QSE 6 — Documents and Records

Key Concepts

Key Concepts: This QSE focuses on the need to maintain all documents and records in a manner that ensures their confidentiality, traceability, completeness, uniformity, and ability to be retrieved and located in a time deemed adequate. This QSE also includes the need to ensure data integrity and that all data can be backed up and retrieved.

Key Terms
Backup: Digital data and/or physical storage containing copies of relevant data.

Confidentiality: The protection of private, sensitive, or trusted information resources from unauthorized access or disclosure.

Data Integrity: The accuracy, completeness, and consistency of information.

Document (noun): Written or electronically generated information and work instructions. Examples of documents include quality manuals, procedures, or forms.

Document (verb): To capture information through writing or electronic media.

Label: An inscription affixed or attached to a product for identification.

Labeling: Information that is required or selected to accompany a product, which may include content, identification, description of processes, storage requirements, expiration date, cautionary statements, or indications for use.

Master List of Documents: A reference list, record, or repository of an organization’s policies, processes, procedures, forms, and labels related to the RT Standards, including information for document control.

Record (noun): Information captured in writing or through electronically generated media that provides objective evidence of activities that have been performed or results that have been achieved, such as test recordsor audit results. Records do not exist until the activity has been performed and documented.

Record (verb): To capture information for use in records through writing or electronic media.

Examples of Objective Evidence:

• Policies, processes, and procedures related to this chapter.
• Records of activities performed.
• Record system.
• Master list of documents.
• An electronic record system, if applicable.
• Uniform storage media and ability to track newer technologies to older ones as needed.
• Evidence of document and record review.
• Evidence of standardized formats for all documents and records.
• Record retention periods.
• Record traceability.
• Data backup plans.
• Record change process.
• Obsolescence of records and disposition.
• Record destruction.

6.0 Documents and Records

The organization shall ensure that documents and records are created, stored, and archived in accordance with record retention policies.

Guidance

This standard sets forth requirements for two separate types of written or electronically captured materials: documents and records. Because the integrity of a quality system is dependent on its documents and records, a whole section of the CT Standards is dedicated to ensuring that the program has processes and procedures for controlling its documents. These CT Standards draw a distinction between documents and records; the glossary provides definitions. Records should be created concurrently and be attributable, legible, contemporaneous, original, accurate, and complete. These records should be stored in a manner that protects their integrity for a defined period that meets or exceeds the requirements of these CT Standards or the applicable regulatory authority. (SS)

☑ Actionable Checklist

• Develop and implement an SOP for document creation, storage, and archiving.
  • Include procedures for ensuring documents are attributable, legible, and contemporaneous.
• Establish a record retention policy that meets or exceeds regulatory requirements.
  • Define retention periods for different types of records.
• Implement a system for electronic and physical document storage that ensures integrity and security.
  • Regularly review and update access controls for document storage systems.
• Conduct regular audits to verify compliance with document and record management procedures.
  • Document findings and implement corrective actions as needed.
• Maintain a log of all document revisions, including dates and responsible personnel.
• Ensure all personnel are trained on document and record management SOPs and retention policies.
  • Keep training records and competency evaluations up to date.

6.1 Document Control

The organization shall control all documents that relate to the requirements of these CT Standards. Documents shall be protected from unauthorized access and accidental or unauthorized modification, deletion, or destruction.

Guidance

Standard 6.1 Document Control, is a commonly cited standard for nonconformances. Examples of the reasoning behind the nonconformances include the following:

1. Policies, processes, and procedures for document control are not being followed.
2. Outdated SOPs or forms are in use when they have been revised.
3. Uncontrolled documents are found in use.
4. Documents are not reviewed or approved before use. (SS)

The ​committee revised standard 6.1 based on updates to the AABB Quality System Essentials. (SC)

☑ Actionable Checklist

• Develop and implement a Document Control SOP that outlines procedures for document creation, approval, revision, and retirement.
  • Ensure the SOP includes processes for protecting documents from unauthorized access and modifications.
• Establish a document review and approval process, requiring signatures from designated personnel before documents are released for use.
• Implement a system to regularly audit and verify that only current and approved SOPs and forms are in use.
• Maintain a master list of all controlled documents, including their current revision status and location.
• Train all relevant personnel on the Document Control SOP and maintain records of training completion.
• Conduct periodic internal audits to identify and rectify any use of uncontrolled or outdated documents.

6.1.1 Format

Documents shall be in standardized formats. Additional policies, processes, and procedures (such as those in an operator’s manual or published in the AABB Technical Manual) may be incorporated by reference.

Guidance

To promote ease of use, all documents that are created by the facility are required to be in a standardized format, although other external documents may be incorporated by reference. The documents should include the purpose, materials, and equipment needed, and identified endpoints. Additional procedures developed by manufacturers or other facilities (such as those found in an operator’s manual or the AABB Technical Manual) may be incorporated by reference and need not be in the standardized format. Where procedures developed by manufacturers are incorporated by reference, the reference must include the insert or manual version number and which procedure is referenced, if there is more than one. Incorporation by reference is intended for unmodified procedures. Modified procedures must be incorporated into the laboratory’s own documentation. (SS)

The committee revised standard 6.1.1 based on updates to the AABB Quality System Essentials. (SC)

☑ Actionable Checklist

• Develop and implement a standardized document format template for all facility-created documents.
  • Ensure the template includes sections for purpose, materials, equipment, and endpoints.
• Review and update all existing documents to conform to the standardized format.
• Maintain a log of all external documents incorporated by reference, including version numbers and specific procedures referenced.
• Conduct regular audits to ensure compliance with the standardized format for all new and existing documents.
• Train staff on the importance of using standardized formats and how to incorporate external documents by reference.
• Document any modifications to external procedures and integrate them into the facility’s documentation as new SOPs.

6.1.2 Document Review, Approval, and Distribution

[Cord blood applicable]

The document control process shall ensure that documents:

1. Are reviewed by personnel trained and/or qualified in the subject area.
2. Are approved by an authorized individual.
3. Are identified with the current version and effective date.
4. Are available at all locations where operations covered by these CT Standards are performed.
5. Are not used when deemed invalid or obsolete.
6. Are identified as archived or obsolete when appropriate.

☑ Actionable Checklist

• Ensure all documents are reviewed by personnel trained and/or qualified in the subject area.
  • Maintain a list of qualified personnel for document review.
  • Verify training records for personnel involved in document review.
• Implement a process for document approval by an authorized individual.
  • Maintain a log of authorized approvers for each document type.
• Identify all documents with the current version and effective date.
  • Use a document control system to track version history and effective dates.
• Ensure documents are available at all locations where operations covered by CT Standards are performed.
  • Conduct periodic audits to verify document availability at relevant locations.
• Implement a process to prevent the use of invalid or obsolete documents.
  • Regularly review and update the document control system to flag obsolete documents.
• Clearly identify documents as archived or obsolete when appropriate.
  • Maintain an archive log for all obsolete documents.

6.1.3 Document Changes

[Cord blood applicable]

Changes to documents shall be reviewed and approved by an authorized individual.

Guidance

The committee revised standard 6.1.3 based on updates to the AABB Quality System Essentials. (SC)

☑ Actionable Checklist

• Ensure all document changes are reviewed by an authorized individual prior to implementation.
  • Maintain a list of authorized individuals for document review and approval.
• Implement a Document Change Request (DCR) form to track all proposed changes.
  • Include sections for description, rationale, and impact assessment of changes.
• Update SOPs to reflect the process for document change review and approval.
• Keep a log of all document changes, including date of approval and authorized signatory.
• Conduct regular audits to verify compliance with document change procedures.
• Train staff on the document change process and maintain records of training completion.

