maintenance
12. Purchasing Procedures (7.4.1)
Description: Control of purchasing process Must Address:
- Supplier evaluation and selection criteria
- Supplier monitoring and re-evaluation
- Supplier performance tracking
- Purchasing controls
- Supplier notification of changes
- Communication to sub-tier suppliers
13. Verification of Purchased Product Procedure (7.4.3)
Description: Verification that purchased product meets requirements Must Address:
- Verification activities
- Extent of verification
- Method of product release
- Verification at supplier's premises (if applicable)
- Customer verification arrangements (if applicable)
14. Production and Service Provision Control Procedures (7.5.1)
Description: Control of production and service activities Must Address:
- Work instructions and documented procedures
- Use of suitable equipment
- Monitoring and measuring activities
- Release, delivery, and post-delivery activities
- Labelling and packaging operations
- Servicing procedures (if applicable)
15. Product Cleanliness Procedures (7.5.2)
Description: Control of product cleanliness (when applicable) Must Address:
- Cleaning requirements and specifications
- Cleaning before sterilization
- Uncleanable product handling
- Hygiene requirements in manufacturing
- Cleaning verification
16. Installation and Verification Procedures (7.5.3)
Description: Installation activities (when applicable) Must Address:
- Installation requirements
- Installation instructions
- Verification of installation
- Installation records
- Responsible parties
17. Servicing Procedures (7.5.4)
Description: Servicing activities (when applicable) Must Address:
- Servicing requirements
- Reference materials and measurements
- Feedback analysis from servicing
- Servicing records
- Servicing notification to regulatory authorities
18. Process Validation Procedure (7.5.6)
Description: Validation of processes where output cannot be verified Must Address:
- Process validation for manufacturing
- Computer software validation for production
- Sterilization process validation
- Aseptic processing validation
- Clean room validation (if applicable)
- Criteria for review and approval
- Equipment approval and personnel qualification
- Revalidation criteria and triggers
19. Sterilization and Sterile Barrier System Validation (7.5.7)
Description: Validation of sterilization processes (when applicable) Must Address:
- Sterilization method validation
- Sterile barrier system validation
- Process parameters for each batch
- Validation of changes to sterilization
- Maintenance of validation records
20. Product Identification and Traceability Procedures (7.5.8, 7.5.9)
Description: Identification and traceability throughout realization Must Address:
- Identification methods throughout realization
- Traceability extent definition
- Distribution and location tracking
- Consignee identification
- Quantity shipped identification
- Retention period requirements
- Applicable regulatory traceability requirements
21. Customer Property Procedure (7.5.10)
Description: Control of customer-provided property Must Address:
- Customer property identification
- Verification of customer property
- Protection and safeguarding
- Loss, damage, or unsuitability reporting
- Records of customer property
22. Preservation of Product Procedure (7.5.11)
Description: Product preservation during processing and delivery Must Address:
- Identification requirements
- Handling requirements
- Packaging requirements
- Storage requirements
- Protection requirements
- Special handling (if applicable)
- Application to constituent parts
23. Control of Monitoring and Measuring Equipment Procedure (7.6)
Description: Calibration and control of measuring equipment Must Address:
- Equipment identification
- Calibration or verification intervals
- Calibration methods and standards
- Adjustment procedures
- Identification of calibration status
- Protection from invalid adjustments
- Protection from damage
- Assessment when found non-conforming
- Computer software confirmation
Clause 8: Measurement, Analysis and Improvement
24. Feedback Procedure (8.2.1)
Description: Post-production information system Must Address:
- Early warning system for quality issues
- Post-production information collection
- Complaint handling linkage
- Reporting to regulatory authorities
- Input to risk management
- Input to corrective and preventive action
- Feedback sources and channels
25. Complaint Handling Procedure (8.2.2)
Description: Timely handling of complaints Must Address:
- Complaint receipt and recording
