Medical Devices QMS - ISO 13485

how can we help you?

Reach out to us to know more about our training programs or submit an inquiry online.

Medical Devices QMS - ISO 13485

The ISO 13485 standard defines requirements for a quality management system (QMS) in which an organisation must showcase its capability to deliver medical devices and services that meet customer needs as well as applicable regulatory requirements.
The primary goal of ISO 13485 standard is to facilitate the regulatory requirements of medical device QMS. It consists of a few specific requirements for medical devices and excludes some requirements of ISO 9001 that are inapplicable to medical devices. As a result, organisations whose quality management systems conform to ISO 13485 standard cannot claim complianceto the ISO 9001 standard unless it satisfies all the requirements of ISO 9001. Regardless of the size or type of the organisation, ISO 13485 requirements are specific to organizations
In cases where the regulatory requirements permit exclusions of design and development parameters, it can act as justification for exclusion from the QMS. The regulations can create alternative arrangements that are to be addressed in the QMS. The organisation is responsible to ensure that claims of compliance with ISO 13485 excludes design and development parameters.
The ISO 13485 mainly includes the following,

  • Newly established requirements serving the medical device industry.
  • A few of the ISO 9001 requirements
ISO 13485 is different from ISO 9001 in some ways, modifying or removing a few of the ISO 9001 requirements. An example is that ISO 13485 rejects the ISO 9001 requirements on continuous improvement as most medical device organisations are required to maintain their quality management system, not improve them. The ISO 9001 standard focuses on the improvement of quality systems while ISO 13485 focuses on the maintenance aspect. Another example is that the customer satisfaction requirements of ISO 9001 are excluded in ISO-13485

Few key points adopted by ISO 13485

1. Focus on fulfiling customer and regulatory requirements
2. Use a process-based approach
3. Maintain the effectiveness of QMS
4. Maintain procedural documentation ISO 13485 has specific
requirements not covered by ISO 9001 that include both system/process requirements as well as documentation related to the medical device industry.

System/Process Requirements of ISO 13485

1. Clinical trials and evaluations
2. Product cleanliness and contamination protocols
3. Requirements for implantable devices
4. Proper communication and circulation of advisory notices
5. Risk management systems
6. Requirements for additional research and development

Additional documentation required for ISO 13485 apart from regulatory documentation

1. Training procedures
2. Cleanliness, health, and clothing
3. Authorities and responsibilities
4. Elimination of contaminated products
5. Customer requirements
6. Design and development
7. Risk management
8. Labeling and packaging
9. Installation and verification
10. Purchase control, purchase traceability and verification
11. Reference materials
12. Validation of sterilization process
13. Preservation of product, including its shelf life
14. Monitoring and measurement

Difference between ISO 9001 and ISO 13485

ISO 13485 is a regulatory standard where the focus is on meeting customer and regulatory requirements, and the maintenance of the effectiveness of the QMS. In contrast, ISO 9001:2015 focuses on continuous improvement and customer satisfaction. These two things are hard to measure and also tend to be subjective in nature. So, when the ISO 9001:2015 standards were applied to medical devices, these subjective requirements were modified to include meeting the regulatory and customer needs as well as maintaining the effectiveness of the QMS, both of these are easy to measure.

Another big difference between ISO 13485 and ISO 9001 is that this is a regulatory standard, which means that more documented procedures are required. ISO 13485 is structured in the same manner as the ISO 9001:2015 standard. In fact, close to 90% of the ISO 13485 is similar to that of ISO 9001.

Objectives of ISO 13485 and ISO 9001:2015

A) ISO 9001:2015

Establishing the requirements for a generic QMS that fulfils customer and regulatory requirements, along with enhancing customer satisfaction through continuous improvement.

B) ISO 13485

Setting up the requirements for a QMS which is capable of consistently fulfiling customer and regulatory requirements

When we integrate a good QMS into the management and goals of a company, it offers a way to reduce any variations. By reducing variations, the company can get some financial benefits like reducing junk and improved efficiencies of general processes. Therefore, a well-functioning QMS makes good sense from a financial and business perspective.

The ISO 13485 obeys the process approach of ISO 9001:2015. The process approach sees the QMS as a set of connected processes covering not only the products or services, but also support and management processes.

Basically, a process transforms a set of inputs into outputs. Input includes all aspects required to accomplish this transformation. In manufacturing processes, inputs might include raw materials, work benches, cleaning materials, manufacturing supplies, tools & equipment, written instructions, work standards, people, work building, assembly drawings, and more. The outputs produce the finished part, which also include records on what work was done by whom and also information on how the transformation was achieved. This relates to things like production yield or time to complete.

