To perform a GAP analysis and verify whether design and development controls are defined, including the requirements for retaining data that demonstrate verification and validation activities, you should:

1. Examine Documentation on Design Controls

Review your organization’s documented procedures related to design and development controls. Ensure that these documents specify the stages of the design process, the controls in place, and the criteria used to verify and validate outputs against input requirements. Look for clear definitions of what constitutes a successful verification and validation process.

2. Check Retention Policies

Identify whether there are established policies regarding the retention of records related to verification and validation activities. This should include documentation of what was verified and validated, who conducted the activities, the results obtained, and any necessary corrective actions taken. Verify that these records are organized, accessible, and comply with the retention periods outlined in your quality management system.

2. Assess Compliance with Requirements

Compare the defined controls in your documentation with the requirements outlined in the ISO 9001 standard. Ensure that your procedures not only specify the verification and validation activities but also clearly articulate how results are recorded and retained. Look for evidence, such as logs or reports, that confirms these activities were conducted and that the necessary data was maintained as required.

By following these steps, you can determine whether your organization has adequately defined design and development controls that include the retention of relevant data demonstrating compliance with ISO 9001 standards.