- Complaint evaluation and investigation
- Determination of need for reporting to authorities
- Determination of need for advisory notices
- Information to customer about actions taken
- Transfer of complaint information not directly handled
- Complaint trending and analysis
26. Reporting to Regulatory Authorities Procedure (8.2.3)
Description: Notification to regulatory authorities Must Address:
- Determination of reportable events
- Notification timeframes
- Notification content requirements
- Advisory notice requirements
- Applicable regulatory requirements by region
- Responsible parties for reporting
27. Internal Audit Procedure (8.2.4)
Description: Conduct of internal audits Must Address:
- Audit program planning
- Audit criteria, scope, frequency, methods
- Auditor selection and impartiality
- Audit responsibilities and requirements
- Audit reporting
- Records of audits
- Follow-up activities
28. Process Monitoring and Measurement Procedures (8.2.5)
Description: Monitoring and measurement of QMS processes Must Address:
- Process monitoring methods
- Process measurement methods
- Demonstration of achieving planned results
- Implementation of corrections when needed
- Corrective actions when processes fail
29. Product Monitoring and Measurement Procedures (8.2.6)
Description: Monitoring and measurement of product Must Address:
- Product acceptance criteria
- Measurement at appropriate stages
- Release authority identification
- Release procedures
- Records of conformity to criteria
- Traceability to measuring authority
30. Control of Nonconforming Product Procedure (8.3)
Description: Identification and control of nonconforming product Must Address:
- Identification of nonconformity
- Documentation requirements
- Evaluation of nonconformity
- Segregation of nonconforming product
- Disposition of nonconforming product
- Notification to external parties
- Concession process (if applicable)
- Rework procedures
- Actions for nonconformity detected before delivery
- Actions for nonconformity detected after delivery
- Reporting requirements
31A. Corrective Action Procedure (8.5.2)
Description: Elimination of causes of nonconformities Must Address:
- Review of nonconformities including complaints
- Cause determination methodology
- Evaluation of need for action
- Planning and documentation of actions
- Implementation of actions
- Effectiveness review of actions
- Records of investigation and follow-up
31B. Preventive Action Procedure (8.5.3)
Description: Elimination of causes of potential nonconformities Must Address:
- Determination of potential nonconformities
- Evaluation of need for action
- Planning and documentation of actions
- Implementation of actions
- Effectiveness review of actions
- Sources of information for preventive action
- Records of investigation and follow-up
Additional Required Documentation
Analysis of Data Procedure (8.4)
While not explicitly called out as requiring a "documented procedure," organizations must establish processes for:
- Data determination, collection, and analysis
- Evaluation of continual improvement opportunities
- Statistical techniques (if applicable)
- Analysis of:
- Customer satisfaction
- Conformity to product requirements
- Process and product characteristics and trends
- Suppliers
- Other relevant data including feedback and risk management outputs
Required Records by Clause
Clause 4 Records
- Software validation records (4.1.6)
- Risk management records (4.1.5)
- All records specified in documented procedures and work instructions
- All records required by applicable regulatory requirements
Clause 5 Records
- Management review records (5.6.1)
- Evidence of personnel competence (6.2)
Clause 6 Records
- Infrastructure maintenance records (6.3)
- Personnel training and competence records (6.2)
Clause 7 Records
- Product requirements review and follow-up actions (7.2.2)
- Design and development files (7.3.10) including:
- Design and development plans
- Design inputs
- Design outputs
- Design review records
- Design verification records
- Design validation records
- Design change records
- Risk management file
- Design and development transfer records (7.3.8)
- Supplier evaluation, selection, and monitoring (7.4.1)
- Verification of purchased product (7.4.3)
- Cleanliness of product records (7.5.2)
- Installation and verification records (7.5.3)
- Servicing activity records (7.5.4)
- Sterilization process parameter records for each batch (7.5.5, 7.5.7)
- Process validation records (7.5.6)
- Product identification and traceability recor