Documented Information

‍Documented Information refers generally to the required documents and records that must be established, maintained, and controlled within a formal quality management system (QMS) or regulatory compliance framework.

In systems governed by standards like ISO 9001:2015 or U.S. FDA regulations (such as 21 CFR Part 820) or the EU Medical Device Regulation (MDR), Documented Information falls into two main categories: documents (procedures and instructions) and records (evidence of compliance and results).

Here is an overview of the role and requirements for Documented Information across relevant frameworks:

1. Documented Information in Quality Management Standards (ISO 9001:2015)

In the context of ISO 9001:2015, "Documented information" is a common clause used across alignment standards. The standard requires organizations to establish a QMS that includes:

• Documented information required by the standard (mandatory documents and records).
• Documented information determined by the organization as necessary for the effectiveness of the QMS.

Key Requirements for Control (ISO 9001:2015)

Procedures must be maintained for the Control of documented information. These procedures must ensure that documented information is controlled with respect to:

1. Availability and Suitability: It must be available and suitable for use, where and when it is needed.
2. Protection: It must be adequately protected (e.g., from loss of confidentiality, improper use, or loss of integrity).
3. Creation and Updating: When creating and updating documented information, the organization must ensure appropriate identification and description (e.g., title, date, author, or reference number), format (e.g., language, software version), media (e.g., paper, electronic), and review and approval for suitability and adequacy.
4. Control Activities: Control of documented information must address distribution, access, retrieval, use, storage, preservation (including legibility), control of changes (e.g., version control), and retention and disposition.

Structure and Hierarchy (ISO 9001, General Practice)

Although the ISO 9001:2015 standard is less prescriptive regarding documentation hierarchy (it no longer mandates a Quality Manual or specific procedures), QMS documentation traditionally follows a structured hierarchy to maintain clarity and consistency:

1. Quality Policy: A declarative statement of the organization’s commitment to quality and continual improvement.
2. Quality Manual (Non-Mandatory in 2015): This outlines the QMS structure and scope.
3. Procedures: Documented instructions outlining the steps and activities for specific processes (like Corrective and Preventive Action [CAPA] procedures or Document Control procedures).
4. Work Instructions: Detailed steps focusing on the sequencing, tools, and methods used for specific tasks.
5. Records and Forms: Evidence demonstrating that processes were carried out as planned and requirements were met.

2. Documented Information in Medical Device Regulation (FDA/MDR)

In the medical device industry, documented information is critical for demonstrating compliance, safety, and traceability. The ability to access, copy, and verify records is mandatory for FDA employees.

General Recordkeeping Requirements (21 CFR Part 820)

Under the FDA's QSR, all required records must be:

• Legible.
• Stored to minimize deterioration and prevent loss.
• Backed up if stored in automated data processing systems.
• Retained for a period equivalent to the design and expected life of the device, but no less than 2 years from the date of release for commercial distribution.
• Reasonably accessible for FDA inspection and copying.

Examples of Critical Regulatory Records

The QSR mandates specific documented files to track the lifecycle of a device:

Design History File (DHF) (820.30(j))

The Design History File (DHF) describes the design history of a finished device, demonstrating that the design was developed according to an approved plan and meets QSR requirements. It acts as a comprehensive archive of the device's evolution from concept to completion. Key content includes documented results of design reviews, design verification, design validation, and any design changes, ensuring all steps are traceable and justified.

Device Master Record (DMR) (820.181)

The Device Master Record (DMR) is a compilation of records containing the procedures and specifications for manufacturing a specific finished device. It serves as the blueprint for production, outlining how the device should be built and tested to maintain consistency and quality. Examples of key content encompass device specifications, production process specifications, quality assurance procedures, and packaging/labeling specifications, providing a single source of truth for manufacturing operations.

Device History Record (DHR) (820.184)

The Device History Record (DHR) compiles records detailing the production history for each batch, lot, or unit of a device. This record verifies that the device was manufactured in accordance with the DMR and allows for traceability in case of issues. It typically includes dates of manufacture, quantity manufactured, quantity released for distribution, acceptance records demonstrating conformance to the DMR, and the unique device identifier (UDI) or control numbers used.

CAPA Documentation (820.100)

Corrective and Preventive Action (CAPA) documentation records the activities needed to correct and prevent the recurrence of nonconforming products and other quality problems. It ensures systematic investigation and resolution of issues to improve overall quality systems. Key content covers all activities and their results, including investigations, implemented actions, verification or validation of effectiveness, and any procedural changes made as a result.

Complaint Files (820.198)

Complaint files maintain records of receiving, reviewing, and evaluating complaints related to medical devices. They facilitate prompt investigation and response to user feedback, helping identify potential safety or performance issues. Essential content includes the name of the device, date the complaint was received, UDI or control number, nature and details of the complaint, dates and results of the investigation, and any corrective actions taken.

By diligently managing these quality system records, manufacturers can enhance product reliability, mitigate risks, and streamline regulatory processes. It's always recommended to stay updated with the latest FDA guidance and consult quality experts for implementation tailored to your specific devices and operations.

Other Terms

Electronic Records: Records stored in automated systems must be backed up.

Foreign Language: For submissions, documents translated from another language into English (e.g., original study documents or advertisements) must be accompanied by the original language version, a signed statement from an authorized representative certifying the translation is complete and accurate, and a brief statement of the translator's qualifications.

Confidentiality: Records deemed confidential by the manufacturer may be marked to assist the FDA in determining whether the information can be publicly disclosed under 21 CFR Part 20.

3. Documentation Requirements Under the New QMSR

The FDA's Quality Management System Regulation (QMSR), effective February 2, 2026, incorporates the international standard ISO 13485:2016 by reference.

• Manufacturers must document a quality management system that complies with ISO 13485 and other applicable QSR requirements.
• The QMSR maintains supplemental requirements for records, specifically emphasizing Control of records in addition to ISO 13485 Clause 4.2.5.
• This includes supplemental mandatory information for records related to complaints, servicing activities, and recording the Unique Device Identification (UDI) for each device or batch.

‍