6.1.3.1

The organization shall track changes to documents.

☑ Actionable Checklist

• Implement a document control system to track all document versions.
  • Use a version control log to record changes, including date, author, and summary of changes.
• Establish an SOP for document change management, including approval processes.
• Maintain a master list of current documents with revision history.
• Ensure all staff are trained on the document control process and maintain training records.
• Conduct regular audits to verify compliance with document tracking procedures.
• Review and update the document control SOP annually or as needed.

6.1.4 Master List of Documents

[Cord blood applicable]

The organization shall maintain complete lists of all active policies, processes, procedures, labels, forms, and other documents that relate to the requirements of these CT Standards.

Guidance

All facilities are required to maintain a master list of current policies, processes, procedures, and forms. The master list may be in printed or electronic format. It is recommended that a master list include the following information: title of document, holder (owner or person responsible) of document, current revision number, and date of implementation. It is acceptable for separate departments within a facility to control documents differently; however, there should be a system that links them. An example of a master list is a table of contents for a quality manual. The master list will be an effective tool in preventing obsolete documents from being used. It may also be helpful to new employees in locating a specific document.

Facilities may organize a master list by linking a policy with related processes, related procedures, and related forms. Alternatively, there may be a comprehensive list of all policies, another list of processes, a list of procedures, and a list of forms.

It is not necessary to maintain a master manual of the text of all policies, processes, and procedures. It is important to identify the individuals who control the master list. Often, the individual departments control the master list. For example, the department director’s assistant might control the master list on their computer. The intent is to indicate that it is acceptable to have multiple master lists as long as the document control system is defined in the processes and procedures. Regardless of who controls the master list, executive management should always have a list of all departmental master lists or access to all departmental master lists. In some instances, departments include the master lists of other departments in their manuals so that staff can see whether a process or procedure already exists in another department. (SS)

☑ Actionable Checklist

• Create and maintain a master list of all active policies, processes, procedures, labels, forms, and other relevant documents.
  • Include document title, owner, current revision number, and date of implementation.
• Ensure the master list is accessible in both printed and electronic formats.
• Assign responsibility for maintaining the master list to designated individuals or departments.
• Implement a system to link related policies, processes, procedures, and forms.
• Regularly review and update the master list to prevent the use of obsolete documents.
• Provide executive management with access to all departmental master lists.

6.1.5 Review of Policies, Processes, and Procedures

[Cord blood applicable]

Review of each policy, process, and procedure shall be performed by an authorized individual at a minimum of every 2 years.

Guidance

Before implementation, it is required that all documents relating to the requirements of the quality system and the CT Standards be reviewed and approved by authorized individuals.

Document control requires that documents be changed or corrected in the same manner in which they are created. When revisions to existing documents are submitted for approval, those making decisions should have the appropriate information to make the decision. Once changes to documents are made, personnel have to be trained on the new processes or procedures.

Each program should identify who will:

1. Review the documents and how they will be reviewed, including manner and scope.
2. Define what level of authority will approve the final documents.

The same person may perform both functions. Written documentation of the medical director’s or designee’s review is required. This could be accomplished by initials and date of review for policies. Processes and procedures can be documented by a flow chart, and annual review can be documented by initials and date of review. Electronic documentation of directorial review is also acceptable. (SS)

☑ Actionable Checklist

• Identify and document the authorized individuals responsible for reviewing each policy, process, and procedure.
  • Ensure these individuals have the appropriate authority and expertise.
• Establish a schedule for the review of all policies, processes, and procedures at least every 2 years.
  • Maintain a log or calendar to track review dates and upcoming deadlines.
• Create or update an SOP detailing the review process, including the manner and scope of the review.
• Implement a system for documenting the review, such as initials and date on physical documents or electronic records.
• Ensure that any revisions to documents are approved by the designated authority before implementation.
• Conduct training for personnel on new or revised processes and procedures, and document completion in training records.

6.1.6 Document Retention

[Cord blood applicable]

The organization shall determine which documents shall be archived, destroyed, or made obsolete.

☑ Actionable Checklist

• Develop and implement an SOP for document retention, archiving, and destruction.
  • Include criteria for determining document status (archived, destroyed, obsolete).
• Create a document retention schedule that specifies retention periods for each document type.
• Maintain a log of all archived and destroyed documents, including dates and responsible personnel.
• Conduct annual reviews of document retention practices to ensure compliance with the SOP.
• Train staff on the document retention SOP and maintain training records.
• Perform regular audits to verify adherence to document retention policies and procedures.

6.1.7 Document Storage

Documents shall be stored in a manner that preserves integrity and legibility; protects from accidental or unauthorized access, loss, destruction, or modification; and ensures accessibility and retrievability.

☑ Actionable Checklist

• Implement a secure document storage system with access controls.
  • Assign user permissions for document access and modification.
• Develop an SOP for document storage and retrieval procedures.
• Conduct regular audits of document storage areas for compliance.
• Ensure all documents are backed up regularly and backups are stored securely.
• Maintain a log of document access and modifications.
• Train staff on document storage policies and procedures, and document training completion.

6.1.8 Document Retrieval

The organization shall ensure that documents are retrievable in a timely manner.

☑ Actionable Checklist

• Implement a document management system for easy retrieval.
  • Ensure all documents are indexed and searchable.
• Train staff on the use of the document management system.
  • Maintain training records for all staff.
• Conduct regular audits to verify document retrieval times.
  • Document audit findings and corrective actions.
• Establish a procedure for document retrieval requests.
  • Include response time targets in the SOP.
• Maintain a log of document retrieval requests and outcomes.
• Review and update the document retrieval process annually.

6.1.9

The organization shall use only current and valid documents. Applicable documents shall be available at all locations where activities essential to meeting the requirements of these CT Standards are performed.

Guidance

The committee added standard 6.1.9 based on updates to the AABB Quality System Essentials. (SC)

☑ Actionable Checklist

• Establish a centralized document control system to manage current and valid documents.
  • Ensure access to the document control system at all locations where essential activities are performed.
• Implement a document review schedule to verify the currency and validity of all documents.
  • Assign responsibility for regular document reviews to designated personnel.
• Conduct training for staff on accessing and using the document control system.
  • Maintain training records and competency evaluations for all staff involved.
• Perform regular audits to ensure only current documents are in use at all relevant locations.
  • Document findings and corrective actions from these audits.
• Develop an SOP for document revision and distribution processes.
  • Include procedures for retiring obsolete documents and notifying staff of updates.

6.2 Record Control

The organization shall maintain a system for identification, collection, indexing, accessing, filing, storage, maintenance, and disposition of original records.

Guidance

A record is information (captured in writing or in an electronically generated medium) that provides
objective evidence of activities that have been performed or results that have been achieved, such as test records or assessment results. Records do not exist until the activity has been performed and documented.

Records prove that:

1. A product or service conforms to specified requirements.
2. Each step of the quality system is being performed.

Records may be maintained in writing or an electronically generated format; however, their security has to be ensured. (SS)

The committee revised standard 6.2 based on updates to the AABB Quality System Essentials. (SC)

☑ Actionable Checklist

• Develop and implement an SOP for record identification, collection, indexing, accessing, filing, storage, maintenance, and disposition.
  • Include procedures for both physical and electronic records.
• Establish a secure and controlled environment for record storage to ensure confidentiality and integrity.
  • Implement access controls for electronic records.
  • Use locked cabinets or secure rooms for physical records.
• Create a records retention schedule specifying the duration for which each type of record must be kept.
  • Regularly review and update the retention schedule as needed.
• Conduct regular audits to verify compliance with record control procedures.
  • Document findings and corrective actions in audit reports.
• Train staff on record control procedures and maintain training records.
  • Evaluate staff competency in record management annually.
• Implement a system for tracking and documenting the disposition of records.
  • Ensure proper authorization and documentation for record destruction.

