Back to the Glossary

Documented Information

Documented Information refers generally to the required documents and records that must be established, maintained, and controlled within a formal quality management system (QMS) or regulatory compliance framework.

In systems governed by standards like ISO 9001:2015 or U.S. FDA regulations (such as 21 CFR Part 820) or the EU Medical Device Regulation (MDR), Documented Information falls into two main categories: documents (procedures and instructions) and records (evidence of compliance and results).

Here is an overview of the role and requirements for Documented Information across relevant frameworks:

1. Documented Information in Quality Management Standards (ISO 9001:2015)

In the context of ISO 9001:2015, "Documented information" is a common clause used across alignment standards. The standard requires organizations to establish a QMS that includes:

  • Documented information required by the standard (mandatory documents and records).
  • Documented information determined by the organization as necessary for the effectiveness of the QMS.

Key Requirements for Control (ISO 9001:2015)

Procedures must be maintained for the Control of documented information. These procedures must ensure that documented information is controlled with respect to:

  1. Availability and Suitability: It must be available and suitable for use, where and when it is needed.
  2. Protection: It must be adequately protected (e.g., from loss of confidentiality, improper use, or loss of integrity).
  3. Creation and Updating: When creating and updating documented information, the organization must ensure appropriate identification and description (e.g., title, date, author, or reference number), format (e.g., language, software version), media (e.g., paper, electronic), and review and approval for suitability and adequacy.
  4. Control Activities: Control of documented information must address distribution, access, retrieval, use, storage, preservation (including legibility), control of changes (e.g., version control), and retention and disposition.

Structure and Hierarchy (ISO 9001, General Practice)

Although the ISO 9001:2015 standard is less prescriptive regarding documentation hierarchy (it no longer mandates a Quality Manual or specific procedures), QMS documentation traditionally follows a structured hierarchy to maintain clarity and consistency:

  1. Quality Policy: A declarative statement of the organization’s commitment to quality and continual improvement.
  2. Quality Manual (Non-Mandatory in 2015): This outlines the QMS structure and scope.
  3. Procedures: Documented instructions outlining the steps and activities for specific processes (like Corrective and Preventive Action [CAPA] procedures or Document Control procedures).
  4. Work Instructions: Detailed steps focusing on the sequencing, tools, and methods used for specific tasks.
  5. Records and Forms: Evidence demonstrating that processes were carried out as planned and requirements were met.

2. Documented Information in Medical Device Regulation (FDA/MDR)

In the medical device industry, documented information is critical for demonstrating compliance, safety, and traceability. The ability to access, copy, and verify records is mandatory for FDA employees.

General Recordkeeping Requirements (21 CFR Part 820)

Under the FDA's QSR, all required records must be:

  • Legible.
  • Stored to minimize deterioration and prevent loss.
  • Backed up if stored in automated data processing systems.
  • Retained for a period equivalent to the design and expected life of the device, but no less than 2 years from the date of release for commercial distribution.
  • Reasonably accessible for FDA inspection and copying.

Examples of Critical Regulatory Records

The QSR mandates specific documented files to track the lifecycle of a device:

Quality System Records
Record/File Purpose Key Content Examples

Design History File (DHF) (820.30(j))

Describes the design history of a finished device, demonstrating the design was developed according to plan and QSR requirements.

Documented results of Design Review, Design Verification, Design Validation, and Design Changes.

Device Master Record (DMR) (820.181)

Compilation of records containing the procedures and specifications for manufacturing a specific finished device.

Device specifications, production process specifications, quality assurance procedures, and packaging/labeling specifications.

Device History Record (DHR) (820.184)

Compilation of records containing the production history for each batch, lot, or unit.

Dates of manufacture, quantity manufactured, quantity released, acceptance records demonstrating conformance to the DMR, and the unique device identifier (UDI) or control numbers used.

CAPA Documentation (820.100)

Documentation of activities needed to correct and prevent recurrence of nonconforming product and other quality problems.

All activities and their results, including investigations, actions, verification/validation of effectiveness, and procedural changes.

Complaint Files (820.198)

Records of receiving, reviewing, and evaluating complaints.

Name of the device, date received, UDI/control number, nature and details of the complaint, dates and results of investigation, and corrective action taken.
  • Electronic Records: Records stored in automated systems must be backed up.
  • Foreign Language: For submissions, documents translated from another language into English (e.g., original study documents or advertisements) must be accompanied by the original language version, a signed statement from an authorized representative certifying the translation is complete and accurate, and a brief statement of the translator's qualifications.
  • Confidentiality: Records deemed confidential by the manufacturer may be marked to assist the FDA in determining whether the information can be publicly disclosed under 21 CFR Part 20.

3. Documentation Requirements Under the New QMSR

The FDA's Quality Management System Regulation (QMSR), effective February 2, 2026, incorporates the international standard ISO 13485:2016 by reference.

  • Manufacturers must document a quality management system that complies with ISO 13485 and other applicable QSR requirements.
  • The QMSR maintains supplemental requirements for records, specifically emphasizing Control of records in addition to ISO 13485 Clause 4.2.5.
  • This includes supplemental mandatory information for records related to complaints, servicing activities, and recording the Unique Device Identification (UDI) for each device or batch.

Ready to see what Botable can do for you?

Book your demo now to see how Botable can transform your workplace.

Identify your unique challenges

Flexible pricing options

Easy integrations

Step-by-step implementation plan

Customize Botable for your workflow

Book a demo

Find out how Botable can answer your employee’s questions in just 30 minutes.