• (0)

    What is ISO 13485? Overview of the standard.

    ISO 13485 is the medical device industry’s most widely used international standard for quality management. Issued by the International Organization for Standardization (ISO), the ISO 13485 standard is an effective solution to meet the comprehensive requirements for a Quality Management System in the medical device industry.

    What is the purpose of ISO 13485?

    Adopting ISO 13485 provides a practical foundation for manufacturers to address the EU Medical Device Directive (MDD), the EU Medical Device Regulation (MDR), and other regulations, as well as demonstrating a commitment to the safety and quality of medical devices.

    Starting with management support and identifying the customer requirements for the QMS, you will need to start developing documentation including the Quality Policy, Quality Objectives, and Quality Manual. Together, these define the overall scope and implementation of the Quality Management System. Along with these, you will need to create the mandatory and additional processes and procedures necessary for your organization to properly create and deliver your product or service. For a good explanation on this, take a look at the article List of mandatory documents required by ISO 13485:2016.

    A survey of ISO 13485-certified companies shows that the number of companies that have implemented an ISO 13485 Quality Management System still shows a general positive trend worldwide (the drop in 2018 was mainly due to a different measurement methodology).

    What is ISO 13485? Easy-to-understand explanation.

    Data taken from 2018 ISO Survey

    What is the current version of ISO 13485?

    The latest revision of ISO 13485 for ISO medical devices is from March 2016. Among the additions to this update are included: a focus on risk, clarification of management responsibilities, clarification of training responsibilities, improvement to the facility requirements, better alignment of design and development requirements to many regulations, more emphasis on control of suppliers, requirements for traceability procedures, addition of complaint handling, and enhancement of product cleanliness requirements. See all the changes here: Infographic: What’s new in the 2016 revision of ISO 13485.

    The ISO 13485:2016 standard aligns with the previous version of ISO 9001, ISO 9001:2008. ISO 9001 is an internationally recognized standard for Quality Management Systems (QMS), which is published by ISO (the International Organization for Standardization). Its requirements are recognized around the world as an acceptable basis for implementing a QMS. Although the ISO 13485:2016 standard came out after the major update of ISO 9001:2015, the ISO 13485 standard does not align with this new revision of ISO 9001. Instead, it was determined that the most recent changes in ISO 9001:2015 were not necessary for medical devices.


    What are the requirements of ISO 13485?

    ISO 13485:2016 specifies requirements for a Quality Management System to produce ISO medical devices and related services that consistently meet customer and applicable regulatory requirements. Requirements of ISO 13485:2016 are applicable to organizations regardless of their size and regardless of their type, except where explicitly stated. Wherever requirements are specified as applying to medical devices, the requirements apply equally to associated services supplied by the organization.

    The ISO 13485 structure is split into eight sections, with the first three being introductory, and the last five containing the mandatory requirements for the Quality Management System. Here is what the five main sections are about:

    Clause 4 – Quality Management System (“Intersection”)

    Clause 4 targets two very specific aspects of a Quality Management System: General Requirements and Documentation Requirements.

    General Requirements. In evaluation of any ISO standard, there are a few systematic requirements that are the driving force for establishment and implementation of a Quality Management System. The requirements specific to ISO 13485 include the following:

    1. Adhere to the standard.
    2. Document what needs to be documented.
    3. Maintain what is required of you.
    4. Have written procedures in place and ensure the effectiveness of the system that you implement.
    5. Consider the risk factors in all activities.
    6. Introduce steps to minimize the risks identified and aim to not cause catastrophic events.
    7. Identify how things should be done to generate your medical device and stick to those processes.
    8. Determine ways to track your activities, correct any process failures or oversights, and generate records to show all the activities are being done.
    9. Determine the requirements that you are legally bound to, and follow them!
    10. Even when outsourcing work, ensure you maintain responsibility for that work.
    11. Any systems used in your manufacturing processes should be confirmed to ensure they work as intended and don’t negatively affect your processes.

