The International Standard Organization first time published the medical device-related standards in 1996, the ISO 13485 and ISO 13488. In ISO 13485, design control requirements were included while in ISO 13488, no design control requirements were included. A few years after, in 2003, ISO 13485 was revised and included the requirements of Process Approach. Now, in 2016, the standard has gone through some changes and is named as ISO 13485:2016. This revision intends to create a global auditing process through the medical devices single audit program instead of having multiple audits throughout the year.
Medical devices are revolutionizing medicine with breathtaking advances in the detection and treatment of many diseases. ISO 13485 is evolving with medical devices to keep pace with modern innovation. Possibly more than any other type of manufactured product, the quality of medical devices has a direct impact on their work effectiveness as well as the safety of patients, and users. Therefore, most of the service providers in the medical device industry sector understand the main objectives of ISO 13485, which is to harmonize medical device regulatory requirements for a quality management system to have quality medical devices and safe patients. ISO 13485:2016 standard defines quality management system requirements for organizations that are involved from the initial stage of conception to production and post-production. Requirements include final decommission and disposal of the medical device’s life-cycle, design and development, production, storage and distribution, installation as well as delivery of medical device or related services that are safe for their intended purpose.
The main improvement of ISO 13485:2016
The new standard puts more emphasis on risk management and risk-based decision making for processes out of product realization field. The focus on risk is placed due to the safety and performance of medical devices and compliance with regulatory requirements. Medical devices in support by ISO 13485 reflect increased regulatory requirements for the organization through the supply chain. Specifically: the updated standard pays more attention to the greater emphasis on the proper infrastructure, especially for the production of sterile medical devices, as well as for the validation of sterile barrier properties.
Product realization and production control
The new standard anticipates the establishment of product handling, storage, measuring, revalidation and traceability requirements. Whereas in a different state, the old version covered the same basic matters which required identifying the product verification, validation, monitoring, inspecting and testing requirements.
The new standard introduces several changes to provide greater control over devices production. Main changes of ISO 13485:2016 are related to the hygiene of the production and records of servicing activities.
Computer validation software
There are some additional changes on the standard regarding the applicability of the computer system validation as well. The ISO 13485:2003 states the validation of the software for “production and service provision”, while the latest version of the standard analyzes requirements for software used as part of the Quality Management System. Additionally, ISO 13485:2016 involves the step of adding the application of risk to the validation process and requires validation and revalidation to be proportionate to the risk related to the use of the software.
Supplier management and monitoring
The new standard states greater emphasis on supplier selection criteria. ISO 13485:2003 requires from the organization the establishment of supplier standards, while the updated standard has a greater focus on the performance of the supplier and how the performance can affect the quality of the device. Whenever selecting a supplier, you not only intend to monitor the supplier’s performance but to take into consideration the risk when a supplier fails or has low performance, then your response should be proportional to the risk that you are taking as well. The ISO 13485:2016 helps toward a reevaluation of the criteria and takes necessary actions in case the requirements are not met.
A risk-based approach is found in both standards; however, the old version drives you to think about risk only during product realization. Whereas, the ISO 13485:2016 drives the application of risk methods and techniques in the whole processes of the Quality Management System, as well as outsourced processes.
What are the benefits of ISO 13485:2016?
Organizations can benefit a lot by adopting ISO 13485:2016; mostly related to safety and performance of medical devices. Very often quality is viewed as an inconvenience. However, organizations that embrace quality most of the time are considered having lower costs, less recalls, and overall improved productivity.
ISO 13485 can help an organization by:
- Demonstrating compliance with regulatory and legal requirements
- Ensuring the establishment of internationally-harmonized QMS practice that constantly provide safe and effective medical devices
- Managing risk in an effective way throughout the whole supply chain
- Improving processes, manufacturing methodologies and efficiencies accordingly
An organization that embraces quality helps in achieving compliance, improves operations, and finally, delivers a competitive advantage.
ISO 13485 & ISO 9001
ISO 13485 is a stand-alone standard, therefore has got similarities with ISO 9001 Quality Management System in the scope and intent. Since ISO 13485 and ISO 9001 differ in structure and terminology, they also have particular similarities that allow them to work together without opposing one another. This allows the organization to obtain certification in both standards and maintain them accordingly.
The ISO 9001:2008 standard has several differences compared to the ISO 9001:2015 because it follows a high-level structure. In the new ISO 9001:2015 standard, some requirements have been removed like management representative and preventive action which is part of ISO 9001:2008 and ISO 13485.
Planning for implementation of the ISO 13485:2016
As the ISO 13485:2016 is already published, it is time to plan for updating the quality management system according to the new standard.
The organizations should obtain a copy of this new standard. The responsibilities for the upgrading of the system should be assigned. Responsible persons should be trained on the new standard rules and regulations. A gap analysis should be conducted and work should be started immediately to eliminate the gap. Although there are three years, timely preparation will be a wise approach.
PECB is a certification body for persons, management systems, and products on a wide range of international standards. As a global provider of training, examination, audit, and certification services, PECB offers its expertise in multiple fields, including ISO 13485 Quality Management System for Medical Device courses.