ISO 13485 is a quality management system for medical devices, including requirements for regulatory purposes. It does not apply to pharmaceutical. Structured similarly to ISO 9001:2008. Not include the requirements specific to other management systems
Differences between ISO9001 and ISO13485:
- the numbering of sections differs
- ISO 9001 doesn't required procedures, ISO 13485 does
- ISO 9001 uses “documented information” for procedures and records. ISO 13485 utilizes the terms “procedures” and “records.”
- ISO 13485 has a section on Medical Device Files and a section on meeting regulatory requirements.
- ISO 9001 doesn't have a section on preventive action. ISO 13485 does
Both standards have similarities. Both have:
- an expectation for the organization to consider risk
- process approach
- utilize a management review
- require resource management
-sections on planning, design and development processes, control of suppliers, controlled production and monitoring and measuring performance
ISO 9001:2015 and ISO 13485:2016 can both be implemented together
ISO 13485 specifies requirements for a Quality Management System (QMS)
There are multiple jurisdictions with regulatory requirements for the supply chain of medical devices. Those companies implementing ISO 13485 are expected to:
• Identify the organization’s role under the applicable regulatory requirements
• Identify the regulatory requirements that apply to its activities under these roles
• Incorporate these applicable regulatory requirements within the QMS
ISO 13485 uses the phrase “as appropriate”. If a section of the standard does not apply, there must be justification as to why it doesn’t apply and can only be done is setion 6, 7 and 8. All the requirements in sections 4 and 5 MUST be implemented
“Risk” in ISO 13485 pertains to the safety or performance or the regulatory requirements of the medical device: risk to the patient or user
A process approach must be used. It must emphasize:
• Understanding and meeting requirements
• Consider processes in terms of the value they add
• Look at the results of the process performance and effectiveness
• Improve the process based on objective measurement
Sections 4 is where the QMS is planned. Sections 4 is the “Plan” step in the Deming “Plan-Do-Check-Act” cycle.
Creating the QMS:
• Scope – what is in the QMS what is not
• Roles – must be documented and identify the applicable regulatory responsibilities and authorities
• Documentation
• Define the Processes including the inputs, outputs and measurement method and interactions. If the processes are changed how is the impact of that change measured in the process and on the device?
• Identify the risks and the criteria to determine when a risk requires action
• Determine the measure of effectiveness of the QMS
• Ensure the availability of resources and INFORMATION
• Implement actions to achieve the intended results of the QMS
• Establish and maintain records to demonstrate conformance to the standard
• Control your suppliers. You should have written quality agreements with your suppliers.
• Procedures to document the validation of software used in the QMS must exist and software must be validated prior to initial use. This is a new requirement in the 2016 revision and there is some discussion among auditors as to what this means.
Documentation: ISO 13485 requires specific documents. You must have a quality policy, quality objectives, a quality manual, documented procedures and records to demonstrate compliance.
The quality manual:
- scope of the QMS and reference documented procedures
- a description of the interaction of the processes
- outlines the structure of the documentation system
Medical device file for each device family include:
• A description of the device including its intended use, labelling and instructions
• Product specifications
• Specifications or procedures for manufacturing, packaging, storage, handling, distribution
• Procedures for measuring and monitoring
• Installation requirements and servicing procedures
Documentation procedure is required defining how documents are controlled and:
• How documents are reviewed and approved prior to issue
• How revised documents are re-approved
• How the current revision status and changes are identified
• How only the current document is available for use and how obsolete documents are identified and prevented from use
• How documents are kept legible and readily identifiable
• How documents are stored to prevent deterioration or loss
• How long obsolete documents are kept
Control records procedure should address:
• Identification
• Storage
• Security and integrity
• Retrieval
• Retention time and disposition
• Protect confidential health information contained in records
If you have questions or need help implementing the standard, email us at Technacon1986@sbcglobal.net or go to our website www.technacon.com or call us at 708-814-3685.
