Implementation, maintenance, training, and knowledge products for Information Security Management Systems (ISMS) according to the ISO 27001 standard.
Automate your ISMS implementation and maintenance with the Risk Register, Statement of Applicability, and wizards for all required documents.
All required policies, procedures, and forms to implement an ISMS according to ISO 27001.
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful ISMS.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Compliance and training products for critical infrastructure organizations for the European Union’s Network and Information Systems cybersecurity directive.
All required policies, procedures, and forms to comply with the NIS 2 cybersecurity directive.
Company-wide training program for employees and senior management to comply with Article 20 of the NIS 2 cybersecurity directive.
Compliance and training products for personal data protection according to the European Union’s General Data Protection Regulation.
All required policies, procedures, and forms to comply with the EU GDPR privacy regulation.
Accredited courses for individuals and privacy professionals who want the highest-quality training and certification.
Implementation, training, and knowledge products for Quality Management Systems (QMS) according to the ISO 9001 standard.
All required policies, procedures, and forms to implement a QMS according to ISO 9001.
Accredited courses for individuals and quality professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 and the QMS using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for Environmental Management Systems (EMS) according to the ISO 14001 standard.
All required policies, procedures, and forms to implement an EMS according to ISO 14001.
Accredited courses for individuals and environmental professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 14001 and the EMS using Advisera’s proprietary AI-powered knowledge base.
Implementation and training products for Occupational Health & Safety Management Systems (OHSMS) according to the ISO 45001 standard.
All required policies, procedures, and forms to implement an OHSMS according to ISO 45001.
Accredited courses for individuals and health & safety professionals who want the highest-quality training and certification.
Implementation and training products for medical device Quality Management Systems (QMS) according to the ISO 13485 standard.
All required policies, procedures, and forms to implement a medical device QMS according to ISO 13485.
Accredited courses for individuals and medical device professionals who want the highest-quality training and certification.
Compliance products for the European Union’s Medical Device Regulation.
All required policies, procedures, and forms to comply with the EU MDR.
Implementation products for Information Technology Service Management Systems (ITSMS) according to the ISO 20000 standard.
All required policies, procedures, and forms to implement an ITSMS according to ISO 20000.
Implementation products for Business Continuity Management Systems (BCMS) according to the ISO 22301 standard.
All required policies, procedures, and forms to implement a BCMS according to ISO 22301.
Implementation products for testing and calibration laboratories according to the ISO 17025 standard.
All required policies, procedures, and forms to implement ISO 17025 in a laboratory.
Implementation products for automotive Quality Management Systems (QMS) according to the IATF 16949 standard.
All required policies, procedures, and forms to implement an automotive QMS according to IATF 16949.
Implementation products for aerospace Quality Management Systems (QMS) according to the AS9100 standard.
All required policies, procedures, and forms to implement an aerospace QMS according to AS9100.
Implementation, maintenance, training, and knowledge products for consultancies.
Handle multiple ISO 27001 projects by automating repetitive tasks during ISMS implementation.
All required policies, procedures, and forms to implement various standards and regulations for your clients.
Organize company-wide cybersecurity awareness program for your client’s employees and support a successful cybersecurity program.
Accredited ISO 27001, 9001, 14001, 45001, and 13485 courses for professionals who want the highest-quality training and recognized certification.
Get instant answers to any questions related to ISO 27001 (ISMS), ISO 9001 (QMS), and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Find new clients, potential partners, and collaborators and meet a community of like-minded professionals locally and globally.
Implementation, maintenance, training, and knowledge products for the IT industry.
Automate your ISMS implementation and maintenance with the Risk Register, Statement of Applicability, and wizards for all required documents.
Documentation to comply with ISO 27001 (cybersecurity), ISO 22301 (business continuity), ISO 20000 (IT service management), GDPR (privacy), and NIS 2 (cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Compliance, training, and knowledge products for essential and important organizations.
Documentation to comply with NIS 2 (cybersecurity), GDPR (privacy), ISO 27001 (cybersecurity), and ISO 22301 (business continuity).
Company-wide training program for employees and senior management to comply with Article 20 of the NIS 2 cybersecurity directive.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for manufacturing companies.
Documentation to comply with ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety).
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 (QMS) and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for transportation & distribution companies.
Documentation to comply with ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety).
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 (QMS) and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for schools, universities, and other educational organizations.
Documentation to comply with ISO 27001 (cybersecurity), ISO 9001 (quality), and GDPR (privacy).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 (ISMS) and ISO 9001 (QMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, maintenance, training, and knowledge products for telecoms.
Automate your ISMS implementation and maintenance with the Risk Register, Statement of Applicability, and wizards for all required documents.