6.2.1 Records

Records shall be complete, retrievable in a period appropriate to the circumstances, and protected from accidental or unauthorized destruction or modification.

Guidance

The committee added standard 6.2.1 based on updates to the AABB Quality System Essentials. (SC) 

☑ Actionable Checklist

• Ensure all records are complete and include all necessary information.
  • Conduct regular audits to verify completeness of records.
• Implement a system for easy retrieval of records within an appropriate timeframe.
  • Test retrieval process regularly to ensure efficiency.
• Protect records from accidental destruction or unauthorized modification.
  • Use secure access controls and permissions for electronic records.
  • Store physical records in a secure, access-controlled environment.
• Maintain a backup system for electronic records to prevent data loss.
  • Regularly test backup and recovery processes.
• Review and update SOPs related to record management and protection.
• Train staff on procedures for record creation, retrieval, and protection.

6.2.2 Record Traceability

The records system shall ensure traceability of:

1. Critical activities performed.
2. The individual who performed the activity.
3. Date the activity was performed.
4. Time the activity was performed, if applicable.
5. Results obtained.
6. Method(s) used.
7. Equipment used.
8. Critical materials used.
9. The organization where the activity was performed.

Guidance

Facilities that collect cellular therapy products by apheresis that are for further manufacturing by a clinical trial sponsor or manufacturer should ensure that they maintain a chain of custody that includes concurrent, permanent, auditable documentation illustrating the guardianship of the cell (or gene) therapy product. (SS)

☑ Actionable Checklist

• Develop and maintain a Record Traceability SOP that outlines the documentation process for all critical activities.
  • Include procedures for documenting the individual, date, time, results, methods, equipment, materials, and organization.
• Implement a standardized form or electronic system to capture traceability data for each critical activity.
• Ensure all staff are trained on the Record Traceability SOP and maintain training records.
• Conduct regular audits to verify that traceability records are complete, accurate, and up-to-date.
• Establish a chain of custody log for cellular therapy products, ensuring it is auditable and permanently maintained.
• Review and update the Record Traceability SOP annually or as needed based on audit findings or regulatory changes.

6.2.3 Information to Be Retained

Records shall demonstrate that a material, product, or service conforms to specified requirements and that the quality system is operating effectively.

☑ Actionable Checklist

• Ensure all records demonstrate conformity to specified requirements for materials, products, and services.
  • Maintain a current list of all materials, products, and services with their specified requirements.
• Implement a system for tracking and documenting the quality system’s effectiveness.
  • Use a standardized form or log to record quality system performance data.
• Conduct regular reviews of records to verify compliance with specified requirements.
  • Schedule and document periodic record audits to ensure completeness and accuracy.
• Retain records in a secure and accessible manner for the required retention period.
  • Use a record retention log to track the retention period and disposal date for each record type.
• Develop and maintain SOPs for record creation, review, and retention.
  • Cross-reference SOPs with applicable standards and regulations in a crosswalk document.

6.2.3.1

Records from suppliers shall be an element of this information.

☑ Actionable Checklist

• Develop and maintain a Supplier Records SOP detailing the collection and management of supplier records.
  • Include procedures for verifying and documenting supplier qualifications.
• Create a Supplier Records Log to track receipt and review of all supplier records.
• Implement a process for regular review and update of supplier records to ensure current compliance.
• Conduct periodic audits of supplier records to verify completeness and accuracy.
• Train relevant staff on the Supplier Records SOP and document training completion.
• Include supplier records review in the agenda of management review meetings and document discussions.

6.2.4 Legibility

All records shall be legible and indelible.

☑ Actionable Checklist

• Implement SOP for documenting records ensuring legibility and indelibility.
  • Train staff on proper documentation techniques and use of approved writing instruments.
• Conduct quarterly audits of records to verify compliance with legibility and indelibility requirements.
• Maintain a log of all documentation errors and corrective actions taken.
• Use standardized forms and templates to ensure consistency in record-keeping.
• Review and update SOPs annually to incorporate any changes in documentation practices or tools.

6.2.5 Record Change

[Cord blood applicable]

The organization shall establish processes for changing records. The date and identity of the person making the change shall be recorded. Record changes shall not obscure previously recorded information.

Guidance

Unauthorized changes to records must not be allowed. For this reason, all changes to records must be controlled and traceable. The intent of this standard is to be sure that the original information recorded, which would be the information that was concurrently recorded as required in Standard 6.2.6, is still readable after changes are made. For a variety of reasons, including the possible need to track and trend changes made to records for process improvements, it is also important to be able to understand why changes were made to a record, who made the change, and when it was made. (SS)

☑ Actionable Checklist

• Establish a documented SOP for record changes, including authorization and traceability requirements.
  • Ensure the SOP includes steps for recording the date and identity of the person making the change.
  • Include procedures to ensure original information remains readable after changes.
• Implement a record change log to document all changes, including the reason for each change.
• Train all relevant personnel on the SOP for record changes and maintain training records.
• Conduct regular audits of record changes to ensure compliance with the SOP.
• Review and update the SOP for record changes annually or as needed based on audit findings or regulatory updates.

6.2.5.1

Changes to records (including electronic records) shall be verified for accuracy and completeness.

Guidance

The committee added standard 6.2.5.1 based on updates to the AABB Quality System Essentials. (SC)

☑ Actionable Checklist

• Implement a procedure for verifying changes to records, including electronic records, for accuracy and completeness.
  • Reference SOP for record change verification process.
• Train staff on the procedure for verifying record changes, ensuring understanding and compliance.
  • Maintain training records and competency evaluations.
• Conduct regular audits of record changes to ensure adherence to verification procedures.
  • Use an audit checklist specific to record change verification.
• Document all findings from record change audits and implement corrective actions as necessary.
  • Log deviations and CAPAs related to record changes.
• Review and update the record change verification procedure annually or as needed based on audit findings.
  • Document management reviews of the procedure.

6.2.5.2

Modifications or changes that can affect the safety of the recipient or quality of the cellular therapy product shall be approved by the authorized individual. Chain of identity shall be maintained.

Guidance

Unauthorized changes to records must not be allowed. For this reason, all changes to records must be controlled and traceable. The intent of this standard is to be sure that the original information recorded, which would be the information that was concurrently recorded as required in Standard 6.2.6, is still readable after changes are made. For a variety of reasons, including the possible need to track and trend changes made to records for process improvements, it is also important to be able to understand why changes were made to a record, who made the change, when it was made, and, per Standard 6.2.5.2, who authorized the change if the change impacts product quality or recipient safety. It is also important that changes do not adversely impact the traceability of product identity. (SS)

☑ Actionable Checklist

• Establish an SOP for the approval process of modifications affecting recipient safety or product quality.
  • Include criteria for determining the impact of changes.
  • Define roles and responsibilities for the approval process.
• Implement a change control log to document all modifications.
  • Record the nature of the change, date, and authorized individual.
  • Ensure traceability of product identity is maintained.
• Train staff on the importance of maintaining chain of identity and the change control process.
  • Document training sessions and maintain records.
• Conduct regular audits to ensure adherence to the change control SOP.
  • Review a sample of changes for compliance with authorization requirements.
• Review and update the Validation Master Plan (VMP) to include change control procedures.
• Document all deviations and CAPAs related to unauthorized changes or breaches in chain of identity.

