For developers and suppliers involved in the delivery of medical devices, ISO 13485 is one of the most important international standards. As the transition period ends and the 2016 version replaces the standard’s previous edition (ISO 13485:2012), we’re taking a close look at this regulation that defines the requirements of medical device Quality Management Systems.
What is ISO 13485?
ISO 13485 is the globally recognized standard by the International Standards Organization for medical device Quality Management Systems. Originally released in 1996, the standard specifies the requirements of a QMS that helps companies achieve and demonstrate the ability to deliver high quality medical devices that meet customer and regulatory requirements.
The standard ISO 13485 — Medical devices -- Quality management systems is a standalone document, but it is harmonized with ISO 9001, the international general quality management standard, so cost synergies may be realized when seeking compliance with both.
ISO 13485 is to be used by any company involved in the delivery of medical devices at any point during the product’s lifecycle (encompassing the design, manufacturing, provision, and support phases). In addition, it can also be used by internal and external auditors to support a comprehensive audit process.
The vital importance of this standard is primarily due to the fact that compliance with it is a prerequisite to premarket clearance in various parts of the world. Specifically, ISO 13485 is harmonized with EU regulations, so conformity with the standard is necessary for premarket clearance (which in turn is a prerequisite to being able to put products on the European market).
In the United States, compliance with ISO 13485 is not mandatory, however, it greatly overlaps with the Food and Drug Administration’s Title 21 CFR Part 820, which medical device companies are required to conform to. Therefore, getting certified for both doesn’t require all that much extra effort, and can expand a company’s ability to market its products globally.
Structure of ISO 13485
The standard ISO 13485 is split into eight sections, the first three of which contain general information such as scope, normative references, terms and definitions. Sections 4-8 represent the substance of the standard, with requirements on the following:
Section 4 – Quality Management System
Section 4 outlines the general requirements for an effective QMS. In essence, this part of ISO 13485 calls for the organization to identify or define the processes that make up the Quality Management System. The company is also required to implement actions based on a risk-based approach to control these processes, and to monitor and measure the effectiveness of their QMS.
Furthermore, section 4 stipulates that the company documents their quality policy and objectives, and create a quality manual to describe the scope, processes, and relations between processes in the QMS.
Another set of requirements revolves around documentation. Specifically, this section calls for the establishment and maintenance of a medical device file for each type of medical device developed by the company. (The medical device file shall contain specifications, and descriptions of processes of manufacturing, packaging, storing, handling, measuring, monitoring, installation and servicing). The control of documents and records is regulated by section 4, requiring the company to use a documented procedure for the handling of these items.
Section 5 – Management responsibility
The next section calls for top management to provide evidence of its commitment to develop, implement, and maintain an effective QMS. What this means in practice is that they need to establish and communicate a quality policy with clear quality objectives.
Section 5 also provides guidance on defining, documenting, and communicating responsibilities and authorities in the organization. This part stipulates that the organization nominate a management representative on quality to report on QMS effectiveness at management reviews. Requirements on management reviews are contained in subsection 5.6, including the outputs of a review.
Section 6 – Resource management
Naturally, building and maintaining an effective QMS requires resources to be dedicated to this task. Section 6 provides requirements on resource management including HR, infrastructure, work environment, and contamination control.
This section requires the organization to identify personnel with established competence (assessing their skills and providing training if necessary by documented means). Requirements on the infrastructure encompass buildings, workspaces, equipment, and supporting services. This section also specifies criteria to control contamination with microorganisms or particulate matter.
Section 7 – Product realization
This section provides detailed requirements on the operation of the company regarding the realization of its product(s). The company shall determine quality objectives, and establish processes and documentation for the entire development lifecycle (from design, planning and development through traceability all the way to storage and distribution). Even aspects such as product cleanliness, installation, and service provision are discussed in this part of ISO 13485.
The section includes further requirements on design and development procedures, supplier management, verification and validation, design transfer, and service provision. Criteria for product acceptance also need to be defined, and Section 7 stipulates that records are necessary to provide evidence on the conformity of all product realization processes to requirements.
In addition, customer-related processes are covered by this section, such as communication with both customers and regulators, as is the control of monitoring and measuring equipment.
Section 8 – Measurement, analysis and improvement
The last section of ISO 13485 governs how the organization monitors, measures, and analyzes its processes to demonstrate QMS conformity and effectiveness. Specifically, there are subsections on monitoring and measurement (including feedback), complaint handling, regulatory reporting, internal audits, non-conformities, data analysis, and improvement. This section also calls for the establishment of processes to obtain and monitor customer feedback and to manage complaints.
Section 8 stipulates that organizations carry out internal audits to assess conformity with the QMS, and to determine whether processes are achieving their planned results. The section emphasizes risk management, and details the use of CAPA (Corrective and Preventive Action) to eliminate the cause of any non-conformities.
Changes in ISO 13485:2016
Following a 3-year transition period, medical device developers around the world are now facing the final deadline of 29 Feb 2019 to update their QMS systems as per ISO 13485:2016. Hopefully, readers of this blog are nearing completion in updating their QMS 6 weeks ahead of the deadline.
A successful revision of Quality Management Systems from the 2012 version should cover changes around the following topics in ISO 13485:2016:
Risk management: The application of a risk-based approach to all processes, including purchasing and software validation, and supplier management.
Management responsibility: Requirements around the responsibility of management to define quality objectives and a focus on customers.
Software validation: Documented procedures should be used for the qualification and validation of any software tools used in the Quality Management System.
Watch on-demand webinar: Experts Talk: Tool Validation per FDA Title 21 CFR Part 11
Resource Management: Requirements around the management and maintenance of equipment and human resources. New requirements include the use of documented processes to determine and ensure competence, and the measurement of effectiveness.
Product cleanliness: There are new requirements in ISO 13485:2016 calling for documented procedures in validating activities to ensure sterilization and the control of contamination.
Feedback: There are new post-market surveillance requirements in this latest version of the standard. ISO 13485:2016 also demands that companies use documented procedures and CAPA in complaint handling.
Overall, adherence with the requirements of ISO 13485 takes immense effort, but greatly supports compliance with other international regulations. The establishment of a comprehensive and effective Quality Management System helps companies involved in medical device development ensure their products’ safety and performance.
The combination of QMS with integrated ALM gives medtech companies a 360-degree view of their quality activities, and simplified reporting and auditability to demonstrate ISO 13485 compliance. To learn more about using codeBeamer ALM in conjunction with QMS, get in touch with us!