Documentation to comply with ISO 27001 (cybersecurity), ISO 22301 (business continuity), ISO 20000 (IT service management), GDPR (privacy), and NIS 2 (cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Implementation, maintenance, training, and knowledge products for banks, insurance companies, and other financial organizations.
Automate your ISMS implementation and maintenance with the Risk Register, Statement of Applicability, and wizards for all required documents.
Documentation to comply with ISO 27001 (cybersecurity), ISO 22301 (business continuity), GDPR (privacy), and NIS 2 (cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for local, regional, and national government entities.
Documentation to comply with ISO 27001 (cybersecurity), ISO 9001 (quality), GDPR (privacy), and NIS 2 (cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 (ISMS) and ISO 9001 (QMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for hospitals and other health organizations.
Documentation to comply with ISO 27001 (cybersecurity), ISO 9001 (quality), ISO 14001 (environmental), ISO 45001 (health & safety), and GDPR (privacy).
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 (ISMS), ISO 9001 (QMS), and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for the medical device industry.
Documentation to comply with MDR and ISO 13485 (medical device), ISO 27001 (cybersecurity), ISO 9001 (quality), ISO 14001 (environmental), ISO 45001 (health & safety), and GDPR (privacy).
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 (ISMS), ISO 9001 (QMS), and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for the aerospace industry.
Documentation to comply with AS9100 (aerospace), ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety).
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 (QMS) and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for the automotive industry.
Documentation to comply with IATF 16949 (automotive), ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety).
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 (QMS) and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for laboratories.
Documentation to comply with ISO 17025 (testing and calibration laboratories) and ISO 9001 (quality).
Accredited courses for individuals and quality professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 and the QMS using Advisera’s proprietary AI-powered knowledge base.
Updated: September 14, 2023.
The main purpose of technical documentation in the EU Medical Device Regulation (MDR) is to prove that a medical device meets the general safety and performance requirements. Regardless of the class, technical documentation is mandatory for all medical devices. Requirements regarding the technical documentation are covered in Annex 2 and Annex 3 of the MDR.
The definition of technical documentation for medical devices under the Medical Device Regulation (MDR) is a set of documents that provides evidence of a device's safety and performance. The documentation should include information on the device's design, manufacture, and intended use, as well as any clinical data or testing that has been conducted.
The MDR requires this documentation to be updated regularly, and for it to be made available to regulatory authorities upon request. The concept behind the MDR documents is to ensure the safety and efficacy of medical devices and to provide transparency and accountability to both regulatory agencies and end-users. It is an essential component of the regulatory process for medical devices in the European Union.
There is a strict requirement that technical documentation should be prepared in a clear, organized, readily searchable, and unambiguous manner. Very often, manufacturers prepare the technical file for medical devices, but the fact is that a notified body and another competent authority will review these documents. Therefore, it is important that everything stated in the technical documentation be understandable for those auditors. In this article, we will explain the key requirements for the medical device technical file according to the MDR.
According to Annex 2, medical device technical documentation is divided into the following sections:
Each chapter provides a set of requirements for medical device manufacturers to follow, which are described below.
The first chapter serves to introduce your device. The goal is for the reader to fully understand what your product is like, what it is made of, what its dimensions are, how many versions you have, whether it needs any accessories, what its intended use is, and who the users of the product are. Furthermore, it is necessary to describe how the product works, whether there are any warnings or precautions during use, and in which situations the product cannot be used (contraindications).
In this chapter, it is necessary to explain the system of assigning the basic UDI-DI and UDI-DI. It is also necessary to describe how the product is classified, by which rules from Annex 8, and how the product is classified (Article 51).
The information on the labels and instructions for use (IFU) must be in accordance with what you stated in the previous chapter. How to present this information, and to what extent this information may be on the labels and IFUs is provided in point 23 of the General safety and performance requirements (GSPR) (see next chapter).
You should also carefully select the language you will use on the labels and IFUs. Publicly available documents, such as labels and IFUs, must be made in one of the official languages of the EU and in the language required by the Member State. Note that in case of using multiple languages, you must have the translation process under control.
If you have a product that is certified according to the Medical Device Directive (MDD), keep in mind that significantly more information (symbols) needs to be put on the label. This means that you will have to revise the design of your label and perhaps, consequently, the packaging of the product.
For more information, read: How to comply with the MDR requirements for medical device labels.
For those manufacturers who start from the beginning and systematically monitor the development of their product, this part will not be a problem. They will simply attach all the documents that followed the product development (procedures, research plans, protocols, results of verification and validation). This part will be a problem for those manufacturers who already have their product certified according to the MDD, some for 20 years or more. It will then be necessary to retroactively compile the design documentation. The source of information and what elements should be covered by the design is best represented in point 7.3 Design and development of ISO 13485:2016.
To learn more, see How to manage design and development of medical devices according to ISO 13485:2016, or download the Design and Development File template.