6.2.5.3

The actual result of each action performed shall be recorded immediately, and the final interpretation shall be recorded upon completion of testing.

Guidance

Unauthorized changes to records must not be allowed. For this reason, all changes to records must be controlled and traceable. The intent of this standard is to be sure that the original information recorded, which would be the information that was concurrently recorded as required in Standard 6.2.6, is still readable after changes are made. For a variety of reasons, including the possible need to track and trend changes made to records for process improvements, it is also important to be able to understand why changes were made to a record, who made the change, and when it was made. (SS)

☑ Actionable Checklist

• Implement an SOP for immediate recording of actions and final interpretations, ensuring compliance with Standard 6.2.5.3.
  • Include procedures for documenting the date, time, and personnel responsible for each entry.
• Establish a controlled and traceable method for making changes to records, ensuring all original information remains readable.
  • Use a standardized form or electronic system that logs changes, including the reason, date, and personnel involved.
• Conduct regular audits of records to ensure compliance with immediate recording and traceability of changes.
• Train staff on the importance of immediate recording and proper documentation practices, maintaining training records.
• Review and update the SOP annually or as needed to incorporate any changes in best practices or regulatory requirements.

6.2.6

Records shall be created concurrently with the performance of each critical activity.

Guidance

The intent of this standard is to be sure that information is recorded in the most accurate way, before distractions and the passage of time interfere with the best possible recording of information. (SS)

☑ Actionable Checklist

• Develop and implement an SOP for concurrent documentation of critical activities.
  • Include specific timeframes for documentation completion in the SOP.
• Train all staff on the importance of concurrent record creation and the associated SOP.
  • Maintain training records and competency evaluations for all staff.
• Conduct regular audits to ensure compliance with concurrent documentation practices.
  • Document findings and corrective actions in audit reports.
• Utilize electronic systems where possible to facilitate real-time data entry.
  • Validate electronic systems for accuracy and reliability.
• Review and update the SOP annually or as needed based on audit findings or process changes.

6.2.6.1

The record shall identify the work performed, the individual performing the activity, and when it was performed.

☑ Actionable Checklist

• Ensure all records include fields for work performed, individual performing the activity, and date/time of performance.
  • Review and update SOPs to mandate completion of these fields.
• Implement a standardized form or electronic system to capture required record details.
• Conduct regular audits of records to verify compliance with documentation requirements.
• Train staff on proper documentation practices, emphasizing the importance of completing all fields.
• Maintain a log of training sessions and attendance to ensure all relevant personnel are trained.
• Review and update the Validation Master Plan to include validation of record-keeping systems.

6.2.7 Copies

[Cord blood applicable]

Before destruction of original records, copies of records shall be verified as containing the original content and shall be legible, complete, and accessible.

Guidance

The responsibility for each program is to determine what the “official” record is. Some programs prefer to use paper copies as the official record. This practice is acceptable as long as it is defined in the program’s processes and procedures. In this instance, worksheets serve as the official record. Later, if there are questions about the results, employees would know to refer to the information on the worksheet. These worksheets are subject to record retention requirements.

At other programs, the computer record serves as the official record. This practice is also acceptable as long as it is defined in the facility’s processes and procedures. In this case, employees enter data straight into the computer and no paper is used. In other programs, the paper worksheets serve as the official copy, although the information is still entered into a computer system and is used by billing departments or as patient records. Issues to keep in mind when computer records serve as the official records are: security of the computer system, traceability of changes, functionality of the backup system, protection against document adulteration, and proper record retention.

An original record might be destroyed when information from worksheets is entered into a computer. Before it is destroyed, however, the program must ensure that all necessary information on the record is accurately transferred to an alternate source (eg, the computer system). Because the worksheet is the original record, verification of accurate transfer of the information is required before any “source” documentation is destroyed. The program should consider how it will verify that information has been transferred accurately.

Another instance when records may be destroyed is when copies of original records are stored on storage media, such as microfiche and videodisc, or scanned into a portable document format (pdf) file. Because these storage media are exact copies of original records, the original records could be destroyed and the microfiche/videodiscs or computer files retained according to record retention requirements. Depending on the storage media used, it is important to retain the appropriate technology to ensure a method to read the records in the future. In some cases, this might include retaining a particular software program that would allow reading of the stored document files.

The standard requires that the program verify that copies of records contain all of the original content, and in order to meet the standard, verification is documented as a record. Vendor qualification may be one method of satisfying this requirement. During agreement review with the storage media company, the facility can require that the vendor state how it will verify that complete and appropriate records are transferred to the other storage media.

In all cases, the official records have to be maintained for the appropriate length of time in accordance with specified requirements, including record retention requirements, and state and local laws, when applicable. (SS)

☑ Actionable Checklist

• Define and document the official record format (paper or electronic) in the program’s SOPs.
  • Include procedures for verifying the accuracy of transferred information before destruction of original records.
• Implement a verification process to ensure copies of records contain original content and are legible.
  • Document verification as a record, using a designated form or log.
• Establish a procedure for the secure destruction of original records after verification.
  • Retain documentation of the destruction process in compliance with record retention requirements.
• Ensure all electronic records are backed up and protected against adulteration.
  • Regularly test backup systems and document results.
• Maintain technology or software necessary to access stored records in the future.
  • Review and update technology requirements annually.
• Conduct regular audits to ensure compliance with the record verification and destruction process.
  • Document audit findings and implement corrective actions as needed.

6.2.8 Confidentiality

The organization shall ensure the confidentiality of records.

Guidance

The facility should have policies, procedures, and processes to ensure the security and privacy of patient and employee data, and protection from inadvertent or hostile disclosure. These data include: name, address, date of birth, phone number, gender, ethnic group, diagnosis, prescriptions, medical records, billing, and tax identifier. (SS)

The committee revised standard 6.2.8 based on updates to the AABB Quality System Essentials. (SC)

☑ Actionable Checklist

• Develop and implement an SOP for maintaining the confidentiality of records, including patient and employee data.
  • Include specific measures for data protection against inadvertent or hostile disclosure.
• Conduct regular training sessions for staff on confidentiality policies and procedures.
  • Document attendance and completion in training records.
• Perform periodic audits of record access logs to ensure compliance with confidentiality requirements.
• Implement access controls to restrict record access to authorized personnel only.
  • Review and update access permissions regularly.
• Establish a process for reporting and investigating breaches of confidentiality.
  • Document all incidents and corrective actions in a CAPA log.

6.2.9 Retention

Records required by these CT Standards shall be retained for a period indicated in the record retention table at the end of each chapter.

☑ Actionable Checklist

• Review and update the record retention table to ensure compliance with the specified retention periods.
  • Cross-reference the retention table with current SOPs to ensure alignment.
• Implement a document control system to track the retention and disposal dates for all records.
  • Use a digital log or database to automate reminders for record reviews and disposal.
• Conduct regular audits to verify that records are retained and disposed of according to the retention table.
• Train staff on the importance of record retention and the procedures for managing records.
  • Document all training sessions and retain records of attendance and competency evaluations.
• Establish a procedure for secure disposal of records that have met their retention period.
  • Maintain a log of disposed records, including dates and methods of disposal.

