CALL US 1-888-553-2256
CountryCountry

What is ISO 13485?

“What is ISO 13485?” Are you looking for a simple answer to this question?

Well, you’re not alone. This overview guide can help you to learn why ISO 13485 creates benefits across your organization, discover what the ISO 13485 requirements are, and learn the practical steps you need to take to get certified.

Your simple introduction to the basics of ISO 13485

One of the medical device industry’s most widely used international standards for quality management, ISO 13485, is evolving with the publication of a new version of the standard by the International Organization for Standardization (ISO).

The ISO 13485 standard is an effective solution to meet the comprehensive requirements for a QMS. Adopting ISO 13485 provides a practical foundation for manufacturers to address the Medical Device Directives, regulations, and responsibilities as well as demonstrating a commitment to the safety and quality of medical devices.

A survey of ISO 13485 certification at the end of 2015 shows that despite the global recession, the number of companies that have implemented an ISO 13485 Quality Management System still shows a general positive trend worldwide.

Data taken from 2015 ISO Survey

What is a Quality Management System?

The Quality Management System, which is often referred to as a QMS, is a collection of policies, processes, documented procedures, and records. This collection of documentation defines the set of internal rules that will govern how your company creates and delivers your product or service to your customers. The QMS must be tailored to the needs of your company and to the product or service you provide, but the ISO 13485 standard provides a set of guidelines to help make sure that you do not miss any crucial elements that a QMS needs to be successful.

Getting to the heart of why ISO 13485 is important

ISO 13485:2016 specifies requirements for a Quality Management System where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements. Such organizations can be involved in one or more stages of the lifecycle, including design and development, production, storage and distribution, installation, or servicing of a medical device; or design and development or provision of associated activities (e.g., technical support). ISO 13485:2016 can also be used by suppliers or external parties that provide product, including Quality Management System-related services to such organizations.

Requirements of ISO 13485:2016 are applicable to organizations regardless of their size and regardless of their type, except where explicitly stated. Wherever requirements are specified as applying to medical devices, the requirements apply equally to associated services as supplied by the organization.

Because you are auditing your processes, as well as having a certification body audit them, your customers themselves do not need to audit your company. It is because of this that ISO 13485 has become a necessity for many companies to compete in the market.

What does ISO 13485 actually look like?

The ISO 13485 structure is split into eight sections, because it is aligned with ISO 9001:2008. The first three are introductory, with the last five containing the requirements for the Quality Management System. Here is what the five main sections are about:

Section 4: Quality Management System – This section talks about general QMS requirements, as well as the documentation requirements of the standard. It includes the requirements for the Quality Manual, Control of Documents, and Control of Records, all of which are required documents in the QMS.

Section 5: Management Responsibility – The management responsibility requirements cover the need for top management to be instrumental in the implementation and maintenance of the QMS. Along with planning for the QMS, there is a need for top management to be involved in the ongoing review of the system to ensure customer satisfaction and improvement.

Section 6: Resource Management – The section on management of resources is short, but covers the necessity to control all resources, including human resources, buildings, and infrastructure and the working environment.

Section 7: Product Realization
– The product requirements deal with all aspects of the planning and creation of the product or service. This section includes requirements on planning, product requirements review, design, purchasing, creating the product or service, and controlling the equipment used to monitor and measure the product or service. ISO 9001 allows for requirements in the section to be excluded if they are not applicable to the company (such as a company that does not design products or services).

Section 8: Measurement, Analysis and Improvement – This last section includes the requirements needed to make sure that you can monitor whether your QMS is functioning well. It includes assessing customer satisfaction, internal audits, monitoring products and processes, dealing with non-conforming product, and corrective and preventive actions.

These sections are based on a Plan-Do-Check-Act cycle, which uses these elements to implement change within the processes of the organization in order to drive and maintain improvements within the processes.

Why is ISO 13485 a good idea for your organization?

The benefits of ISO 13485 cannot be overstated; companies large and small have used this standard to great effect, discovering and securing tremendous cost and efficiency savings. Here are just a few of these benefits:

Improve your image and credibility – When customers see that you are certified by a recognized certification body, they will understand that you have implemented a system that is focused on meeting customer requirements and improvement. This improves their trust that you will deliver what you have promised.

Improve customer satisfaction – One of the key principles of the ISO 13485 QMS is the focus on improving customer satisfaction by identifying and meeting customer requirements and needs. By improving satisfaction, you improve repeat customer business.

Fully integrated processes – By using the process approach of ISO 13485, you not only look at the individual processes in your organization, but also at the interactions of those processes. By doing this, you can more easily find areas for improvement and resource savings within your organization.

