Document and Record Controls
Document and record controls underpin the entire KGMP system (ISO 13485:2016 Sections 4.2.4 and 4.2.5).
Document control requirements
- All quality documents (procedures, work instructions, forms) must be reviewed, approved, and version-controlled
- Current versions must be available at all points of use
- Obsolete documents must be removed from points of use and identified as obsolete
- Changes to documents must be reviewed and approved by the original approving function or a designated authority
Record control requirements
- Quality records must be legible, identifiable, retrievable, and protected from deterioration
- Retention periods must be defined — KGMP specifies minimum retention periods
- Device history records: typically at least the lifetime of the device + 1 year (minimum 5 years, or per product requirement)
- Records must be protected from unauthorised modification
Electronic records
Electronic document and record management systems are acceptable if validated to ensure integrity, security, and accessibility.