6.2.9.1

These records shall be retained at least 10 years following either their creation (C) or the final disposition (F) of the cellular therapy product with which they are associated. Applicable FDA, or relevant Competent Authority, or local law may exceed this period.

6.2.9.1.1

If the date of administration is unknown, records shall be retained for 10 years after the date of distribution, disposition, or expiration, whichever is latest. Applicable FDA, or relevant Competent Authority, or local law may exceed this period.

Guidance

If a product was distributed from one facility to another, and the date of administration is not reported to, or obtained by, the original distribution facility, then the length of record retention needs to be determined with the distribution facility, which would maintain product records for the latest date. For example, if a product was distributed on April 1, 2023 but is due to expire April 1, 2025, then the facility would retain the product records until 10 years after the expiration date of April 1, 2025. (SS)

☑ Actionable Checklist

• Establish and document a record retention policy in an SOP, specifying retention for at least 10 years post-creation or final disposition.
  • Include procedures for determining the latest applicable date (distribution, disposition, or expiration).
• Implement a tracking system to monitor and manage record retention timelines.
  • Ensure the system flags records approaching the end of their retention period.
• Conduct regular audits to verify compliance with record retention requirements.
  • Document findings and corrective actions in audit reports.
• Train staff on record retention policies and procedures, documenting all training sessions.
• Create a crosswalk document mapping SOPs to AABB, FACT-JACIE, and FDA standards for record retention.
• Review and update the record retention policy annually or as required by changes in regulations.

6.2.10 Record Review

[Cord blood applicable]

Records shall be reviewed for accuracy, completeness, and compliance with applicable standards, laws, and regulations.

☑ Actionable Checklist

• Implement SOP for record review process, detailing steps for accuracy and completeness checks.
  • Include criteria for compliance with standards, laws, and regulations in the SOP.
• Train staff on the record review SOP and document training completion.
• Schedule regular record review audits and maintain a log of completed reviews.
• Develop a checklist for reviewers to ensure all records meet compliance requirements.
• Document any discrepancies found during reviews and initiate CAPA as necessary.
• Conduct management reviews of record review findings and document outcomes.

6.2.11 Storage of Records

Records shall be stored to:

1. Preserve record legibility and integrity for the entire retention period.
2. Protect from accidental or unauthorized access, loss, deterioration, damage, destruction, mix-up, or modification.
3. Permit ready identification.
4. Allow retrieval in a defined time frame.

☑ Actionable Checklist

• Implement a secure, climate-controlled storage system for physical records.
  • Verify temperature and humidity controls are within specified ranges.
• Use a validated electronic records management system with access controls.
  • Conduct regular access audits to ensure compliance with authorization protocols.
• Develop and maintain an SOP for record storage and retrieval processes.
• Conduct regular checks to ensure records are legible and intact.
  • Document findings and any corrective actions taken.
• Label records clearly to facilitate easy identification and retrieval.
• Establish a documented procedure for record retrieval within the defined time frame.
  • Test retrieval process quarterly and document results.

6.2.12 Destruction of Records

Destruction of records shall be conducted in a manner that protects the confidential content of the records.

Guidance

Because records might contain protected health information, destruction of records might need to be
accomplished in such a way as to ensure that all protected information is not inadvertently disclosed to unauthorized individuals. (SS)

☑ Actionable Checklist

• Develop and implement an SOP for the secure destruction of records containing confidential information.
  • Include methods for destruction such as shredding, incineration, or secure electronic deletion.
  • Specify the frequency and conditions under which records should be destroyed.
• Train staff on the SOP for record destruction and document completion of training.
• Maintain a log of all records destroyed, including date, method, and personnel involved.
• Conduct regular audits to ensure compliance with the record destruction SOP.
• Review and update the record destruction SOP annually or as needed to incorporate new regulations or technologies.

6.3 Electronic Records

[Cord blood applicable]

The organization shall support the management of information systems.

Guidance

The committee revised standard 6.3 based on updates to the AABB Quality System Essentials. (SC)

☑ Actionable Checklist

• Develop and implement an SOP for the management of electronic records.
  • Include procedures for data entry, access control, and data integrity.
• Conduct regular audits of electronic records to ensure compliance with SOPs.
• Maintain a log of all electronic record system updates and modifications.
• Ensure all personnel are trained on the use of electronic record systems and document training records.
• Implement a backup and recovery plan for electronic records and test it regularly.
• Review and update the electronic records management SOP annually or as needed.

6.3.1 Access to Data and Information

Access to data and information shall be controlled.

☑ Actionable Checklist

• Develop and implement an SOP for controlling access to data and information.
  • Include procedures for granting, modifying, and revoking access.
• Maintain a log of personnel with access to data and information.
• Conduct regular audits of access logs to ensure compliance with access controls.
• Train staff on the importance of data access controls and document the training.
• Review and update access controls annually or as needed based on changes in personnel or roles.
• Implement a system for monitoring unauthorized access attempts and document any incidents.

6.3.1.1

The authorization to access and release data and information shall be defined, and individuals
authorized to enter, change, and release results shall be identified.

Guidance

The committee revised standard 6.3.1.1 based on updates to the AABB Quality System Essentials. (SC)

6.3.1.1.1

[Cord blood applicable]

Electronic records shall include the date and identity of the person making a change.

☑ Actionable Checklist

• Define and document authorization levels for accessing and releasing data in an SOP.
  • Identify individuals authorized to enter, change, and release results in the SOP.
• Implement a system to track and log access to data, including changes made.
  • Ensure electronic records capture the date and identity of the person making changes.
• Conduct regular audits to verify compliance with data access and change authorization.
• Maintain a log of authorized personnel and update it as roles change.
• Train staff on procedures for data access and modification, documenting completion.
• Review and update the SOP annually or as needed to reflect changes in personnel or policy.

6.3.1.2

Individuals shall be identified and defined by job description that are authorized to create,
modify, maintain, or transmit records in a controlled and approved manner in conformance with the FDA or relevant Competent Authority requirements.

☑ Actionable Checklist

• Develop and maintain job descriptions that specify record management responsibilities.
  • Ensure job descriptions are reviewed and approved by relevant authority.
• Implement a training program for individuals authorized to handle records.
  • Document completion of training and maintain records.
• Establish SOPs for creating, modifying, maintaining, and transmitting records.
  • Include procedures for record approval and control.
• Conduct regular audits to ensure compliance with record management SOPs.
• Maintain a log of individuals authorized to manage records, updated regularly.
• Review and update job descriptions and authorization logs annually or as needed.

6.3.2 Data Integrity

Data integrity shall ensure that data are retrievable and usable.*

*FDA Guidance for Industry: Data Integrity and Compliance with Drug cGMP Questions and
Answers (December 2018).

☑ Actionable Checklist

• Implement a data management SOP that outlines procedures for data entry, storage, and retrieval.
  • Ensure the SOP includes guidelines for electronic and paper records.
• Conduct regular audits to verify data accuracy and completeness.
  • Use a standardized audit checklist to assess data integrity.
• Establish a data backup and recovery plan to prevent data loss.
  • Test the backup system regularly and document results.
• Train staff on data integrity principles and procedures.
  • Maintain training records and competency evaluations.
• Implement access controls to ensure only authorized personnel can modify data.
  • Review and update access permissions quarterly.
• Document and investigate any data integrity deviations or breaches.
  • Implement CAPAs for identified issues and track their resolution.

6.3.2.1

Data shall be accurately, reliably, and securely sent from the point of entry to final destination.

