What is ISO 13485?
ISO 13485 is the internationally recognized standard for quality management systems in the design and manufacture of medical devices. It outlines specific requirements that help organizations ensure their medical devices meet both customer and regulatory demands for safety and efficacy.
Why is ISO 13485 important?
ISO 13485 is crucial for manufacturers and suppliers of medical devices as it establishes a framework to ensure consistent design, development, production, and delivery of medical devices that are safe for their intended purpose. It aids in meeting rigorous regulatory requirements and managing risk, while ensuring best practices in the manufacture of medical devices. This standard not only facilitates market access across different countries but also enhances trust among stakeholders through demonstrated commitment to safety and quality.
Structure of the ISO 13485: 2016
The ISO 13485: 2016 standard is structured into several clauses that outline the requirements for an occupational health and safety management system. Here’s a brief overview of the structure by clause:
1. Scope (Clause 1): It outlines that ISO 13485 is intended for organizations involved in the design, production, installation, and servicing of medical devices and related services.
2. Normative References (Clause 2): Refers to any other documents that are essential for applying the standard. For ISO 13485:2016, there are no normative references.
3. Terms and Definitions (Clause 3): Defines terms used within the standard, many of which are drawn from ISO 9000, with some specific to medical devices, such as “medical device”, “risk”, and “sterile barrier system”.
4. Quality Management System (QMS) (Clause 4): Requires the organization to establish, document, implement, and maintain a QMS. Includes requirements for process control, risk-based approach, and regulatory compliance. Specifies the need for a Quality Manual, documented procedures, and records. Emphasizes control of documents and records to ensure data integrity and traceability.
5. Management Responsibility (Clause 5): Focuses on the commitment of top management to:
- Top management must demonstrate commitment to the QMS.
- Ensuring customer and regulatory requirements are understood and met.
- The organization must establish a policy that supports the quality objectives.
- Quality objectives and planning for QMS changes must be managed.
- Clear roles, responsibilities, and internal communication channels must be defined.
- Regular review of QMS performance, issues, and improvements by top management.
6. Resource Management (Clause 6): Ensures necessary resources are provided to maintain the QMS. Personnel must be competent, qualified, and trained. Sufficient resources for implementing and maintaining the QMS. The environment must be controlled to ensure product quality, especially for sterile devices.
7. Product Realization (Clause 7): Addresses the processes and documents needed to produce the product. Determining requirements, communication, and contracts with customers. Control over suppliers and purchased product conformity. Control of manufacturing processes, equipment validation, and traceability. Control of equipment used to monitor quality.
8. Measurement, Analysis, and Improvement (Clause 8): This clause focuses on monitoring the performance of the quality management system and taking corrective actions to improve it, ensuring product conformity and customer satisfaction.
Stages of ISO 13485: 2016
Obtaining ISO 13485: 2016 certification involves several key requirements and steps:
- Establishing an MDQMS: The organization needs to establish a Medical Device Quality Management System (MDQMS) that meets the requirements of ISO 13485: 2016.
- Documentation: Develop the necessary documentation for the MDQMS, including a health and safety manual, documented procedures, work instructions, and records required by the standard.
- Implementation: Implement the MDQMS across the organization, ensuring that all relevant personnel are aware of their roles and responsibilities in maintaining safety standards.
- Internal Audit: Conduct internal audits to assess the effectiveness of the MDQMS and identify areas for improvement.
- Management Review: Hold management reviews to evaluate the MDQMS performance, suitability, adequacy, and opportunities for improvement.
- Stage 1 Audit “Readiness Review”: To assess your preparedness for the full (Stage 2) certification audit. Engage an accredited certification body to conduct a certification audit. This audit will assess the organization’s MDQMS against ISO 13485 requirements to determine compliance.
- Stage 2 Audit – “Certification Audit”: To evaluate the effectiveness and implementation of your QMS against ISO 13485:2016 requirements.
- Corrective Actions: Address any non-conformities identified during the certification audit and implement corrective actions as necessary.
- Certification: Upon successful completion of the certification audit and resolution of any non-conformities, the certification body will issue ISO 13485: 2016 certification.
- Surveillance Audits: Maintain the MDQMS and undergo periodic surveillance audits by the certification body to ensure ongoing compliance with ISO 45001 requirements.
Benefits of ISO 13485: 2016 Certification
ISO 13485: 2016 certification offers numerous benefits to organizations:
- Risk management enhancement: Provides systematic methods to identify and mitigate risks throughout the product lifecycle, ensuring patient and user safety
- Regulatory compliance: Helps organizations meet strict regulatory requirements specific to medical device manufacturing, crucial for market access and global trade.
- Operational efficiency: Streamlines processes to improve overall efficiency and effectiveness, reducing waste and increasing productivity
- Market access: Facilitates entry into global markets with standardized compliance, enhancing competitive advantage
- Enhanced reputation: Builds credibility and trust with stakeholders, including regulators, customers, and end-users, through proven adherence to a globally recognized quality standard
What are the Documents and Records an organisation should maintain for ISO 13485: 2016 Certification?
1. Mandatory Documents (Required by ISO 13485:2016)
These are documents you must have to demonstrate compliance with the standard.
Document | Purpose |
Quality Manual | Describes the scope of the QMS and outlines key processes. |
Control of Documents Procedure | How documents are reviewed, approved, and updated. |
Control of Records Procedure | How records are managed and retained. |
Internal Audit Procedure | Process for planning and conducting audits. |
Control of Nonconforming Product Procedure | How defective products are managed. |
Corrective Action Procedure | How issues are corrected to prevent recurrence. |
Risk Management Procedure | Approach to identifying, assessing, and controlling risks. |
Design and Development Procedure (if applicable) | For organizations involved in design. |
Complaint Handling Procedure | Managing product-related complaints. |
Product Recall/Advisory Notice Procedure | How recalls or safety notices are issued. |
Purchasing Procedure | Managing supplier selection and purchased products. |
Validation of Processes Procedure (for sterile or critical processes) | Ensures process outputs meet expectations. |
Installation and Servicing Procedures (if applicable) | For products requiring installation or servicing. |
Monitoring and Measurement Equipment Control Procedure | Managing calibration and verification. |
2. Mandatory Records (Objective Evidence)
Record | Description |
Management Review Records | Minutes and results of management reviews. |
Training Records | Evidence of employee competence and training. |
Design and Development Records | Inputs, outputs, reviews, verification, validation. |
Risk Management Records | Hazard analysis, risk evaluations, risk controls. |
Complaint Records | Investigations and actions taken. |
Internal Audit Records | Audit reports, findings, follow-up. |
Nonconformity and Corrective Action Records | Actions taken for quality issues. |
Supplier Evaluation Records | Assessments and re-evaluations of suppliers. |
Monitoring and Measurement Records | Results of inspections and tests. |
Product Traceability Records | Traceability of product from input to delivery. |
Validation Records | Validation of software, sterilization, critical processes. |
Installation & Servicing Records (if applicable) | Documentation of services performed. |