Here it is necessary to describe your production process in as much detail as possible. Very often, an accurate flow diagram can be very useful. Also, all other companies involved in the production of your product in any way (such as sterilization, production of a particular part or accessory, or packaging) should be described here. These companies need to be presented with their full name and address, as well as a description of which part of the process they perform for you.
It is a good idea to attach a quality agreement with this section, as well as a description of how you, as the manufacturer, conduct control over your suppliers.
The GSPR are covered in Annex 1 of the MDR. The purpose of the GSPR is to provide evidence that your product is designed and manufactured in accordance with all applicable requirements, in order to ensure its safe use and effectiveness.
In practice, compliance with the GSPR is often achieved through the use of a checklist or table, with a column for applicability, justification (if not applicable) and method or standard that refers to a particular requirement. When a requirement applies, a simple statement of “YES“ to that particular requirement must be made. Also, you can state the method and harmonized or state-of-the-art standard with which you prove the compliance with certain requirements.
When a requirement is not applicable, a statement must be made as “NA” or “NO“ in the applicable column. Additionally, it is necessary to provide clear justification as to why the requirement is not applicable so that a third party can understand your reasoning. For example, for medical devices that are not sterile, for GSPR requirements 11.4 through 11.8, justification can be as follows: The device is not sterile and does not need to be, so this requirement is not applicable.
The requirement that extends through all elements of the technical documentation is risk. Each document we have listed so far is prepared from the risk point of view, in order to prove that you have taken all the necessary steps and measures to minimize the risks. Guidelines for risk management can be found in ISO 14971: 2019 Medical devices - Application of risk management to medical devices. In addition, the requirements listed in chapter 1 of GSPR need to be considered. To learn more, read this article: How to use ISO 14971 to manage risks for medical devices.
First, it is necessary to have a risk management procedure. Then, it is necessary to conduct a risk assessment for your product, for the entire life cycle of the product (from design, entry of raw materials into the warehouse, through the production itself to the use of the product by the patient or user and disposal). The next step is to introduce various measures to minimize these risks and keep them at that level. This risk assessment can have multiple formats, but the best known is the Failure Mode & Effects Analysis, or FMEA format.
After the risk analysis has been carried out, a special review must be made of the remaining risks (if any), whether they are acceptable or not. In case there are risks that are not acceptable even after the implementation of control measures, it is necessary to analyze them from the point of view of benefits in relation to that risk. The best example of a benefit/risk analysis is an x-ray device that is useful for imaging of the body, but if a woman is pregnant, she must not go for an x-ray because it is known that x-rays can cause harm to her unborn child.
This section covers all the tests you have done on your product to prove its safety and performance, such as:
The documentation for these pre-clinical data that needs to be attached are the protocols or plans and results of these tests. Besides pre-clinical data, it is important to get clinical data, which can be obtained by clinical evaluation or clinical investigation. The purpose of a clinical evaluation is to evaluate and analyze clinical data related to a medical device to provide evidence of the clinical safety and performance of the product. To learn more about the clinical evaluation and other MDR requirements, download this free white paper: 8-step transition process from MDD to MDR.
You need to understand that technical documentation is a living document: All changes that occur during the life cycle of a medical device must be registered. Be aware that, at any time, any of the competent authorities may request evidence from your technical documentation. It is your responsibility to be able to provide a valid document. To learn more, read this article: Common mistakes with ISO 13485:2016 documentation control and how to avoid them.
The EU MDR technical file prepared in accordance with Annex 2 needs to state the safety and efficacy of the product before it is placed on the market. However, monitoring performance in the post-market phase is crucial for the identification of risks during practical product use.
The post-market surveillance (PMS) system requires manufacturers to continuously and systematically monitor products to ensure that there are no malfunctions or undetected safety issues. The post-market surveillance system is covered in Annex 3 of the MDR.
The post-market surveillance system includes the following documents: PMS Procedure, PMS Plan, and PMS Reports (for all class I medical devices) or Periodic Safety Update Report (for classes IIa, IIb and III).
Although the MDR talks about the technical file requirements for a medical device to prove compliance, it does not provide explicit information regarding the structure and appearance of the documents. This means that all technical documentation will have the same content, but as far as the general structure or chapter structure that is followed, there will be differences from manufacturer to manufacturer.
From this review, it can be seen that the quality system documentation is intertwined with the technical documentation. It is not necessary to put all the quality system documentation back into the technical documentation; it is enough to state the link or location where the requested document is located.
The most important thing when preparing the technical documentation is that the more accurately you present and describe your product in the technical documentation, the fewer questions you will have during the audit.
To learn more about the MDR requirements for technical documentation, download this free white paper: FDA vs. EU MDR Technical Documentation Matrix.