Guidance

The committee revised standard 6.3.2.1 based on updates to the AABB Quality System Essentials. (SC)

☑ Actionable Checklist

• Verify that all data entry points have secure access controls in place.
  • Review and update SOPs related to data entry security.
• Implement data validation checks to ensure accuracy at the point of entry.
  • Conduct regular audits of data entry processes.
• Ensure reliable data transfer mechanisms are in place from entry to final destination.
  • Test data transfer processes regularly and document results.
• Maintain a log of all data transfers, including timestamps and personnel involved.
• Conduct training for staff on data security and accuracy protocols.
  • Keep training records and competency evaluations up to date.
• Review and update data management SOPs annually or as needed.

6.3.2.2

Data shall be retrievable for the entire retention period.

6.3.2.2.1

The organization shall archive records or data from media and platforms no longer in use.

Guidance

The committee revised standard 6.3.2.2.1 based on updates to the AABB Quality System Essentials. (SC)

☑ Actionable Checklist

• Establish a documented procedure for archiving records from obsolete media and platforms.
  • Reference this procedure in the SOP for data management.
• Identify and list all media and platforms currently in use for data storage.
• Develop a schedule for reviewing and updating the list of obsolete media and platforms.
• Implement a system for verifying the successful retrieval of archived data.
  • Log retrieval tests and outcomes in a designated record.
• Train staff on the archiving procedure and document completion in training records.
• Conduct regular audits to ensure compliance with data retrieval and archiving procedures.

6.3.2.3

There shall be a process in place for routine backup of all critical data.

☑ Actionable Checklist

• Establish and document an SOP for routine backup of all critical data.
  • Define frequency and method of backups in the SOP.
• Implement automated backup systems for critical data.
  • Verify backup completion and integrity regularly.
• Maintain a log of all backup activities, including dates and any issues encountered.
• Conduct periodic audits to ensure compliance with the backup SOP.
• Train relevant staff on backup procedures and document training records.
• Review and update the backup process annually or as needed.

6.3.3 Storage Media

Data storage media shall be protected from damage or unintended access and destruction.

Guidance

The committee revised standard 6.3.3 based on updates to the AABB Quality System Essentials. (SC)

☑ Actionable Checklist

• Ensure all data storage media are stored in a secure, access-controlled environment.
  • Implement physical security measures such as locked cabinets or restricted access rooms.
• Establish and document procedures for regular backup of data storage media.
  • Verify backup procedures are included in the relevant SOPs.
• Conduct regular audits to ensure compliance with data protection and access control measures.
• Maintain a log of all personnel with access to data storage media.
• Implement a disaster recovery plan for data storage media, including procedures for data restoration.
• Train staff on procedures for handling and protecting data storage media, documenting all training sessions.

6.3.4 Backup Data

The organization shall back up all critical data.

Guidance

The committee revised standard 6.3.4 based on updates to the AABB Quality System Essentials. (SC)

☑ Actionable Checklist

• Establish a documented SOP for data backup procedures.
  • Include frequency, method, and responsible personnel in the SOP.
• Implement a secure, automated backup system for all critical data.
• Schedule regular testing of backup restoration processes.
• Maintain a log of all backup activities, including dates and any issues encountered.
• Conduct periodic reviews of backup procedures and update the SOP as necessary.
• Train relevant staff on backup procedures and document training records.

6.3.4.1

Backup data shall be stored in a secure offsite location.

Guidance

All facilities should have off-site storage for backup data. The facility should implement reasonable measures to mitigate against loss, maintain integrity, and ensure access to critical data elements.

Many facilities already have off-site storage for patient files, administrative files, and financial records. The use of similar storage facilities for products should be explored through the administrative group at the facility. Off-site storage could also be at a sister facility, if there is one, with each storing the other’s backup data. The off-site location should also meet all security requirements for the level of data being stored to prevent tampering or violation of requirements contained in the Health Insurance Portability and Accountability Act (HIPAA).

The off-site storage should meet the temperature and other environmental requirements for the media to be stored (eg, heat/cold/humidity, magnetic influences, and security). (SS)

☑ Actionable Checklist

• Identify and document an offsite location for backup data storage.
  • Ensure the location meets security requirements, including HIPAA compliance.
  • Verify environmental conditions (temperature, humidity, etc.) are suitable for media storage.
• Develop and implement an SOP for regular backup data transfers to the offsite location.
  • Include frequency of backups and responsible personnel.
• Conduct a risk assessment to identify potential threats to data integrity and access.
• Establish a log to track all backup data transfers and storage activities.
• Perform regular audits of the offsite storage facility to ensure compliance with security and environmental standards.
• Review and update the backup data storage SOP annually or as needed.

6.3.4.2

Backup data shall be protected from unauthorized access, loss, or modification.

☑ Actionable Checklist

• Implement a secure backup system with encryption to protect data.
  • Verify encryption protocols align with industry standards.
• Establish access controls for backup data to prevent unauthorized access.
  • Review and update access permissions quarterly.
• Conduct regular audits of backup data integrity and security measures.
  • Document audit results and any corrective actions taken.
• Develop and maintain an SOP for backup data management and security.
• Train staff on backup data protection protocols and document training records.
• Schedule and perform periodic tests of backup data restoration processes.

6.3.4.3

The ability to retrieve data from the backup system shall be tested at defined intervals.

Excerpt of Reference Standard 6.2.9A Relevant to Documents and Records

Standard	Record to Be Maintained	Quality System Records	Donor Eligibility/Management issues	Unit/Recipient	Retention after Creation (C) or Final Disposition (F) of Related Product	Minimum Retention Time (in years)1
6.1.2	Document control, including review and approval of all documents before use	X	X	X	C	10
6.1.3	Review and approval of changes to documents	X	X	X	C	10
6.1.4	List of all active policies, processes, procedures, labels, and forms	X	X	X	C	10
6.1.5	Biennial review of each policy, process, or procedure	X	X	X	C	10
6.1.6	Documents that are archived, destroyed, or made obsolete	X	X	X	C	10
6.2.5	Record change	X	X	X	C	10
6.2.7	Verification that copies of records contain the original content and are legible, complete, and accessible before the original records are destroyed	X	X	X	C	10
6.2.10	Review of records for accuracy, completeness, and compliance with applicable standards, laws, and regulations	X	X	X	C	10
6.3	Electronic records	X	X	X	C	10
6.3.1.1.1	Date and identity of person making change(s) to electronic records	X	X	X	C	10

¹Applicable federal, state, or local law may exceed this period.