For example, in non-manufacturing processes, Document Control has inputs like Document Control procedure, document control center, change request, people, equipment like computers, copy machines and scanners. Here, outputs can include process statistics, controlled copies and controlled documents. From the above two examples, one observation you can make is that the output of one process, like Document Control, becomes the input of another process, like manufacturing.

————————————————

ISO 13485 Section 4 includes the general requirements. It relates to finding specific processes, their interaction and handling outsourced processes. In Section 4, you can find the quality manual, policy, objectives, and the criteria for document control and record control. It also provides the outline for a company’s document structure. Document control involves the review and approval of documents before their use, control of changes, and ensuring that current versions of controlled documents are readily available for use. Record control involves maintaining integrity and setting up procedures for the duration of maintenance of documents and records.

Section 5 needs the management involvement at the level of the person who makes policy and financial decisions. It is because the management of a company must partake actively in the establishment and maintenance of the ISO 13485 QMS. The person is normally either the CEO or chief of operations. Creating the quality policy and objectives, establishing the support of the QMS and provision of resources are the responsibilities of top management. Moreover, they appoint a Management Representative who has the responsibility for the proper functioning of the QMS. This is usually the highest senior quality manager. Quality planning and ensuring that the quality policy is understood at every level of the organization is another responsibility of upper management.

The periodic management review of the QMS includes specific requirements. It specifies the minimum requirements that must be covered in these reviews, as well as the output requirements. This is one of the most crucial processes for a QMS and also adds benefit to the company by giving a structured framework for productivity and quality.

The requirements for provision of resources are included in Section 6. The management should provide adequate facilities such as workspace, tools and equipment like computer systems. The building environment must integrate devices where necessary. These facilities must be maintained to produce devices fulfiling all the requirements. The QMS should have a process to ensure all the required maintenance activities are performed.

People are important for the quality of medical devices. The key is the inclusion of a sufficient number of people who are capable, competent and fully aware of their job responsibilities. Training of personnel and keeping of good training records are simply not enough.

The management must define the job requirements in the quality manual as well as the job descriptions. The QMS must ensure and document that employees fulfil these requirements, or have prior training to fill in any gaps. Continuous awareness of employees on QMS requirements, especially for documents and record-keeping, is the management’s responsibility. Employees should also be aware of their job responsibilities, especially related to product quality. They must be informed about the consequences of failing to do their job correctly on the product itself or on the people using the product.

Section 7 is named as Product Realisation and it affects what people do on a day-to-day basis in the company. It covers everything needed for the full realisation of the product, starting from customer requirements and moving to design & manufacturing, installation and support of a medical device.

An important part of a functioning QMS is proper planning. By coming up with a plan for product realisation, the company needs to set up processes for all stages of product realisation, from receiving customer requirements, purchasing of supplies and materials and designing of product, to the installation and service of the device. An inherent risk is there in everything we do. However, when it comes to the manufacturing of medical devices, the risk is a person’s life. Hence, the ISO 13485 standard established that “The organization shall establish documented requirements for risk management throughout product realization.”

Risk management usually includes,

i) Risk Assessment – for identifying potential risks
ii) Risk Analysis – checking the severity and probability of all hazardous situations
iii) Risk Reduction – includes the reduction, mitigation and elimination of risk to the best extend possible

Risk management is applicable to processes, including QMS processes. Most importantly, it is applicable to device design, manufacturing as well as support processes. This is a critical process and hence ISO 13485 has established that risk management be done in accordance with the international standard of risk management for medical devices, ISO 14971.

The planning phase of product realisation starts with setting up processes for handling the customer requirements as well as for communicating with the customer throughout the life cycle of the device. The requirements may be simple or complex depending on the customer. Communication involves a two-way approach with the customer for changes in requirements and finding ways to collect customer feedback on all aspects of the device as well the business processes of the manufacturing company.

When a company makes product or process design, they should meet the requirements for design controls stated in ISO 13485. Governments and regulatory agencies have found that the adverse events related to medical devices were caused due to poor design. Establishing a controlled design process which includes risk management, validation, verification, and the controlled transfer of a design to manufacturing can reduce the chances of adverse effects. A product development process that fulfils the design control requirements starts by establishing design requirements, and moves through validation to manufacturing.

Design Control Requirements

Establishing the requirements for a generic QMS that fulfils customer and regulatory requirements, along with enhancing customer satisfaction through continuous improvement.
  • The design control requirements involve the following,
  • Design and development planning
  • Design Input
  • Risk Management
  • Design Output
  • Design Review
  • Design Verification
  • Design Validation
  • Design Transfer
  • Design Changes
  • Design History File
Once a device design is created with proper manufacturing processes, it is important to ensure that the raw materials used while making the device are of the highest quality. The ISO 13485 purchasing requirements involves purchasing from qualified suppliers according to established specifications and assuring that the purchased product fulfils the specifications.

