Embedded Files
1. Purpose
1. Purpose
This document provides the process for documentation of information and covers control of Documents and Records in compliance of ISO13485
2. Approval
2. Approval
(Version at end of page)
Signed V12 HJM 2.10.2024
3. Scope
3. Scope
The process covers all documents and records and contents as per the Procedure table of contents.
This Policy must be read-with and comply with the Protection of Personal Information Act 04 of 2013, ("POPI"), the Company POPI Policy, PAIA Manual and processing of personal information envisaged under this Policy must be done in accordance with the aforementioned.
The organization shall define and implement methods for protecting confidential health information contained in records in accordance with the applicable regulatory requirements
4. Responsibilities
4. Responsibilities
Changes: Author of the document, Simangele Zungu
Approval: Henry Manyike
5. Definitions
5. Definitions
EXTERNAL documents - defined as Legal Regulations, Medical Device and In-Vitro Diagnostics Council Directives (MDD/AIMD / MDR / MDIVDR), Government Gazettes, EN Standards, ISO Standards, DIN-standards, BS-Standards and documents where the configuration is controlled by an external authority. (electronic documentation maybe on websites e.g. GMDN
PRINCIPAL Suppliers i.e. the supplier from which a distributor purchases goods for import and is considered to be the manufacturer or an affiliate company to the manufacturer as labelled on the product
6. Abbreviations
6. Abbreviations
GMDN - Global Medical Device Nomenclature
IMDRF - International Medical Device Regulatory Forum
SAHPRA - South African Health Products Regulatory Authority
SOP -Standard Operating Procedure.
QMS - Quality Management System
7. References
7. References
ISO13485 clauses 4.2
PROCEDURE FOR PREVENTIVE AND CORRECTIVE ACTION AND HANDLING OF NONCONFORMING PRODUCT
8. Procedure
8. Procedure
8.1 FORMAT
8.1 FORMAT
Procedures are presented on the Google Site dashboard and the FORMAT for procedures are as per this SOP refer Content table only at Heading level as subheading may vary depending on content e.g. under heading Procedures
Format varies for FORMS, SHEETS, Work Instructions, which maybe video's, flow diagrams and TECHNICAL DOCUMENTATION for products
Format for QUALITY POLICY includes Policy, Responsibilities, Revision History and RECORDS, as applicable
Format for the Quality Manual is defined by the contents table in the document
The Format, if applicable, for Medical Device File maybe be that of the Principal Supplier or if manufactured locally then the IMDRF format is recommended
8.2 REQUIREMENTS
8.2 REQUIREMENTS
The Documentation requirements (4.2) for the quality management system documentation includes:
a) documented statements of a quality policy and quality objectives;
b) a quality manual;
c) documented procedures and records required by this International Standard;
d) documents, including records, determined by the organization to be necessary to ensure the effective planning, operation, and control of its processes;
e) other documentation specified by applicable regulatory requirements.
Click on the heading to go to the Quality manual which includes:
a) the scope of the quality management system, including details of and justification for any exclusion or non-application;
b) the documented procedures for the quality management system, or reference to them;
c) a description of the interaction between the processes of the quality management system'
and outlines the structure of the documentation used in the quality management system in the form of the google site with headers identifying the relevant procedures
8.4 Approval
8.4 Approval
As defined in Responsibilities where the revision is stated and then Signed Initials followed by date DD.MM.YYYY is completed and the document published
8.5 Changes
8.5 Changes
Change to documents are recorded in the revision history and only allowed by the author of the document or process owner, administrator or CEO of the document referred in the Responsibilities Heading. A change maybe done if the person has EDIT "shared" rights, where a changed is done and Signed Initials / EDITED followed by date DD.MM.YYYY is completed and published, the Approval responsibility is notified by email to conclude Approval
The REVISION HISTORY heading is completed; ONLY the past 5 changes are to be recorded as Revisions on the Site post certification and during QMS implementation all the changes to be recorded on a document revision report and saved in a OBSOLETE document folder to illustrate the development of the process document. Example of the REVISION HISTORY format is in the heading section below
8.6 Obsolete
8.6 Obsolete
The Management Representative, or Director, is responsible for the withdrawal, re-issuing and disposal of documents after an update has taken place. No documents are obsoleted as this is electronically managed in Googles Sites Tab Revision History
In the event of Invalid and/or obsolete hard copy documents, they are removed, from all points of issue or use. At least one copy of previous revisions of paper documents are archived, clearly indicating " OBSOLETE ", scanned and placed in the document history Tab in the Google drive site
8.7 Distribution
8.7 Distribution
There is no formal Distribution for procedures as access and visibly is through email address access control provision by the Director.
