ISO 13485 Standard
The ISO 13485 standard is an effective solution to meet the comprehensive requirements for a QMS. Adopting this standard provides a practical foundation for manufacturers to address the Medical Device Directives, regulations and responsibilities as well as demonstrating a commitment to the safety and quality of medical devices.
ISO 13485 Background
In 2016, a new version of the standard was issued, ISO 13485:2016, that is expected to be globally implemented in the remaining “teens.” Looking at first glance at the new version of the standard, one can see that its structure has remained the same and hence did not follow the general restructuring of most quality management system standards. The key objectives in the update focus around getting the requirements closer to the
state-of-the-art expectations in the global regulatory environment. Many elements from the US Quality System Regulations (QSR) that did not make it into the previous version of the standard have now made it in. Also, key concepts from the global audit model MDSAP (the IMDRF Medical Device Single Audit Program) have been integrated, as well as the intent for changes in the upcoming EU Medical Device Regulations (EU-MDR).
These additional and new elements include the following:
- Increased focus on compliance with regulatory requirements
- Process controls based on risk management
- Increased requirements for design and development, including considerations of usability, use of standards, verification and validation, design and development transfer and design records
- Increased controls for outsourced processes and suppliers
- Increased requirements for process validation
- Increased requirements for “feedback,” including complaint handling
- Introduction of statistical techniques for data analysis
Subclause 3.1 of ISO 13485:2003 explains that those (sub) clauses in ISO 13485:2003 quoted directly and unchanged from ISO 9001:2000 are in the normal font. Where the text of ISO 13485:2003 differs from the text of ISO 9001:2000, the sentence or indent containing the text as a whole is shown in blue italic. The nature and reasons for the differences are noted in Annex B of the standard, providing further insight useful in implementing ISO 13485:2003.
The main difference between ISO 13485:2003 and ISO 9001:2000 is related to customer satisfaction and continuous improvement, elements that are not included in ISO 13485:2003. In ISO 13485:2003, these items are replaced by processes for ensuring the continuing effectiveness of the quality system to meet customer and regulatory requirements. Moreover, it promotes active systems for customer feedback related to whether the
organizations need to meet customer and regulatory requirements In addition, the requirements of ISO 13485:2003 include many more requirements for documented procedures, documented requirements, and records, supporting its use in meeting regulatory requirements.
A new version of 9001 published in 2015 moves that standard to the so-called high-level structure, with additional focus on broad risk-based approaches, changing the structure from 8 to 10 standards. In 2016, a new version of the standard will be published that in the remaining “teens” will be globally implemented.
As ISO 13485:2016 will not move to that new structure, the divergence between the two standards is increasing.
ISO 13485 Quality Management System
ISO 13485 is a stand-alone QMS standard, derived from the internationally recognized and accepted ISO 9000 quality management standard series. ISO 13485 adapts the ISO 9000 process-based model for a regulated medical device manufacturing environment. While ISO 13485 is based on the ISO 9001 process model concepts of Plan, Do, Check, Act, it is designed for regulatory compliance. It is more prescriptive in nature and requires a more thoroughly documented quality management system.
ISO 13485 was written to support medical device manufacturers in designing quality management systems that establish and maintain the effectiveness of their processes. It ensures the consistent design, development, production, installation, and delivery of medical devices that are safe for their intended purpose.
Quality management systems consist of common elements that are expressed as the organizational structure, processes, procedures, work instructions, and resources needed to implement quality management
Shared elements of the organizational structure, authorities and responsibilities, methods and processes, data management, resources, training, maintenance, customer satisfaction/requirements, product quality, and continuous improvement are based on the principles of quality management:
- Customer and regulatory focus: By understanding current and future customer needs, organizations can meet their requirements while ensuring that all known applicable regulations are applied.
- Leadership on purpose and direction: Leaders, by establishing the unity of purpose and direction of the organization, should create and maintain the internal environment in which people can become fully involved in achieving the organization’s objectives.
