What is ISO 13485?
ISO 13485:2016 describes the requirements of a quality management system for organizations who design and manufacture medical products. It was published on 1st March 2016.
Though it is tailored to the industry’s quality system expectations and regulatory requirements, an organization does not need to be actively manufacturing medical devices or their components to be certified to this standard. This is in contrast, for example, to ISO/TS 16949 for the automotive industry where firms can seek registration from the moment that they have received a request for quotation from an IATF supply chain manufacturer.
ISO 13485 is a stand-alone standard that differs from ISO 9001 while at the same remaining consistent with it.
Some of the important differences with ISO 9001 are as follows:
- ISO 13485 does not have the same high level structure as ISO 9001:2015 and most other standards.
- ISO 9001 requires the organization to demonstrate continual improvement, whereas ISO 13485 requires only that the certified organization demonstrates the quality system is effectively implemented and maintained.
- The customer satisfaction requirements of ISO 9001 are absent from the medical device standard.
As ISO 9001 and ISO 13485 do not share the same structure, it is likely that many organizations would find it difficult to comply with both. So in most cases it makes sense to go with one or the other.
Changes from ISO 13485:2003 to ISO 13485:2016
The ISO 13485 standard was updated for two key reasons. Firstly, to keep up with changes in the industry and, secondly, to address changes in the underlying ISO 9001 standard. While the old ISO 13485:2003 standard was based on the old ISO 9001:2000 standard, the new one is also based on an older version of ISO 9001 being the 2008 version.
Although the new standard is a revision to the original guidance, there are areas in which the standard had significant updates. The major changes between ISO 13484:2003 and ISO 13485:2016 include:
- Regulatory requirements: The 2016 standard expects conformity to all regulatory requirements while the 2003 standard expected you to establish a QMS that complies with ISO 13845. In addition, it is expected that objectives are set for meeting both regulatory and product requirements.
- Risk based approach: The 2016 standard expects the application of a “risk based approach” for all QMS processes including outsourced processes and to cover product usability and safety requirements. In the previous version risk was applied only during the product realization process.
- Medical device file: The 2016 version expands the establishment of a special file for each type of medical device to include all associated specifications, procedures and records. It also requires the establishment of processes to document and control design and development changes and to evaluate their significance and impact on safety as well as performance.
- Record keeping: With the 2016 version there should be a record of the manufacture and testing of the medical device and that it be retained for its lifetime plus any other regulatory requirements. There must also be a record of supplier evaluation and re-evaluation. Also that privacy regulations are taken into account to protect confidential health information.
- Product realization: The 2016 version adds product handling, storage, measuring, revalidation, and traceability requirements to the requirements covering product verification, validation, monitoring, inspection and testing.
- User training: The new version adds the evaluation of the product’s safety and performance with its associated training needs to the previous version’s identification of product requirements specified by the customer and regulatory bodies.
- Supplier evaluation and monitoring: The new version requires that suppliers can meet the product, organization and regulatory requirements. That their performance is regularly monitored and that the risks of changes to the purchased product and of supplier underperformance are considered with regards to safety and performance.
- Process validation: While both versions require the validation of processes the new version adds the need to revalidate processes when deemed necessary. This also includes the validation and revalidation of medical devices that connect to or interface with other medical devices.
- Complaints: The 2016 version requires the development and documentation of complaint handling procedures for all complaints, not just customer complaints, and to identify improvement opportunities.
- Delivery of nonconforming product: The 2016 standard requires that delivered nonconforming products are investigated. Also that corrective action are performed and whether external parties, such as end-users and suppliers, need to be notified.
- Improvement: In addition to maintaining a suitable and effective QMS the new version requires that product safety and performance is considered when planning improvements to them. Also that when implementing any corrective and preventive actions that they comply with all regulatory requirements and that they don’t compromise the devices safety and performance.
isoTracker and ISO 13485
The isoTracker document control and quality management software helps organizations to better manage their ISO 13485 systems. Complete the 60-Day Free Trial form now and see how isoTracker can save you valuable time and money.
