External Documents Kept on an Externally-Controlled Server

External Documents Kept on an Externally-Controlled Server

Posted by Kevin Randall In Document Control, eQMS, FDA, ISO 13485, QMS 0 comment

April 21, 2023

External Documents Kept on an Externally-Controlled Server

I know of no regulations or standards specifically demanding an “internal” copy of standards or country regulations. Instead, the logistics of this are generally left to our discretion. I elaborate further below.

Let’s start with ISO 13485 / EN ISO 13485 (as amended and as applicable; hereinafter “ISO 13485”), as that standard is a very common protocol for many medical device quality management systems. Therein, clause 4.2.4 second paragraph indent (f) requires (my paraphrase and emphasis added) that we ensure documents of external origin are identified and their distribution controlled. This doesn’t prescribe the format/logistics (e.g., internal repository vs. external repository; hard copy vs. digital, etc.) of such documents. Although ISO/TC 210’s guidance about these documents provides an example that is the usual in-house maintenance paradigm, it doesn’t in my opinion overrule ISO 13485’s intended flexibility for document control. Specifically, ISO 13485 states that, “…It is not the intent of this International Standard to imply the need for uniformity in the structure of different quality management systems…[or] uniformity of documentation…” [emphasis added].

Similarly, the U.S, FDA’s medical device quality system regulation (originally fashioned after ISO precedent, and now in the process of “converging” with ISO 13485) contains the same intended type of flexibility.

So ultimately, whether such documents live in an internal repository or an external repository, either approach can be acceptable as long as the basic fundamentals of document control are adhered to. For example for practical intents and purposes, the document control SOP needs to contain the appropriate provisions for control of documents of external origin kept in an externally-controlled repository. That procedure needs to control key things like:

Deliberated identification of which external documents (title and version) have been deemed necessary by the organization.
Assuring that only the authorized versions will be used.
Assuring proper consideration and integration of updated external documents/versions.
Assuring that unauthorized versions of external documents are not used.

These are just a few ideas of what the document control procedure would need to have in order to set up for use of external documents kept on an externally-controlled server.

Write a Reply or Comment Cancel reply

You must be logged in to post a comment.

© Compliance Acuity. Website by Modernize My Site
This website uses GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Search

Generic filters

Exact matches only

* Type a keyword then press Enter

Home

Services

Compliance and Regulatory Affairs

FDA / Third-Party Audit Support

FDA 483, Warning Letters, Other Agency Citations

Liaison with Regulatory Agencies

Global Premarket Submissions

U.S. Agent

Adverse Event Reporting

Recalls and Safety Alerts

Ad/Promo Regulation

U.S. Import/Export

FDA Establishment Registration / Device Listings

Quality Management Systems (QMS)

Corrective & Preventive Action (CAPA)

Complaint Handling

Design Controls

Risk Management

GMP Training

Internal/Mock Audits

Management Responsibility

Production and Process Control

Testimonials

About Us

Blog

Contact Us