18069717650
0572-5528222 0572-5528378
18069717650
0572-5528222 0572-5528378
Release time:2025-10-14
Electronic record management requirements explicitly defined for the first time; regulatory identification responsibility becomes a new highlight
Chapter 6 "Document and Data Management" has undergone significant upgrades. This chapter expanded from 4 articles in the original version to 5 articles, not only detailing traditional document management requirements but also systematically introducing normative requirements for electronic records and data management for the first time.
I. Structural Optimization and Scope Expansion
Upgraded chapter name: Changed from "Document Management" to "Document and Data Management," explicitly incorporating data management into the regulatory scope.
Expanded articles: Increased from 4 to 5 articles, adding a dedicated article for electronic records and data management.
Refined requirements: Put forward more specific requirements for document control and record management.
II. In-Depth Analysis of New Key Requirements
1.Refined Document Control Requirements (Article 42)
New controlled method requirement: Requires defining appropriate control methods based on the document's purpose and type.
Extended retention period: Clarifies that the retention period for obsolete documents must meet the needs of product maintenance and quality liability traceability.
Strengthened status identification: Requires the ability to identify the revision or update status of documents.
2.New Regulatory Identification Responsibility (Article 43)
Clear responsible entity: Requires designating a department or personnel responsible for identifying changes in regulations.
Timely update requirement: Requires timely updates to quality management system documents.
Establishes monitoring mechanism: Provides a basis for enterprises to establish a mechanism for monitoring regulatory changes.
3.Clarified Electronic Record Management (Article 45)
Five key attributes: Ensures electronic records are authentic, accurate, complete, timely, and traceable.
Access control: Requires establishing user access management to ensure permissions are effectively controlled.
Change traceability: Changes and deletions must be performed by authorized personnel, and records of such actions must be retained.
Backup requirement: Requires backups to be made, accessible for consultation during the retention period.
III. Comparative Analysis of Management Requirements
Management Dimension | 2014 Version Requirement | 2025 Revised Draft Requirement | Significance of Change |
Management Scope | Document Management | Document and Data Management | Expanded scope, includes electronic data |
Regulatory Identification | Not explicitly required | Designate department/personnel for regulatory changes | Establishes regulatory monitoring mechanism |
Electronic Records | Not explicitly required | Detailed electronic record management requirements | Adapts to digital development trends |
Document Control | Basic control requirements | Define control methods based on purpose and type | More refined requirements |
Retention Period | Not less than 2 years | Must meet product maintenance and traceability needs | Stricter requirements |
IV. Impact on Enterprises and Implementation Suggestions
Immediate Action Items:
1. Establish Regulatory Identification Mechanism
Designate a specific department or personnel responsible for regulatory identification.
Establish a mechanism for monitoring and alerting about regulatory changes.
Develop procedures for updating system documents.
2. Assess Electronic Record Systems
Evaluate the compliance of existing electronic record systems.
Establish user access management and change traceability mechanisms.
Develop backup and recovery plans for electronic records.
3. Optimize Document Control System
Develop differentiated control methods based on document purpose and type.
Improve procedures for managing the storage of obsolete documents.
Strengthen the mechanism for identifying document status.
Medium to Long-Term Construction Focus:
1. Informatization Management System Construction
Consider introducing a Document Management System (DMS).
Establish a full lifecycle management platform for electronic records.
Realize the digitalization of document control and record management.
2. Intelligent Regulatory Monitoring System
Establish a regulatory database and change alert system.
Realize the associated management of regulatory requirements and system documents.
Develop self-inspection tools for compliance.
3. Data Integrity Assurance
Establish data integrity management procedures.
Implement regular data audits and validation.
Strengthen personnel training on data integrity.
The revision of Chapter 6 reflects a significant transformation in document management philosophy: shifting from traditional paper-based document management to electronic data management, from static control to dynamic monitoring, and from compliance requirements to data integrity assurance.
Enterprises need to establish a more systematic and refined document and data management system to ensure the integrity, accuracy, and traceability of quality information. It is recommended that enterprises initiate the assessment and upgrade of their document management systems as soon as possible to be fully prepared for the new regulation implementation.
Attached at the end is a comparison of Chapter 6 content between the old and new versions of the "Medical Device Production Quality Management Guifan".
