The second article addresses the matters related to Quality Management System and documentation associated thereto. 



The Ethiopian Food and Drug Authority (EFDA), a country’s regulatory agency in the sphere of healthcare products, has published a guidance document dedicated to the good storage and distribution practices for medical devices. The document is intended to provide additional clarifications and recommendations regarding the way medical devices should be treated when stored before being supplied to end-users to ensure their safety, quality, and effectiveness. The scope of the guidelines covers, inter alia, the aspects related to:

  • Quality Management System,
  • Quality risk management,
  • Self-audit,
  • Management review,
  • Complaints and recalls, 
  • Specific requirements to be followed for premises, personnel, and activities. 


Quality Management System 

According to the guidelines, all parties engaged in the storage and distribution of medical devices should establish, document, implement and maintain a quality management system applicable to the type of activities involved and maintain its effectiveness that is adequately robust to meet the requirements set out in this guideline and other EFDA published documents. The authority also mentions that in case an entity that carries out operations with medical devices decides to outsource some of the functions, which are closely connected to the quality of medical devices that are stored or transported, such an entity should be responsible for such processes. 

The authority further outlines the scope of responsibilities of an entity involved in operations with medical devices. According to the document, such an entity should: 

  • Identify key function persons responsible for specific operations related to medical devices (e.g., handling, storage). 
  • Specify the responsibilities of key function persons.
  • Make sure that all responsible staff members have everything they need to be able to fulfill their obligations. 
  • Duly implement and follow the Good Storage Practices and Good Distribution Practices, which should be in line with existing legislation. 
  • Develop and implement a system ensuring that all issues would be duly identified and corrected. 

The EFDA pays special attention to the requirements related to documentation. As described in the guidelines, each entity should decide on the way the operations with documentation would be undertaken depending on the nature of activities, types of medical devices, the experience of the staff, and other aspects. The authority also mentions that the appropriate document procedures could be described in various forms, such as text or graphics. 

According to the guidance, the documentation should include: 

  • Quality manual;
  • Documented procedures required by the GSP & GDP guideline;
  • Documents needed by the organization to ensure the effective planning operation and control of its processes;
  • Records required by the GSP and GDP;
  • Any other documentation specified by the authority.

Apart from the documents listed hereinabove, an entity should duly develop and implement all the policies and procedures required due to the nature of its activities under the applicable legislation. 

A quality manual is a document that describes the way the documentation should be treated. The aspects to be addressed in the quality manual include: 

  • The scope of its quality management system;
  • The documented procedures for the QMS, or reference to them;
  • A description of the interaction between the processes of the QMS. 


As is mentioned by the EFDA, all the documents related to GSP and GDP should be subject to special control under the appropriate procedure to be developed and implemented by an entity. In particular, it is necessary to take the measures ensuring accuracy, availability, and traceability of documentation. 

Under the general rule, documented procedures should meet the following requirements: 

  • The underlying documents should be subject to review and approval before being implemented;
  • All changes and amendments to documents should be also reviewed and approved;
  • Change tracking measures should be implemented;
  • Relevant versions should be at all the times available in places when they will be used;
  • Measures are also to be implemented to ensure that documents remain legible and readily identifiable; 
  • Documents deriving from external sources should be subject to specific control;
  • The appropriate measures should be implemented to prevent alteration or loss of documentation. 
  • Documents that are no longer valid should not be used, and the possibility of their use should be excluded by the virtue of implementing necessary measures;
  • However, copies of the documents that are no longer relevant should be retained for a certain period. 

All entities involved in the storage and distribution of medical devices should duly develop and implement the system of record-keeping as prescribed under the applicable legislation. According to the guidelines, electronic records could be used, provided that there are specific measures implemented to ensure the integrity of records and prevent alterations, and there is a way to track changes. The documented procedure regarding the record-keeping, which should be developed and implemented by an entity, should cover such aspects as: 

  • The controls needed for the identification, storage, security and integrity, retrieval, retention time, and disposition of records; 
  • How to make records legible, readily identifiable, and retrievable;
  • How to make changes to a record remain identifiable. 

The authority explicitly states that according to the applicable regulatory requirements, the distribution and storage records should be kept within the time which is not shorter than the lifetime of a medical device in question, unless otherwise is prescribed by the respective legislation. In any case, the term during which the records are kept should not be less than two years from the date the product has been released by the medical device manufacturer. Under the general rule, should several periods be applicable, the longest one should be applied. 

Quality Risk Management 

Apart from developing documented procedures, an entity that carries out the activities related to medical devices should also establish a system to assess, control, communicate and review risks identified at all stages in the supply chain of medical devices under their control. The approach to be applied should be based on the risks associated with the devices in question, and other relevant factors. Furthermore, an entity should also duly develop and implement efficient mitigation controls that are necessary to address the risks. An entity should also perform periodic checks to ensure the effectiveness of the aforementioned measures. 



According to the guidelines, it is also necessary to perform internal audits to verify compliance with the respective practices. The authority mentions that such audits should be conducted at least once in two years. The audit procedure should be detailed enough and cover all the important aspects and elements. Should any issues be identified, the appropriate actions necessary to correct them should be taken without undue delay. Both the actions are taken and the results thereof should be duly recorded.

In summary, the present guidelines describe the approach to be applied for quality-related documentation and policies. The authority provides additional clarifications regarding the way new policies should be developed and implemented, and also describes in detail the applicable record-keeping requirements. 



How Can RegDesk Help?

RegDesk is a next-generation web-based software for medical device and IVD companies. Our cutting-edge platform uses machine learning to provide regulatory intelligence, application preparation, submission, and approvals management globally. Our clients also have access to our network of over 4000 compliance experts worldwide to obtain verification on critical questions. Applications that normally take 6 months to prepare can now be prepared within 6 days using RegDesk Dash(TM). Global expansion has never been this simple.