What is ISO 13485? How did it start?
ISO 13485 is a standard related to quality management systems specifically for the medical device industry and supporting functions. The standard is designed to help organizations ensure compliance to regulatory requirements while providing a safe and effective product.
What is now known as ISO 13485 was originally based on the application of EN46001 in conjunction with ISO 9001:1994. Eventually, a standalone version was created with the release of ISO 13485:1996 and later updated in 2003. ISO 13485:2016 was released in February 2016 and is the most recent update.
What’s new in ISO 13485:2016?
Some of the key improvements in the 2016 version include:
– Expansion of the standard to include all organizations involved in product lifecycle from inception to end of life.
– Increased focus on post-market surveillance and complaint handling.
– Improved alignment with regulatory requirements.
– Increased focus on risk management.
– More emphasis on implementing the appropriate infrastructure, particularly for the production of sterile medical devices.
What do I need to know about the ISO 13485:2016 Transition?
In theory, the transition period will last three years, meaning that you can become certified or have surveillance audits according to ISO 13485:2003 until March 2019. In reality, most of the certification bodies announced that they will stop issuing new certificates to ISO 13485:2003 much sooner. Talk to your certification body ASAP to understand their timeline.
This transition timeline may seem long, but Notified Bodies expect a surge of companies that will want to recertify in 2018 or sooner. Plan ahead to avoid potential delays or a potential lapse in your certification.
We recommend a Gap Assessment to kick off your transition process. During Gap Assessment audit, we evaluate your QMS to determine your current level of compliance with ISO 13485:2016. Companies experienced in ISO 13485:2003 are likely fairly compliant with the new standard but this will provide a fact-based assessment of where you stand. It is also the first step in developing of a quality plan to update your QMS to be fully compliant with the new standard. We can also provide consulting work to help you implement the necessary changes.
How is the ISO 13485 standard different than ISO 9001?
The ISO 9001:2015 and ISO 13485:2016 standards are structured very differently, mostly due to ISO 9001:2015 moving to a 10-clause structure. ISO 13485:2016 maintained its 8-clause structure has significantly more requirements related to documented procedures, generation/retention of records, specifications, cleanliness, validation, adverse events reporting, etc.
Sections of the ISO 13485 standard:
ISO 9001:2015’s High-Level Structure (HLS) is a set of 10 clauses that all ISO management system standards are required to use in the future (including the future revision of ISO 13485). This helps ensure that all management system standards will have the same look & feel, and make integration easier between systems of different disciplines.
What are the auditing requirements?
ISO 19011 – “Guidelines for auditing Management Systems” is a great resource that thoroughly describes the auditing function and is directly referenced in ISO 13485. Becoming and maintaining certification to the ISO 13485 standard requires two types of auditing:
1. Internal Audits – Audits by internal or contracted staff that are specifically trained to the ISO 13485 standard and internal procedures/requirements.
2. External Audits – Auditing by an external certification body.
Internal Auditing is key to understanding compliance of the company to the requirements of the ISO 13485 standard. It requires review and assessment to verify that the current quality system is effective – and if not, to correct and prevent any identified issues. ISO 13485 has very clear requirements regarding the internal audit process, as evidenced by the excerpt below:
“The organization shall document a procedure to describe the responsibilities and requirements for planning and conducting audits and recording and reporting audit results. An audit program shall be planned, taking into consideration the status and importance of the processes and area to be audited, as well as the results of previous audits. The audit criteria, scope, interval and methods shall be defined and recorded (see 4.2.5). The selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process. Auditors shall not audit their own work.”