What is ISO 13485?
ISO 13485:2003 is a single standard that comprises guidance on how to implement a quality management system in the medical device industry. ISO 13485 does reference two other standards that can be used for reference when implementing a quality management system for the design and development of medical devices.
The commonly used standards when implementing ISO 13485 is comprised of the following:
- ISO 13485:2003 – Specific requirements for use by an organization in implementing and operating a quality management system for the medical device industry. ISO 13485 draws heavily from the guidance in ISO 9001with specific changes to meet the unique requirements of operating in the medical device industry.
- ISO 14971:2009 – Provides guidance on the application of risk management to medical devices.
- ISO 14969:2005 – Provides guidance on how to implement ISO 13485 requirements.
ISO 13485:2003 is the de facto management system standard for the medical device industry. ISO 13485:2003 currently has more than 18,000 certifications globally, and unlike most ISO certifications, the United States is the leader in certifications with almost 3,500 registrations.
Organizations that are investigating entry into the lucrative medical device market are adopting ISO 13485 based on customer and regulatory requirements; ISO 13485’s core principles are heavily grounded in ISO 9001 and many organizations are making the transition to ISO 13485 to attract a new customer base. In addition to attracting new customers, core benefits include:
- Providing improved oversight of manufacturing practices, with a key focus on device-related risks;
- Improving focus on inventory management and product traceability;
- Requiring increased focus on regulatory and compliance requirements; and
- Meeting ISO 13485 requirements of large original equipment manufacturers for introduction as a new supplier
Organizations that have historically serviced the IT, aerospace and automotive markets are turning to ISO 13485 to help satisfy a new set of potential customers as they expand their service offerings. Even in times of recession, healthcare and medical devices are required, making the entry into the supply chain of medical device manufacturers a logical choice for organizations trying to diversify their client base.
If you or your customers are moving toward placing a medical device on the global market then certification to ISO 13485 will establish a base line to satisfy the regulatory requirements for many markets. This is not only applicable to the device legal manufacturer but to their critical suppliers as well. A few of the major markets recognizing ISO 13485 certification:
- Europe; Medical Device Requirements (MDD, AIMD, and IVDD)
- Canada; MDR Requirements require ISO 13485
- Japan; Pharmaceutical Affairs Law (JPAL) modeled after ISO 13485
- China; accepted as proof of meeting quality systems requirements
- Australia; demonstrates compliance with Therapeutic Goods Act (TGA)
- Many other countries recognize ISO 13485 certification and will provide a foundation for market entry
ISO 13485 is comprised of five major sections of guidance that must be implemented by a company:
|4 Quality Management Systems||Quality Manual that Defines Business Operations System to Control Documents System to Control Records Incorporation of Legal and Regulatory Requirements|
|5 Management Responsibility||Management Commitment Scope of Certification Quality Policy Quality Objectives Communication Practices Management Ownership Management Reviews|
|6 Resource Management||Provision of Resources Competence, Awareness and Training Infrastructure Work Environment|
|7 Product Realization||Planning of Processes Design Control Product Batching and Traceability Cleanliness of Product and Contamination Control Installation Activities Servicing Activities Sterilization Activities Requirements for Active and Implantable Devices Labeling and Packaging Purchasing|
|8 Measurement, Analysis & Improvement||Customer Satisfaction Internal Audits System for Non-Conforming Product Analysis of Data Customer Feedback Rework Practices Corrective and Preventing Action|
Each one of the areas above requires specific activities to be performed. In many cases, organizations have already invested time and resources to resolve specific requirements. For example, a company has implemented inventory systems, goals and objectives for the organization, or currently manages customer and regulatory requirements to ensure customer satisfaction and compliance. Since many organizations have started the implementation process to meet customers’ demands, the most pragmatic way to approach ISO 13485 is to evaluate the business processes against each of the ISO 13485 requirements. Many adopters of ISO 13485 have already been audited against one or more standards such as ISO 9001. An existing certification makes the transition to ISO 13485 easier, as many of the requirements of a management system, such as document and record control, are already be in place, allowing the company to focus on incorporating new requirements in an existing method.
After implementing the guidance of a quality management system for medical devices, ISO 13485 certification or ISO 13485 registration is a method in which a company can prove that they have successfully implemented the requirements. After documenting processes and performing reviews, a company can then look to an independent auditing company to review its processes and ensure that the company is adhering to the developed processes. At the end of the audit, the company is presented a certificate that it can provide to existing and potential customers as proof of its commitment to information security.
The challenge that many organizations face in implementing ISO 13485:2003 is the speed and level of depth that needs to be implemented to meet requirements. ISO 13485 incorporates not only the process-based methodologies of ISO 9001 but also the implementation of risk-based principles applied to design, development and manufacturing practices along with greater focus on legal and regulatory requirements. Organizations seek consultants to help with implementing ISO 13485 by:
- Developing and implementing meaningful risk management practices;
- Providing expertise in regulatory and country specific requirements
- Minimizing duplication of requirements that can come with building on an existing management system;
- Educating staff on expectations of the standard; and
- Ensuring successful initial achievement of certification.
ITG is here to help. We offer a catalog of services that are tailored to fit your budget, the experience of your team, availability of resources, and time constraints of your project. ITG believes in a work-share approach that allows you to determine how much or how little support you need to achieve your objectives.
ITG provides flexible solutions—from complete system development to company specific augmentation—providing valuable insight, advice, and troubleshooting along the way. Our goal is to ensure that you understand your system, support you in any way possible, and leave you with the tools to manage your system after the implementation. Our job is to understand your needs and provide you with the services that will meet your organizational goals, budget and timeframe.
Core to our success is the concept of “the ITG Advantage,” which means we:
- Believe in what we do, comply with the standards we promote, and improve every day;
- Are a small business that understands the cost of the commitment and work to keep investment and retention costs reasonable;
- Invest in training and tools to keep our techniques current;
- Strive to understand your needs and create solutions that are functional and effective;
- Adapt to what you need to ensure success;
- Create relationships of mutual benefit that are based on customer satisfaction; and
- Focus on making your system user- friendly rather than compliance-driven.
Please contact us today to discover how we can help you achieve success.