- Involvement of people at all levels: People are the essence of an organization and their full involvement enables the best performance in the organization.
- Process approach to resources and activities: This principle commonly leads to the Plan–Do–Check–Act (PDCA) approach.
- A systems approach to management: Core in the system’s smooth running is identifying, understanding, and managing inter-related processes of a system as it contributes to the organization’s effectiveness and efficiency in achieving its objectives and reducing overall process risks.
- Factual approach to decision making: Decisions based on the analysis of data and information are typically more effective. Monitoring and measuring will allow an organization to understand its ability to supply a safe and effective product and service.
- Mutually beneficial supplier relationships: An organization is responsible for ensuring the control of its outsourced processes, and with increasing regulatory pressure, supply chain management truly becomes one of the keys to success.
- Improvement as an ongoing objective: Long withheld in the medical device industry, legislation is now changing to stimulate product improvement in a continuous effort.
ISO 13485:2016 Revision
ISO 13485:2016, the Medical Device Quality Management System standard, has been harmonized to the European Medical Devices Directives: MDD, AIMDD, and IVDD. ISO 13485:2016 now replaces the previous version of the standard, ISO 13485:2012, in the EU Official Journal, with the date of ‘cessation of presumption of conformity’ of ISO 13485:2012 stated as 31 March 2019.
Standard harmonization allows manufacturers to use their compliance with the standard as evidence of conformity to the requirements of relevant legislation.
The harmonization of ISO 13485:2016 is another step towards compliance with the recently published Medical Devices and IVD Regulations, which will supersede the current Directives in 2020 and 2022, respectively.
Planning the implementation
The implementation process begins with the assumption that the decision to implement has already been taken. The best practice traces back the origin of the decision to implement and the underlying causes or views, such as supply chain requirement, regulatory requirement, or desire to improve performance, reduce waste, etc.
Some initial general steps for a successful implementation effort would include knowing how to interpret the ISO 13485:2016 requirements for your system, ensuring team members are knowledgeable on the current system, arranging management commitment, and developing a comprehensive project plan which includes monitoring steps. Where needed, training should be provided to staff to enhance their knowledge and to boost their commitment, which is crucial to the successful implementation and continuing compliance with the requirements of the standard.
The key elements would include promoting awareness, performing a critical gap analysis, and following the effective implementation of course getting ready for continually improving the system, where regulatory requirements allow.
The ultimate assessment and verification of the first implementation are in a round of internal audits followed by a management review concluding the effectiveness of the QMS.
With 2016 as the basis, it might be considered to claim also continued compliance to ISO 13485:2003 version for those countries where that version (and EN ISO 13485:2012 for Europe) is still used by the legislators as semi-legislative requirement.
Benefits of ISO 13485 certification
Whether you are looking to operate internationally or expand locally, ISO 13485 Certification can help you improve overall performance, eliminate uncertainty, and widen market opportunities. Companies with this certification communicate a commitment to quality to both customers and regulators.
- Increase access to more markets worldwide with certification
- Outline how to review and improve processes across your organization
- Increase efficiency, cut costs and monitor supply chain performance
- Demonstrate that you produce safer and more effective medical devices
- Meet regulatory requirements and customer expectations
ISO 13485 is the best internationally-accepted model a medical device organization can implement to help demonstrate compliance to laws and regulations of the medical device industry. It is the quality management system standard accepted as the basis for CE marking medical devices under European Directives and Regulations.
Although ISO 13485 certification is not a direct requirement for CE marking medical devices under the European Medical Device Directives and Regulations, it is recognized as a harmonized standard by the European Commission.
The standard is also used as a reference in the Medical Device Single Audit Program (MDSAP) and as such can be leveraged for compliance with the requirements of Canada, US, Japan, Brazil and Australia.
We offer consultation for the implementation of the ISO 13485 standard, training and gap analysis. Go to our contact page to request additional information.