    Documentation Requirements. Most quality systems require a key component, a Quality Manual. Beyond the Quality Manual, an organization should determine the promise that they will make to ensure an environment and culture that can be consistent with putting quality first in all activities. This commitment can be captured with a policy or objective statement. The standard includes very specific requirements for both procedures and records, each of which must be fulfilled:

    1. Medical device creation should be accompanied by a file that includes product specifics and guidance on intended use.
    2. Plan for controlling documents.
    3. Plan for controlling records.

    Clause 5 – Management Responsibility (“Highway”)

    Management must demonstrate their commitment by showing they can be held accountable for the operations within their organization. They have to ensure that their focus does not deter from the needs of the end user, and that all laws are followed in the manufacturing process. Management has an absolute responsibility to support the quality policy, confirm its alignment with the laws of the country of work, and communicate the mission to employees. They have a responsibility to plan, delegate authority, and communicate effectively. They are also responsible for a periodic review of operations and improvement within the organization, known as the Management Review.

    Clause 6 – Resource Management (“Roadway”)

    Top management has a responsibility to ensure that the Quality Management System is compliant with ISO 13485 and adheres to local regulatory requirements. As a requirement within ISO 13485, top management must ensure that adequate resources are available to perform the work promised by the organization. Providing resources can refer to personnel, infrastructure, consumables, equipment, succession planning, and risk aversion. This can be as specific as controlling the daily workflow to prevent contaminants or ensuring that operations are seamless in years to come with an awareness of looming retirements. This commitment from management, although it may seem minimal, is critical to the organization’s success in medical device manufacturing and is required according to Clause 6.

    Clause 7 – Product Realization (“Overpass”)

    An organization must plan for the journey from conceptualization to implementation. This can include developing a process for documenting how thoughts are initiated, concepts are verified, and products are designed and developed, as well as how to verify and validate to fulfill the requirements for ISO 13485, Clause 7. Communication is critical for the design and development of the device.

    The key is to follow the process from planning to inputs, outputs to review, onward to verification, followed by confirmation through validation. Transferring ideas, controlling the design, documenting any required changes, and retaining any and all files included in the process is critical in product realization. Defining and tracking supplies, retaining critical information associated with each product, and determining how to verify these products should be clearly documented within a procedure.

    Monitoring each part of the process involves ensuring cleanliness, monitoring installment, performing the necessary service, and fulfilling the requirements specific to medical devices. Effectively monitoring and maintaining equipment, as well as ensuring that identification requirements are met for the device itself, are also components of product realization. Lastly, monitoring the effectiveness of the product as it relates to traceability, managing customer property, and ensuring preservation of product will help achieve compliance with ISO 13485.

    Clause 8 – Measurement, Analysis and Improvement (“Bridge”)

    Now that your product has been manufactured and has been released for general use, you kind of have a responsibility to ensure that the people have what they want. So, how do you accomplish that? It’s simple: you seek feedback. According to Clause 8, development of a procedure for effectively monitoring and measuring product success must include:

    • handling complaints
    • reporting events to regulatory authorities
    • undergoing internal evaluations through auditing
    • continual process and product evaluation internally
    • identifying and controlling products that don’t meet the original design requirement (nonconforming product)
    • analyzing data generated and continually improving the process

    These sections are based on a Plan-Do-Check-Act cycle, which uses these elements to implement change within the processes of the organization in order to drive and maintain improvements within the processes. See also: ISO 13485 structure and requirements.

    To learn how to implement the ISO 13485 requirements and get certified, read this article: ISO 13485 certification

    What is the difference between ISO 13485 and EN ISO 13485?

    As stated above, ISO 13485 is an internationally recognized standard set of requirements issued by the International Organization for Standardization (ISO) to create a Quality Management System for those in the medical device industry. The ISO standard includes all of the requirements that are needed to create a QMS to demonstrate your ability to provide medical devices that consistently meet the requirements of customers and regulators.