Reference Standard 6.2.9A — Retention of Records

Standard	Record to Be Maintained	Quality System Records	Donor Eligibility/Management Issues	Unit/Recipient	Retention after Creation (C) or Final Disposition (F) of Related Product	Minimum Retention Time (in years)1
1.1.3.1.2	Procurement medical director management or review of 10 cell procurement procedures	X	X	X	C	10
1.1.4.1.2	Laboratory medical director management or review of 10 cell product processing procedures	X	X	X	C	10
1.1.4.2.2	Laboratory director management or review of 10 cell product processing procedures	X	X	X	C	10
1.1.5.2.2	Relevant continuing education of the clinical program director	X	X	X	C	10
1.2.1.1.1, 1.2.1.1.2	Quarterly reports by quality representative to executive management	X	X	X	C	10
1.2.2	Management review of effectiveness of the quality system	X	X	X	C	10
1.2.2.1	Yearly review of the quality system	X	X	X	C	10
1.3	Policies, processes, and procedures	X	X	X	C	10
1.3.1.1	Procurement medical director review and approval of all medical policies, processes, and procedures	X	X	X	C	10
1.3.1.2	Laboratory medical director review and approval of all medical policies, processes, and procedures	X	X	X	C	10
1.3.1.3	Laboratory director review and approval of all technical policies, processes, and procedures	X	X	X	C	10
1.3.1.4	Clinical program director review and approval of all clinical policies, processes, and procedures	X	X	X	C	10
1.3.2	Exceptions to policies, processes, and procedures	X	X	X	C	10
1.4	Risk assessment	X	X	X	C	10
1.6.1	Emergency operation plan tested at defined intervals	X	X	X	C	2 years, or two organizational testing intervals (whichever is longer)
2.1.1	Job descriptions	X	X	X	C	10
2.1.2	Qualification of personnel performing critical tasks	X	X	X	C	10
2.1.3	Training records of personnel	X	X	X	C	10
2.1.3.1	Identification of qualifications required for trainers	X	X	X	C	10
2.1.4	Evaluations of competence	X	X	X	C	10
2.1.4.1	Corrective action when competence has not been demonstrated	X	X	X	C	10
2.1.5	Personnel records of each employee	X	X	X	C	10
2.1.6, 2.1.6.1	Continuing education requirements	X	X	X	C	10
3.2	Equipment qualification	X	X	X	C	10 years after retirement of the equipment
3.4	Unique identification of equipment	X	X	X	C	10
3.5.1	Equipment calibration activities	X	X	X	C	10
3.5.2	Equipment found to be out of calibration	X	X	X	C	10
3.5.3	Equipment monitoring, maintenance, calibration, and repair	X	X	X	C	10
3.6	Equipment traceability	X	X	X	C	10
3.7	Implementation and modification of software, hardware, or databases	X	X	X	C	2 years after retirement of system
3.7.1	Testing of alternative systems	X	X	X	F	10
3.8	Monitoring of technology infrastructure	X	X	X	F	10
3.9	Alarm system check	X	X	X	F	10
4.1	Evaluation and participation in selection of suppliers	X	X	X	C	10
4.2	Agreements	X	X	X	C	10
4.2.1	Agreement review	X	X	X	C	10
4.2.3	Agreements concerning activities involving more than one organization	X	X	X	C	10
4.2.4	Agreement changes communicated to affected parties	X	X	X	C	10
4.2.5	Review of agreements before acceptance and at facilitydefined intervals	X	X	X	C	10
4.2.5.1	Agreements for the timing and responsibility of medical orders	X	X	X	F	10
4.3	Inspection of incoming critical materials	X	X	X	C	10
4.3.1	Agreements between departments or facilities regarding the transfer of products	X	X	X	F	10
4.3.2	Agreements for the collection, transport, receipt, handling, and administration of the cellular therapy product, reporting adverse events, and obtaining outcome data	X	X	X	F	10
4.3.3	Agreement between processing/ issuing facility and the administering facility or registry for creation and retention of records; agreements for each facility to access relevant records	X	X	X	C	10
4.3.4	Conditions for product storage and disposition	X	X	X	C	10
4.3.6	Shipment of cellular therapy products	N/A	N/A	X	F	10
4.4	Claims in educational and promotional materials	X	X	X	F	10
4.5	Donor informed consent	X	X	X	F	10
4.6	Authorization for cadaveric donors	X	X	X	F	10
4.7	Patient informed consent	X	X	X	F	10
4.8.1, 4.8.2	Evaluation, qualification, and selection of suppliers of materials, services, and products	X	X	X	F	10
4.8.3	Monitoring of suppliers (including reporting to management of a supplier’s failures to meet specified requirements)	X	X	X	F	10
4.8.4	Notification of shipping facility and manufacturer (if applicable) when materials are received in an unacceptable condition	X	X	X	C	10
5.1.1	Validation of new or changed processes and procedures	X	X	X	C	10
5.1.2	Quality control records and review of quality control results	X	X	X	C	10
5.1.8	Identification and traceability of products	N/A	N/A	X	C	10
5.1.9.1	Supplier and/or consignee processes for traceability, tracking, and recall of products	X	X	X	C	10
5.1.9.1.1	Facility policy for the use/issue of a cellular therapy product provided by a supplier and/or received by a consignee that lacks a complete chain of custody	X	X	X	F	10
5.1.10	Participation in an external proficiency testing program	X	X	X	C	10
5.1.10.3	Proficiency testing results reviewed by the medical or laboratory director	X	X	X	C	10
5.2	Outcome data	X	X	X	F	10
5.2.4.1	Notification by patient-care service to issuing or processing facility of adverse events	N/A	N/A	X	F	10
5.3	Qualification of all materials used in the procurement, processing, and/or administration of cellular therapy products	X	X	X	C	10
5.3.2.1	Quarantine of critical materials	X	X	X	C	10
5.3.2.2	Complete records of the inspection of incoming materials that come into contact with the cellular therapy product or that directly affect the quality of the product	N/A	N/A	X	C	10
5.3.2.3	Identification of materials used on an emergency basis	N/A	N/A	X	C	10
5.3.4	Inspection of in-house reagents	N/A	N/A	X	C	10
5.3.5	Validation and monitoring of equipment, materials, and methods used in cleaning and sterilization of non-single-use materials	X	X	X	C	10
5.3.6	Use and identification of critical materials that come into contact with the patient or cellular therapy product	X	X	X	F	10
5.3.6.1	Package inserts, certificates of analysis, or any manufacturer’s documentation, including recall or defect notices, advisories, etc, for all critical materials used	X	X	X	C	10
5.4.2.1	Monitoring and review of the effectiveness of aseptic methods	N/A	N/A	X	C	10
5.4.3	Operational controls to prevent mix-up and contamination	X	X	X	C	10
5.5.1	Unique identification and traceability of cellular therapy products and samples from source to final disposition	N/A	N/A	X	C	10
5.6, #2, 3, 5	Labeling controls	N/A	N/A	X	C	10
5.6.1	ISBT 128 implementation	N/A	N/A	X	C	10
5.6.3	Verification of product packaging and labeling	N/A	N/A	X	C	10
5.7	Transport of products	N/A	N/A	X	C	10
5.7.2	Qualification of shipping containers and periodic requalification	X	X	X	C	10
5.7.3	Monitoring of temperature for noncryopreserved products	N/A	N/A	X	F	10
5.7.3.1	Continuous monitoring of temperature for cryopreserved products	N/A	N/A	X	F	10
5.7.6	Product acceptance and shipper temperature upon receipt	N/A	N/A	X	C	10
5.8	Inspection and testing activities	X	X	X	C	10
5.8.1	Inspection of incoming cells, tissues, and organs	N/A	N/A	X	C	10
5.8.2	Inspection and testing of products during processing	N/A	N/A	X	C	10
5.9.1	Storage area temperature and humidity	X	X	X	C	10
5.9.1.1	If cellular therapy products are stored in an open storage area, the ambient temperature recorded at least every 4 hours	X	X	X	C	10
