ISO 13485 Standard
Regulatory Compliance
The ISO 13485 international standard is an effective solution to meet the comprehensive requirements for a Quality Management System QMS. Adopting this standard provides a practical foundation for manufacturers to address the Medical Device Regulations and responsibilities. It will demonstrate a commitment to the safety and quality of medical devices.
ISO 13485 Background
In 2016, a new version of the standard was issued: ISO 13485:2016. The key objective in the update was to align with the global regulatory requirements. Many elements from the US Quality System Regulations (QSR) that did not make it into the previous version of the standard have now made it in. Also, the global audit model MDSAP (the IMDRF Medical Device Single Audit Program) has integrated key concepts. The EU Medical Device Regulations (EU-MDR) was also one of the main drivers.
These additional and new elements include the following:
- Increased focus on compliance with regulatory requirements
- Process controls based on risk management
- Increased requirements for design and development, including considerations of usability, use of standards, verification and validation, design and development transfer and design records.
- Increased controls for outsourced processes and suppliers
- Increased requirements for process validation
- Increased requirements for “feedback,” including complaint handling
- Introduction of statistical techniques for data analysis
A new version of 9001 published in 2015 moves that standard to the so-called high-level structure.The standard added a focus on broad risk-based approaches, changing the structure from 8 to 10 standards.
As ISO 13485:2016 did not move to that new structure, the divergence between the two standards (ISO 9001 2015 and ISO 13485 2016) is increasing. Usually, though, certification bodies assess such standards in a similar way. ISO 9001 vs 13485 is not the right debate since most of the time medical device companies need the ISO 13485 for regulatory compliance and then ISO 9001 for business purpose such as tender submissions for instance. We provide below an ISO 13485 overview.
ISO 13485 Quality Management System
ISO 13485 is a stand-alone QUALITY MANAGEMENT SYSTEM standard among other ISO standards. It is derived from the internationally recognized and accepted ISO 9000 quality management standard series. ISO 13485 adapts the ISO 9000 process-based model for a regulated medical device manufacturing environment. Like its model the purpose is to address the requirements for a quality system. While the ISO 9001 process model concepts of Plan, Do, Check, Act is the baseline, regulatory compliance is the focus. It is more prescriptive in nature and requires a more thoroughly documented quality management system.
The people who wrote the standard had in mind to support medical device manufacturers in designing quality management systems that establish and maintain the effectiveness of their processes. It ensures the consistent design, development, product realization, installation, and delivery of medical devices that are safe for their intended purpose.
Quality management systems consist of common elements that are expressed as the organizational structure, processes, procedures, work instructions, and resources needed to implement quality management.
Structure
Shared elements of the organizational structure, authorities and responsibilities, methods and processes, data management, resources, training, maintenance, customer satisfaction/requirements, product quality, and continuous improvement is based on the principles of quality management:
- Customer and regulatory focus: By understanding current and future customer needs, organizations can meet their requirements while ensuring that they will implement all known applicable regulations.
- Leadership intentionally and direction: Leaders, by establishing the unity of purpose and direction of the organization, should create and maintain the internal environment in which people can become fully involved in achieving the organization’s objectives.
- Involvement of people at all levels: People are the essence of an organization and their full involvement enables the best performance in the organization.
- Process approach to resources and activities: This principle commonly leads to the Plan–Do–Check–Act (PDCA) approach.
- A system approach to management is identifying, understanding, and managing interrelated processes of a system. Since it contributes to the organization’s effectiveness and efficiency in achieving its objectives and reducing process risks.
- Factual approach to decision-making: Decisions based on the analysis of data and information are typically more effective. Monitoring and measuring will allow an organization to understand its ability to supply a safe and effective product and service.
- Mutually beneficial supplier relationships: An organization is responsible for ensuring the control of its outsourced processes, and with increasing regulatory pressure, supply chain management truly becomes one of the keys to success.
- Improvement as an ongoing objective: Long withheld in the medical device industry, legislation is now changing to stimulate product improvement in a continuous effort.