    EN ISO 13485 is a parallel standard that is issued in the European Union for the purpose of creating a QMS in the medical device industry for use in the European Union. The requirements of these two standards are identical, and the entirety of the ISO 13485:2016 standard is included in the EN ISO 13485:2016 document. However, the European version of the standard (EN ISO 13485) also includes several invaluable tables that align the ISO 13485:2016 requirements to the three EU directives for medical devices (EU directive 90/385/EEC, EU directive 93/42/EEC, and EU directive 98/79/EC). This makes it easy to see how implementing the ISO 13485:2016 standard will help you to meet these particular EU directives.

    With the release of the European Union Medical Device Regulation (EU MDR) in May 2017, which supersedes these previous directives, it is expected that a new version of EN ISO 13485 will be released showing closer alignment with the EU MDR.

    ISO 13485:2016 vs 13485:2012

    The European standard, EN ISO 13485:2012 Medical Devices – Quality Management Systems – Requirements for Regulatory Purposes, has been published, after approval by CEN on January 24, 2012. This replaces EN ISO 13485: 2003, although the text of the global standard ISO 13485:2003 is unchanged, only the foreword and annexes in the European version have been revised. Therefore, there is no different requirements in ISO 13485:2012 compared to ISO 13485:2003.

    To identified new requirements of ISO 13485:2016 vs 13485:2003, at the end of the new ISO 13485:2016, in Annex A there is a table – Comparison of content between ISO 13485:2003 and ISO 13485:2016, where you can see all new requirements and differentiation between these two versions.

    To learn more, read this article: List of mandatory documents required by ISO 13485:2016 or download the free matrix ISO 13485:2016 vs. ISO 13485:2003.

    What is the difference between ISO 9001 and ISO 13485?

    Even though ISO 13485:2016 is a stand-alone standard, it is based on ISO 9001:2008, as mentioned above. So, while ISO 9001 is an internationally recognized standard for any organization in any industry, the ISO 13485 standard includes additional requirements that are specific for companies that manufacture ISO medical devices. Some additional requirements of ISO 13485 for ISO medical devices include:

    • Documentation requirements for medical device files,
    • Work environment requirements,
    • Contamination control requirements,
    • Production requirements for cleanliness of products,
    • Production requirements for sterile medical devices, and
    • Requirements for reporting to regulatory authorities.

    As can be seen, these additional requirements are applicable only to medical device manufacturers.

    ISO 9001 was updated in 2015, and the ISO 9001:2015 standard supersedes the ISO 9001:2008 standard. However, as the changes made to the ISO 9001 standard were not seen as appropriate for the medical device industry, the ISO 13485 standard was not updated to align with these new ISO 9001:2015 requirements and has remained to be based on the ISO 9001:2008 standard.

    The ISO 9001:2015 updates include several requirements for identifying the context of the organization, which were not added into the ISO 13485 standard, such as identification of internal and external issues as well as identifying interested parties and their needs and expectations.

    Is ISO 13485 mandatory?

    The short answer is no, ISO 13485 is not mandatory. You can create a QMS that suits your needs for your organization, so long as the processes of the QMS meet the legal and regulatory requirements for medical devices where you intend to manufacture and sell them. Even though ISO 13485 is not required for EU MDR compliance, the EU MDR regulation requires that you have a QMS in place, and the ISO 13485:2016 standard is the only QMS standard listed in the EU list of harmonized standards, so most companies will use the ISO 13485 requirements to implement their QMS. The reference to ISO 13485 on the EU list of harmonized standards indicates that the EU understands that, by implementing the ISO 13485 requirements, all of the EU MDR QMS requirements will be met. Learn more here: How can ISO 13485 help with MDR compliance?

    By using the ISO 13485 requirements to create your QMS, you can ensure that you have a world-class system for meeting the needs of customers and legislators for your medical devices. ISO 13485 provides you with more than the bare minimum to meet a legal requirement; it provides a whole system that is devoted to helping you make your quality processes better.

    To learn more about the requirements of ISO 13485, download this free white paper: Clause-by-clause explanation of ISO 13485:2016.