Medical Device Production Quality Management Guifan (Revised Draft for Comments) | Medical Device Production Quality Management Guifan (2014 No. 64) |
Chapter 6: Document and Data Management | Chapter 5: Document Management |
Article 41 [General Requirements] Enterprises shall establish and maintain a quality management system documentation, including the quality policy and quality objectives, quality manual, procedural documents, technical documents and records, as well as other documents required by regulations. The quality manual shall define the quality management system. Procedural documents shall be developed based on the actual needs of product design and development, production, and quality management, and shall include all procedures stipulated in this Guifan. Technical documents shall include product technical requirements and relevant standards, production process procedures, work instructions, inspection and testing operating procedures, installation and service operating procedures, and other related documents. | Article 24 Enterprises shall establish and maintain quality management system documentation, including the quality policy and quality objectives, quality manual, procedural documents, technical documents and records, as well as other documents required by regulations. The quality manual shall define the quality management system. Procedural documents shall be developed based on the various work procedures required during product production and quality management processes, and shall include all procedures stipulated in this Guifan. Technical documents shall include product technical requirements and relevant standards, production process procedures, work instructions, inspection and testing operating procedures, installation and service operating procedures, and other related documents. |
Article 42 [Document Management] Enterprises shall establish document control procedures to systematically design, develop, review, approve, distribute, and retain quality management system documents, meeting at least the following requirements: (1) The drafting, revision, review, approval, replacement, withdrawal, storage, and destruction of documents shall be managed according to control procedures, with corresponding records of distribution, replacement, withdrawal, and destruction. Appropriate control methods shall be defined based on the purpose and type of documents. (2) When revising or updating documents, review and approval shall be conducted, and the revision or update status of the documents shall be clearly identifiable. (3) Distributed and used documents shall be the appropriate version. Withdrawn or obsolete documents shall be clearly marked to prevent misuse. (4) The retention period for necessary quality management system documents, such as technical documents, after they become obsolete shall be defined to meet the needs of product maintenance and quality liability traceability. | Article 25 Enterprises shall establish document control procedures to systematically design, develop, review, approve, and distribute quality management system documents, meeting at least the following requirements: (1) The drafting, revision, review, approval, replacement, withdrawal, copying, storage, and destruction of documents shall be managed according to control procedures, with corresponding records of distribution, replacement, withdrawal, copying, and destruction. (2) When updating or revising documents, review and approval shall be conducted as required, and the change and revision status of the documents shall be identifiable. (3) Distributed and used documents shall be the appropriate version. Withdrawn or obsolete documents shall be clearly marked to prevent misuse. Article 26 Enterprises shall determine the retention period for necessary quality management system documents, such as obsolete technical documents, to meet the needs of product maintenance and quality liability traceability. |
Article 43 [Regulatory Identification] Enterprises shall designate a department or personnel responsible for identifying changes in external documents, such as medical device-related laws, regulations, standards, and guidelines, and promptly update the quality management system documents accordingly. | |
Article 44 [Record Management] Enterprises shall establish record control procedures, including requirements for record identification, storage, retrieval, retention period, and disposal, meeting the following requirements: (1) Records shall ensure the traceability of activities such as product design and development, production, quality control, and release. (2) Records shall be clear, complete, easily identifiable and retrievable, and protected from damage or loss. (3) Records shall not be altered or destroyed arbitrarily. Changes to records shall be signed with the name and date, and the original information shall remain clearly legible. If necessary, the reason for the change shall be stated. (4) The retention period for records shall be at least consistent with the lifetime of the medical device or comply with relevant regulatory requirements, and shall be no less than two years from the date of product release. | Article 27 Enterprises shall establish record control procedures, including requirements for record identification, storage, retrieval, retention period, and disposal, meeting the following requirements: (1) Records shall ensure the traceability of activities such as product production and quality control. (2) Records shall be clear, complete, easily identifiable and retrievable, and protected from damage or loss. (3) Records shall not be altered or destroyed arbitrarily. Changes to records shall be signed with the name and date, and the original information shall remain clearly legible. If necessary, the reason for the change shall be stated. (4) The retention period for records shall be at least equivalent to the lifetime of the medical device as stipulated by the enterprise, but shall be no less than two years from the date of product release, or comply with relevant regulatory requirements, and shall be traceable. |
Article 45 [Electronic Records and Data Management] When using information systems to generate electronic records or data, enterprises shall ensure the authenticity, accuracy, completeness, timeliness, and traceability of the electronic records or data, and comply with the following requirements: (1) Establish user access management to ensure that permissions affecting the authenticity and accuracy of electronic records or data are effectively controlled. (2) Changes and deletions to electronic records or data shall be performed by authorized personnel, and records of such changes and deletions shall be retained. (3) Electronic records or data shall be backed up, with a retention period not shorter than the record retention period defined in this chapter, and shall be easily accessible during the retention period. |