Control of manufacturing or production processes is important in order to assure that the manufactured device fulfils all its specifications. In addition to production process control, it also includes the control of how materials are identified, stored and used.

This includes not only controlling the production processes, but control of how materials as well as devices are identified, stored and used. Documented processes have to cover aspects such as receiving raw materials and devices, production, warehouse, testing, shipping, installation and servicing. A few of these processes cannot be completely tested to check whether all product specifications are reached. Processes not fully verified must be validated to assure that they always meet specifications, and once validated must be controlled and performed by trained personnel.

One effective way to ensure that products meet the specifications is by using monitoring and measuring equipment. Such equipment must be controlled and calibrated to provide accurate results. A calibration and preventive maintenance program is totally essential for this.

The final section of the ISO 13485 standard includes feedback and other information for the maintenance of the effectiveness of QMS. The following are the aspects of this last section of ISO 13485,

1. Feedback such as complaints from customers and the handling of adverse event
2. Conducting an internal audi
3. Monitoring and measurement of processes and products, including nonconforming produc
4. Analysing the dat
5.Performing corrective and preventive action

Corrective action fixes the root cause of a problem. It is not enough to just fix a problem. The root cause should be fixed. A root cause analysis such as the “5 Why” method is essential not just for the corrective action system, but for the entire QMS.

Preventive actions eliminate discrepancies by correcting the things that may go wrong. A preventive action system is one that provides the biggest financial benefits of a quality management system.

Implementation of ISO 13485

Purchase a copy of the standard

Before developing a QMS, get a copy of the standard. Read and familiarise with the concepts

Review supporting documents

A wide range of quality supporting documents are available on the Internet for better understanding and implementation.

Build a core team who agrees with your strategy

Start the implementation process by building the organisational strategy with top management. Since the responsibility for a QMS lies with top management, it is crucial to involve them from the beginning. Build a core team of process owners with the support from top management.

Take training

There are plenty of workshops, seminars and training courses whether you are a quality manager or process owner trying to implement a QMS or a senior manager seeking to increase your general awareness of ISO 13485, ISO 14971, risk management, and so on.

Consider consultancy options

Get advice from independent third-party consultants like UQS on how best to implement your quality management system. They will take care to ensure that you avoid any costly mistakes owing to their experience in implementing a QMS.

Create a quality manual

A quality manual is a high-priority document that outlines your intention to operate with quality. It describes why you are in the business, what your intentions are, how you are applying the ISO 13485 standard and how your business operates.

Make supporting documentation

This supporting documentation is usually a procedures manual which supports the quality manual. Basically, it tells how you complete a task by describing who does what, in what order and to what standards.

Implement your QMS

Communication and training are cornerstones of proper implementation. During the implementation phase, everyone operates according to established procedures and collects data that demonstrates you are doing what you promised you will be doing.

Perform Internal Audit and Management Review

At regular intervals, conduct an internal audit and a management review to check whether the QMS is working according to the requirements. It should be effective and sufficient for your organisation’s operations.

Select a certification body

A registrar is a third party who comes and assesses the effectiveness of a QMS, and then issues a certificate if it meets the standards. Selecting a registrar can be challenging and you must consider factors like industry experience, price, geographic coverage, and level of service offered. The key is to find a registrar who meets your requirements. You can reach out to us for any help with choosing a registrar.

Get certification

Arrange an initial assessment with your registrar. The registrar will review your QMS and evaluate whether you are eligible for registration. If eligible, you will get a registration.

Continuous assessment

After receiving registration and getting the certificate, you can advertise and promote your business. You can maintain your registration by continuing to use your quality system. The registrar will periodically check this to ensure the QMS continues to meet the standards.

QMS Registration

Registration to ISO 13485 happens when an accredited third party visits an organisation, assesses the quality management system and issues a certificate to show that the organisation abides by the principles set out in ISO 13485.
The QMS certificate is a sign of credibility which saves you from having to prove your quality standards to your customers. ISO 13485 provides a global validation. Once you are certified, it is valid for 3 years and is subject to the annual surveillance audit.

Why do I need certification?

Getting certification to ISO 13485 through any of the different certification bodies will empower your organisation to flourish. Whether you are expanding locally to bring new business or seeking ways to operate internationally, ISO 13485 will let you demonstrate to potential customers that you commit to quality standards.
The frequent assessments will ensure the continual use, monitoring and improvement of your processes. The registration can improve the overall performance, eliminate uncertainty and increase market opportunities.

Looking for a Professional Quality Management System Consultant ?

Services
Get In Touch

    Copyright © 2024-2025 uqsconsultants