5.9.3, 5.9.4	Monitoring of temperature and/or liquid nitrogen levels in storage devices and documentation of alarm activation	X	X	X	C	10
5.10	Determination of donor eligibility and verification that procurement criteria (eg, informed consent) have been met	N/A	X	N/A	F	10
5.10.2.2	Infectious disease testing of donors	N/A	X	N/A	F	10
5.10.2.3	Cadaveric donor eligibility	N/A	X	N//A	F	10
5.10.2.4	Donor testing performed	N/A	X	N/A	F	10
5.10.4	Review of donor screening and infectious disease testing record before international shipment or transport	N/A	X	N/A	F	10
5.10.5	Final determination of donor eligibility	N/A	X	N/A	F	10
5.10.6.2	Communication of abnormal results on medical history screening or testing that may affect the donor’s health	N/A	X	N/A	F	10
5.10.6.3	Communication of abnormal results on medical history screening or testing that may affect the recipient’s health or the therapeutic value of the cellular therapy product	N/A	X	N/A	F	10
5.10.6.4	Ineligible donors	N/A	X	N/A	C	10
5.10.7	Products from ineligible donors	N/A	X	N/A	F	10
5.10.8	Incomplete donor eligibility determination for donors not screened or tested	N/A	X	N/A	F	10
5.10.8.2	Physician notification of incomplete donor eligibility	N/A	X	N/A	C	10
5.11.2	Central venous access device placement by qualified individual or physician	N/A	X	N/A	C	10
5.11.3.1	Evaluation of allogeneic and autologous donors for the risk of hemoglobinopathy before the administration of a mobilizing agent	N/A	X	N/A	C	10
5.12.1	Medical order for procurement	N/A	X	N/A	F	10
5.12.2.2, 5.12.2.4	Final approval and documentation by the donor’s physician (or by a health-care professional, if appropriate) that the donor is able to proceed with donation in conformance with Reference Standard 5.10A, General Requirements for Cellular Therapy Product Donors	N/A	X	N/A	F	10
5.12.2.3	For donors of mobilized cells (apheresis), a complete blood count obtained within 24 hours before each procurement procedure; for marrow donors, a complete blood count obtained before procurement	N/A	X	N/A	C	10
5.12.4	Confirmation of donor identity, at the time of procurement, by two identifiers	N/A	X	N/A	F	10
5.12.5	Identification numbers and expiration dates of lot numbers of all disposables and additives used in procurement	N/A	X	N/A	F	10
5.12.5, 5.12.6	Complete procurement record; review of procurement record	N/A	X	N/A	F	10
5.13	Definition of procurement goals	N/A	N/A	X	F	10
5.15.1	Medical orders for processing, preservation, or storage	X	X	X	F	10
5.15.2	Complete processing record; verification that acceptable values or ranges for defined critical characteristics for each product were obtained	N/A	N/A	X	F	10
5.15.3	Determination of acceptable values or ranges	N/A	N/A	X	C	10
5.15.4	Procedures used to manage red cell antigen incompatibility	N/A	N/A	X	F	10
5.16	Product-specific specifications and acceptable storage conditions of noncryopreserved products	N/A	N/A	X	C	10
5.17.2.1.1	Segment identification by two individuals	N/A	N/A	X	C	10
5.17.3	Complete cryopreservation records	N/A	N/A	X	F	10
5.18	Stability program for each type of cellular therapy product and expiration dates	X	X	X	C	10
5.19	Disposition of products consistent with informed consent and laws and regulations	X	X	X	F	10
5.20.2, 5.20.3	Review of donation criteria, final processing criteria, and final product-specified requirements	N/A	N/A	X	C	10
5.20.2, 5.20.3	Review of donation criteria, final processing criteria, and final product-specified requirements	N/A	N/A	X	F	10
5.21	Request for distribution	N/A	N/A	X	C	10
5.22	Product issue	N/A	N/A	X	F	10
5.22.1	Review of criteria for issue	N/A	N/A	X	F	10
5.22.4	Product return	N/A	N/A	X	F	10
5.22.5	Product reissue	N/A	N/A	X	F	10
5.24	Clinical care of the recipient	N/A	N/A	X	F	10
5.24.1.2	Medical orders for administration	X	X	X	F	10
5.25	Preparation of the recipient for administration of the cellular therapy product	N/A	N/A	X	F	10
5.26.2	Review of criteria for receipt	N/A	N/A	X	F	10
5.27	Confirmation of identity of the product and the intended recipient, using at least two identifiers	N/A	N/A	X	F	10
5.27.3	Identification of adverse events occurring during the infusion of final cellular therapy products and communication to the issuing facility	N/A	N/A	X	F	10
5.27.4	Records of administration	N/A	N/A	X	F	10
5.27.5	Complete administration record and recipient records	N/A	N/A	X	F	10
6.1.2	Document control, including review and approval of all documents before use	X	X	X	C	10
6.1.3	Review and approval of changes to documents	X	X	X	C	10
6.1.4	List of all active policies, processes, procedures, labels, and forms	X	X	X	C	10
6.1.5	Biennial review of each policy, process, or procedure	X	X	X	C	10
6.1.6	Documents that are archived, destroyed, or made obsolete	X	X	X	C	10
6.2.5	Record change	X	X	X	C	10
6.2.7	Verification that copies of records contain the original content and are legible, complete, and accessible before the original records are destroyed	X	X	X	C	10
6.2.10	Review of records for accuracy, completeness, and compliance with applicable standards, laws, and regulations	X	X	X	C	10
6.3	Electronic records	X	X	X	C	10
6.3.1.1.1	Date and identity of person making change(s) to electronic records	X	X	X	C	10
7.1	Deviations	X	X	X	F	10
7.2	Nonconforming products or services	X	X	X	F	10
7.2.4	Nature of nonconformances discovered after release and subsequent actions taken, including acceptance for use	X	X	X	F	10
7.2.4.1	Disposition of the nonconforming product or service	X	X	X	F	10
7.2.5.3	Impact of nonconforming products on purity, potency, safety, or efficacy of the product	X	X	X	F	10
7.2.6.2	Authorized release of nonconforming products	X	X	X	F	10
7.3.3	Detection, reporting, and evaluation of procurement-related donor adverse events	X	X	X	F	10
7.3.4	Detection, reporting, evaluation, and treatment of administrationrelated recipient adverse events	X	X	X	F	10
7.3.5	Evaluation of reported adverse events	X	X	X	F	10
7.3.6.1	Evaluation and reporting of communicable diseases	X	X	X	F	10
8.1	Internal assessments	X	X	X	C	10
8.2	External assessments	X	X	X	C	10
8.3	Management of assessment results	X	X	X	C	10
8.5	Monitoring of critical activities	X	X	X	C	10
9.0	Implementation of changes to policies, processes, and procedures resulting from corrective and preventive action	X	X	X	C	10
9.1	Corrective action	X	X	X	F	10
9.2	Preventive action	X	X	X	F	10
10.1.3.1.1	Alarm investigation	X	X	X	C	10
10.1.4, #3	Cleaning or sanitation processes	X	X	X	C	10
10.1.4.1	Environmental monitoring	X	X	X	C	10
10.2	Monitoring of biological, chemical, and radiation safety	X	X	X	C	10
10.3	Appropriate discard of products	X	X	X	C	10

¹Applicable federal, state, or local law may exceed this period.

☑ Actionable Checklist

• Establish a schedule for testing data retrieval from the backup system at defined intervals.
  • Document the schedule in the SOP for data management.
• Conduct regular tests of data retrieval from the backup system as per the defined schedule.
  • Record the results of each test in a data retrieval log.
• Review and update the SOP for data backup and retrieval to ensure it includes current best practices.
  • Obtain approval for any changes to the SOP from the designated authority.
• Maintain records of all data retrieval tests, including date, personnel involved, and outcome.
• Perform a biennial review of the data management policies and procedures.
  • Document the review process and any updates made.
• Include data retrieval testing as part of regular internal audits to ensure compliance with AABB standards.