A copy of all Medical Device Files, if applicable, are retained for at least 5 years after the product’s life cycle. A copy must be available to the Authorised Representative; generally through the supplier agreement.
8.8 External Documents
8.8 External Documents
Documents such as ISO standards, contracts, drawings are logged on a Google Drive under Documentation LIST OF EXTERNAL DOCUMENTS
Note that the SAHPRA Licenses follow SAHPRA guidelines that are tabled on the SAHPRA website
8.9 POPI
8.9 POPI
To comply with the Protection of Personal Information the POLICY is to be followed and a FORM can be completed as a RECORD
8.10 STANDARDS, LAWS AND DIRECTIVES
8.10 STANDARDS, LAWS AND DIRECTIVES
The Management Representative/ Director maintains access to all applicable Standards, laws and directives through the SAHPRA website www.sahpra.org.za, accessibility on the internet, in a folder in ISO in Google drive.
Where updating has taken place, the new standards/laws are brought to the attention of all employees concerned by email by the management representative as necessary to the function and role of the employee.
Refer SOP Regulatory Control
8.11 LABELS AND IFU APPROVAL
8.11 LABELS AND IFU APPROVAL
Labeling is provided as per the requirements as per the Medical Device File below
Sample of a label
Labelling and instructions for use (IFU) are provided by the manufacturer. Loan sets maybe processed as per decontamination process and reference labels are applied as required by SANS1541
The Labeling and Literature may be translated into the official language, where required. A technical translator with competence in the product and language shall verify and authorise it.
The labeling and literature should be controlled by means of document control where relevant. All new or altered labels shall be submitted to the Director for Approval, who signs and dates the document, which is filed in the Technical file prior to release of a print order and before printing will commence. A Copy of the Approved document is submitted for printing, where required.
8.12 MEDICAL DEVICE FILE
8.12 MEDICAL DEVICE FILE
The Medical Device File (4.2.3), for each medical device type or medical device family, a file is developed and maintained either containing or referencing documents generated to demonstrate conformity to the requirement of this International Standard and compliance with applicable regulatory requirements.
For PRINCIPAL Suppliers the responsibility of the Medical Device is with the Manufacturer where access is enabled through a contract agreement or declaration of supply
The content of the file(s) shall include fulfillment to Essential Principles of Safety and Performance of the device to the Intended use and also, but is not limited to:
a) general description of the medical device, intended use/purpose, and labeling, including any instructions for use;
b) specifications for product;
c) specifications or procedures for manufacturing, packaging, storage, handling and distribution;
d) procedures for measuring and monitoring;
e) as appropriate, requirements for installation;
f) as appropriate, procedures for servicing.
8.13 COMPUTER DATA CONTROL
8.13 COMPUTER DATA CONTROL
PASSWORD ACCESS CONTROL
A two level password system shall be used. (A User Identification "user name" and a "password"). The Director, through the user parameter set-up, shall grant specific authorities for each and every user profile.
The users shall keep passwords confidential. Duplicate user identifications shall not be allowed. Misuse of any password is considered a serious offence and will be treated accordingly. Virus protection software shall be installed and maintained.
refer Cybersecurity Policy
BACKUP CONTROL
It needs to be mentioned that all documentation is backed-up in the web through Google Documents.