Use evidence-based decision making – Ensuring that you are making decisions based on good evidence is a key to the success of an ISO 13485 QMS. By ensuring that your decisions are based on good evidence, you can better target resources to the best effect to correct problems and improve your organizational efficiency and effectiveness.

Create a culture of continual improvement – With continual improvement as the main output of the QMS, you can attain ever-increasing gains in savings of time, money, and other resources. By making this the culture of your company, you can focus your workforce on improving the processes they are directly responsible for.

Engage your people – Who better than the people working within a process to help find the best solutions for improving that process? By focusing your workforce on not only managing, but also improving the processes, they will be more engaged in the outcome of the organization.

What are the practical steps to becoming ISO 13485 certified?

What is ISO 13485 certification? There are two types of certification: certification of a company’s Quality Management System against the ISO 13485 requirements, and certification of individuals to be able to audit against the ISO 13485 requirements. This section discusses the necessary steps for a company to implement an ISO 13485 Quality Management System and have it certified.

ISO 13485 certification for your company involves implementing a QMS based on the ISO 13485 requirements, and then hiring a recognized certification body to audit and approve your QMS as meeting the requirements of the ISO 13485 standard.

Starting with management support and identifying the customer requirements for the QMS, you will need to start with defining your quality policy, quality objectives, and quality manual, which together define the overall scope and implementation of the Quality Management System. Along with these, you will need to create the mandatory and additional processes and procedures necessary for your organization to properly create and deliver your product or service. For a good explanation on this, take a look at the article List of mandatory documents required by ISO 13485:2016

This creation of documents can be done internally by your company, or you can get help through hiring a consultant or purchasing standard documentation. To see samples of documentation, visit this free downloads page.

Once all of the processes and procedures are in place, you will need to operate the QMS for a period of time. By doing this, you will be able to collect the records necessary to go to the next steps: to audit and review your system and get certified.

Mandatory steps to finish implementation and get your company certified

After finishing all your documentation and implementing it, your organization also needs to perform these steps to ensure a successful certification:

Internal audit – The internal audit is in place for you to check your QMS processes. The goal is to ensure that records are in place to confirm compliance of the processes and to find problems and weaknesses that would otherwise stay hidden.

Management review – A formal review by your management to evaluate the relevant facts about the management system processes in order to make appropriate decisions and assign resources.

Corrective actions – Following the internal audit and management review, you need to correct the root cause of any identified problems and document how they were resolved.

The company certification process is divided into two stages:

Stage One (documentation review) – The auditors from your chosen certification body will check to ensure your documentation meets the requirements of ISO 13485.

Stage Two (main audit) – Here, the certification body auditors will check whether your actual activities are compliant with both ISO 13485 and your own documentation by reviewing documents, records, and company practices.

What ISO 13485 training and certification is available if you’re an individual?

Training in the concepts of ISO 13485 is available, and there are a range of course options for individuals to choose from. Only the first of these can lead to certification for the individual to be able to audit for a certification body, but the others are very useful for those who will be using these skills within their own company:

ISO 13485 Lead Auditor Course – This is a four- to five-day training course focused on understanding the ISO 13485 QMS standard and being able to use it for auditing management systems against these requirements. The course includes a test at the end to verify knowledge and competence, and it is only with an accredited course that an individual can become approved to audit for a certification body.

ISO 13485 Internal Auditor Course – This is commonly a two- or three-day course that is based on the lead auditor course above, but does not include the test for competence, so this is most useful for someone beginning to do internal audits within a company.

ISO 13485 Awareness and Implementation Course – Several courses are offered that provide knowledge of ISO 13485 and how to implement it. These can be one- or two-day courses, and can even include online e-learning sessions as a method of teaching the material. These courses are good for those who need an overview of the ISO 13485 standard, or those who will be involved in the implementation within a company, and many are more economical than investing in the lead auditor course for those involved at this level.

There are a number of accredited training organizations around the world where you can gain individual qualifications in ISO 13485.

strahinja-iso-expert

Strahinja Stojanovic
Lead ISO 13485 expert

Have any question about any step?

Talk with our consultants for free

SCHEDULE FREE CONSULTATION

Free ISO 13485:2003 vs 2016 Conversion Tool for Clauses

This free tool will help you to convert ISO 13485:2003 clauses to the new ISO 13485:2016 clauses. Start your transition project right away, without an expensive consultant.

SEE HOW IT WORKS

OUR CLIENTS

OUR PARTNERS

  • Advisera is Exemplar Global Certified TPECS Provider for the IS, QM, EM, TL and AU Competency Units.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.