ISO 13485:2016 Revision
EN ISO 13485:2016, the Medical Device Quality Management System standard, normally serves as the basis to demonstrate conformity with the European Medical Devices Regulation 2017/745 and In Vitro Diagnostic Device Regulation 2017/746. Standard harmonization allows manufacturers to use their compliance with the standard as evidence of conformity to the requirements of relevant legislation.
Planning the Implementation
The implementation process begins with the assumption that there is a commitment from management. Usually it starts with focus points such as supply chain requirements, regulatory requirements, or desire to improve performance, reduce waste, etc.
Some initial general steps for a successful implementation effort would include knowing how to interpret the ISO 13485 requirements for your system. Also ensuring team members are knowledgeable on the current system, arranging management commitment, and developing a comprehensive project plan which includes monitoring steps. Where needed, organizations should provide training to staff to enhance their knowledge and to boost their commitment. This is crucial to the successful implementation and continuing compliance with the requirements of the standard.
The key elements would include promoting awareness, performing a critical gap analysis. Then, following the effective implementation, of course, getting ready for continually improving the system, where regulatory requirements allow.
The ultimate assessment and verification of the first implementation are in a round of internal audits followed by a management review concluding the effectiveness of the QMS.
Benefits of ISO 13485 certification
Whether you are looking to operate internationally or expand locally, ISO 13485 Certification can help you improve performance, eliminate uncertainty, and widen market opportunities. Companies with this certification communicate a commitment to quality to customers and regulators.
- Increase access to more markets worldwide with certification
- Outline how to review and improve processes across your organization
- Increase efficiency, cut costs and monitor supply chain performance
- Demonstrate that you produce safer and more effective medical devices
- Meet regulatory requirements and customer expectations
Identifying applicable regulatory requirements
The identification of applicable regulatory requirements is a critical phase in developing the QMS. The regulatory requirements will shape your QMS and its elements and operations. It is also necessary for the next stage of documenting the roles of the organization. Applicable regulatory requirements also depend upon the risk class of the device and on the regulatory system of the country. It is important to find the overlap points between the regulatory requirements and the standard requirements because they influence each other. Regulations for quality systems dictate
- The methods, facilities, and controls used by the manufacturer in the design, manufacture, packaging, labeling, storage, installation, servicing, and postmarket handling of medical devices.
- The requirements that a vendor must follow when registering and marketing an MD in a region and applying methods for after-sale activities.
Objectives
The objectives of the regulatory requirements that are relevant to the ISO 13485 Standard requirements are:
- Ensuring that organizations implement certain activities regarding the realization of the Medical Devices.
- Developing the interrelation between the organization and the regulatory bodies
- Developing basic acceptance criteria:Requirements on safety and performance
- Requirements for quality systems
- Requirements for packaging and labeling
- Administrative requirements like registration
- Controlling import of MDs into the region
- Controlling local production
- Developing the basis for postmarket surveillance
- Ensuring user education and training
- Reviewing and approving policies and related standards
- Managing a national alert system
The types of the regulatory requirements may differ from one another, meaning they might have other legal statuses that will determine the degree of the commitment expected by the organization. Types of regulatory requirements may be:
- Regulations
- Directives
- Decisions
- Recommendations
- Opinions
- Standards
International Recognition
ISO 13485 is the best internationally accepted model a medical device organization can implement to help demonstrate compliance to laws and regulations of the medical device industry. It is the quality management system standard accepted as the basis for CE marking medical devices under European Regulations and the United States Food and Drug Administration (FDA).
Although certification according to this standard is not a direct requirement for CE marking medical devices under the European Medical Device Regulations, it is normally recognized as a harmonized standard by the European Commission.
The standard is also used as a reference in the Medical Device Single Audit Program (MDSAP) and as such can be leveraged for compliance with the requirements of Canada, US, Japan, Brazil and Australia.
We offer consultation for the implementation of the ISO 13485 standard, training and gap analysis. Go to our contact page to request additional information.