How to comply with ISO 13485:2016 requirements for handling complaints

Medical devices, implants, and surgical instruments are critical healthcare products in which consumers and practitioners look for high precision and accuracy. Therefore, during the production, sales, and other customer-related processes, complaints are a vital and integral part of this industry. Complaint management is an important part of customer relationship management and like every other quality standard, ISO 13485:2016 emphasizes strong controls over complaint handling.

ISO 13485 deals with medical devices, and as the severity of adverse effects of these devices is quite high, the standard emphasizes additional controls for complaint management.

What are complaints?

ISO 9001:2015 defines a complaint as an expression of dissatisfaction with a product or service, which is filed by a customer and received by an organization. On the other hand, ISO 13485:2016 specifies the scope of a complaint by defining it as a “written, electronic, or oral communication that alleges deficiencies” in the following aspects of a medical device:

  • Identity
  • Quality
  • Durability
  • Reliability
  • Usability
  • Safety or Performance

ISO 13485:2016 addresses complaint handling more clearly than ISO 9001:2015 – for example, involving complaints in risk management or identifying complaint-handling procedural requirements. ISO 13485 considers complaints to be one of the mandatory inputs in management review (in the scope of clause 5.6.2 (b)), unlike ISO 9001:2015. Moreover, clause 8.2.2 of ISO 13485:2016 defines the procedural requirements of complaint handling for medical device suppliers.


The procedure

The organization is mandated, according to ISO 13485:2016, to implement a complaint-handling procedure that addresses the following:

  1. Applicable Regulatory Requirements: The complaint-handling procedure should be compliant with applicable regulatory requirements. For example, the Food and Drug Administration (FDA) governs regulatory requirements in the United States, and its 21 CFR section 820 is a designated regulation for medical device manufacturers and suppliers.
  2. Receiving & Recording Information: A complaint is communicated by oral, written, or electronic means. The procedure should address how all received complaints are routed within the organization, recorded, and (all receiving information) saved in a complaint log or Complaint Management System (in the scope of an Enterprise Resource Planning (ERP) system).
  3. Complaint Evaluation: After receipt of a complaint, the information is evaluated to determine whether it is valid or not. If the complaint is declared to be non-valid due to substantial reasoning (for example, the defect resulted from mishandling of the device, misinterpretation of a particular issue as a defect, etc.), the customer is notified and no further proceedings are made. Justification records are maintained for non-valid complaints.
  4. Report to Regulatory Authorities: The procedure of complaint handling must identify routing of serious complaints to regulatory authorities. Serious complaints about medical devices are those which have an adverse impact on a patients’ health, surgical operation, etc., and have to be reported to regulatory authorities. The authority can stop sales of this product for the period of investigation and resolution. In some cases, a particular device should have to be recalled from the market. The complaint has to be resolved and closed by the regulatory authority. All records of reporting to the regulatory authority have to be maintained by the company itself.
  5. Complaint Investigation: Under complaint investigation, root cause analysis is performed. This is the most important part of complaint management, as it helps to identify the root cause. It is only through the identification of the root cause that subsequent actions can be identified.
  6. Handling of Complaint about Related Product: The complaint management procedure should also address the handling of customer-related products that are returned to the vendor or supplier organization. Are the returned instruments properly tagged and identified? Are returns reworked and shipped again? Or, are these returns discarded and replacements issued to the customer? The procedure of complaint handling should address all these queries so as to minimize the risk of returned product being mixed with inventory of production.
  7. Correction and Corrective Action: After analyzing the root cause, the vendor must correct damages to the customer to resolve the complaint. A correction can be accomplished by rework, or sometimes it is done by offering a replacement. Corrective action includes actions to address the root cause. Records for corrections and corrective actions must be maintained.
  8. Third-Party Involvement: Sometimes the complaint is a result of a third-party’s services in the manufacturing or delivery of a medical device – for example, shipping services or external forging vendor of the medical device. The complaint-handling procedure should address the mode of communication with external providers. The investigation findings that highlight their contribution or any corrective action on their part must be shared with proper documented records.
  9. Review of Servicing Records: Servicing records are details of activities taken under scheduled or breakdown maintenance. Servicing records must be assessed. If records identify any servicing issue as a complaint, then the whole complaint management process has to be initiated.
  10. Complaints & Product Quality Risk Management: ISO 13485:2016 has a requirement to assess the risk of product failure and its inability to meet quality requirements. Complaints must also play a part in increasing the risk of failure. Complaints should be used as an input to the product’s quality risk management cycle.

ISO 13485:2016 complaint handling – How to comply

Call for vigorous post-market complaint management

ISO 13485:2016 calls for a vigorous post-market complaint management system, which ensures no complaints are missed. Complaints must be handled in an efficient manner to exceed customer expectations. The new version of ISO 13485:2016 enhances the process approach of the prior version with risk analysis and controlling. For more information on what was changed, see: Infographic: What’s new in the 2016 revision of ISO 13485. Companies lacking a vigorous post-market complaint management system will have to institute processes analogous to those mandated with 21 CFR Section 820 in the U.S. to meet expectations about complaint handling.

Once implemented, ISO 13485 guarantees that no complaints will get lost or customer left to find a solution for himself. The benefits are – your company manages its product and processes, and your customers can depend on a competent partner. Who would wish for more …?

Download this free Checklist of Mandatory Documentation Required by ISO 13485:2016 to see the structure of documents necessary for ISO 13485:2016.