GOOGLE DRIVE can also be backed up by following the COG tab and CLICK Download Drive - saves into "downloads folder" and save it in a company folder "Google Drive Backup)
8.14 RECORDS STRATEGY
8.14 RECORDS STRATEGY
Records are maintained to provide evidence of conformity to requirements and of the effective operation of the quality management system.
RECORDS are defined in each SOP, as relevant and as an output requirement to Risk based approach and the RECORDS heading is completed
Name Retained by/ in Retention period Hard copies Destroyed by
file name of the document DRIVE or if physically the location as defined below Responsibilities name
All data and records are indelible, legible and identifiable to the product or process involved and stored and maintained in such a way that they are readily retrievable in facilities that provide a suitable environment to minimise deterioration or damage and to prevent loss.
Google Drive is a source of RECORDS and as an electronic media fulfills the above
8.14. 1 METHOD OF DETERMINING RETENTION TIME
8.14. 1 METHOD OF DETERMINING RETENTION TIME
The following inputs shall be considered where decisions are made with regards to retention times: National laws, Statutory Requirements, such as the Medical Device Directive, the Life of the Product.
Where documentation is stored may be detailed in the relevant SOP and what the minimum retention period is or its is electronically recorded in the Google Site ERP
The controls needed for the identification, storage, security and integrity, retrieval, retention time and disposition of records are defined in the SOP or this format; but managed through google site.
The method for protecting confidential health information contained in records in accordance with the applicable regulatory requirements is provided through password control
If applicable, the organization shall retain the records for at least the lifetime of the medical device as defined by the organization, or as specified by applicable regulatory requirements, but not less than two years from the medical device release by the organization.
8.14.2 STORAGE OF RECORDS
8.14.2 STORAGE OF RECORDS
All quality records must be stored in a manner which allows for Identification, Preservation, Accessibility and Retrieval; which is covered by Google through password control and Revision History
Good housekeeping must be maintained in all filing areas and FOLDERS.
Documents maybe stored in the warehouse in boxes but they must be sealed for protection and labelled to facilitate destruction on retention time expiry
Electronic records are protected as per BACKUP CONTROL
8.14.3 RECORD DESTRUCTION
8.14.3 RECORD DESTRUCTION
After expiry of the stated retention periods, the quality records must be removed from storage areas and destroyed by the Quality Manager or delegate. Records must be destroyed by means of shredding or incineration, to ensure the security of information.
Google documentation remains on the icloud indefinitely, unless deleted as per Change Control above
9. Risk Based Approach
9. Risk Based Approach
In the event of non compliance follow SOP NON CONFORMANCE CORRECTIVE ACTION
[Risk Assessment to is found in SOP PREVENTIVE ACTION RISK ASSESSMENT refer Document]
10. REVISION HISTORY
10. REVISION HISTORY
Revision 12, 2.10.2024 - HJM - Added paragraph at Pt 3 wrt confidential info and the protection of same
Revision 11, 05.03.2024 - SZ - approved, change in responsibilities 4.
Revision 10, 17.05.2022 - NT - approval by HM
Revision 9, 16.11.2021 - NT Signed off from TNA
Revision 8, 10.06.2021- TNA - addition to items 5 / 6 / 8.1 / 8.2 / 8.4 / 8.8 / 8.9 / 8.12 / 8.13 / 8.14.2
Revision 7, 03.02.2021 (TNA) New format with Responsibilities, Risk based approach and Records added and new google site format. Also definition of the Approval, Change, revision and records aligned to the new Google Site process / amending links and forms
Revision 6, Digitally signed on 07.11.2019 by NT
Revision 1-5, unknown due to google site change to new google site
11. RECORDS
11. RECORDS
Name Retained by/ in Retention period Hard copies Destroyed by
As per SOP n/a as per SOP as per SOP
On Google Drive n/a indefinite n/a
Page updated
Google Sites
Report abuse