ISO 13485 Updates - QCS International

part of the phsc group

April 2016 - Enhanced Auditor Skills for ISO 13485:2016

There are some changes to ISO 13485:2016 that internal auditors should be aware of. The new standard allows exclusion to the scope of international standard.

If any requirement in clause 6, 7 or 8 is not applicable due to the activities undertaken by the organisation or the nature of the medical device, the organisation does not need to include such a requirement in its QMS. For any clause that is determined to be non-applicable, a justification should be recorded. With the 2012 ISO 13485, only requirements in clause 7 could be deemed non applicable.

This might see changes in the extent of some quality systems and auditors could be asked to look for objective evidence to verify that the exclusions are justified.

For example, if you are a manufacturer of medical device software, an exclusion to the scope of the standard could be made against 6.4.2 Contamination Control (see below).

             "As appropriate, the organisation shall plan and document arrangements for the control of contaminated or potentially contaminated product in order to prevent contamination of the work environment, personnel, or product."

If you are the manufacturer of single use disposable medical instruments, auditors may be sceptical about exclusions to the above clause and look for evidence of any defective products being returned to the organisation for investigation, as these may be contaminated!

Other enhanced auditing skills in relation to the validation of the application of computer software to the QMS and the risk based approach that has to be taken to the control of appropriate QMS processes should be practised.

March 2016 - New Publication of ISO 13485:2016 Arrived

The 4th of March 2016 saw the publication of the much awaited updated Medical Device Quality Management System Standard, ISO 13485:2016. For those who had already examined the final draft of the standard, there were no surprises in the issued standard.

The only additions were a clarification that the definition of complaint is different from that of ISO 9001:2015 and a further clarification of types of medical devices using a nifty car analogy.

The next issue on the horizon is the proposed changes to the European Medical Devices Directive. The proposals mean that there will be a joint piece of legislation that covers both active and non-active medical devices and a separate directive that covers IVDs.

An interesting inclusion is the requirement for Manufacturers and Authorised Representatives to have a qualified person who possesses expert knowledge regarding the regulatory requirements for medical devices in the European Union. This person will be required to ensure that the

  • Conformity of the devices is appropriately assessed before a batch is released.
  • Technical documentation and declaration of conformity are drawn up and kept up-to-date.
  • Reporting obligations in accordance with Vigilance are met.
  • Statement relating to device safety & performance is issued for investigational devices.

On 19 June 2015, the Council announced that it had agreed the substance of its negotiating stance on both Regulations for medical devices and in vitro diagnostic medical devices.

March 2016 - Prepare For Changes to ISO 13485

A new feature of ISO 13485:2016 is the requirement to have a documented procedure for transfer of design and development outputs to manufacturing. This bridges the gap between what is seen to be an acceptable design in terms of safety and efficacy and a device that can be manufactured reproducibly.

The standard reflects the common practise of ‘line-trials’ where before a final design is transferred it must be able to meet requirements to allow efficient and effective manufacture.

It draws a clear line in the sand as to when the design and development work for a device is completed to allow an auditor to request completed design and development files (also referred to as a Design Dossier or Design History File). The outputs from design are required to be verified/validated before the design transfer process can start

Combined with new requirements relating to validation/verification records that must be kept, a more robust audit trail results from the changes allowing the auditor to inspect the level of control exerted over the design process by the manufacturer.

February 2016 - Next Version of ISO 13485:2016

ISO/FDIS 13485 introduced new requirements to manufacturers of the medical device.It has a strong focus on the national regulatory requirements and, as a result, clarified the need to be in compliance with these, not just the standard alone. There is an emphasis on review of the impact of changes to regulatory requirements to products and processes in clause 4.1.4. Furthermore, it implements a risk based approach to the processes adopted by organisations.

"A risk based approach to the control of the appropriate processes needed for the QMS" (4.1.2(b)).

As a result, it is a requirement that the manufacturer defines how the risk is managed and how the risks from one process can affect other aspects of the QMS. One way to cover this mandate is to perform risk analysis on all the inputs/outputs of the processes in the process flow diagram to examine the impact that they could have on the QMS. Also, a new requirement to validate software used in the QMS was introduced;

“The organization shall document procedures for the validation of the application of computer software used in the quality management system. Such software applications shall be validated prior to initial use and, as appropriate, after changes to such software or its application.’

The specific approach and activities associated with software validation and revalidation shall be proportionate to the risk associated with the use of the software. Records of such activities shall be maintained. (4.1.6)”

For example, the validation of Microsoft Excel for a specific function will require a protocol to be written to check that your requirement is matched by the output of excel. You may determine that you need an Excel spreadsheet to:

  1. Allow data to be entered manually within a set range
  2. Allow data of a specific format to be imported
  3. Perform Calculations on the data
  4. Produce a graph of the resultant data
  5. Only allow specified users to change the template

To show compliance, you could write a validation protocol addressing each of these points, perform the validation based on the protocol and produce a simple report. If you use a dedicated QMS software provided by an external supplier then it might be worth contacting them to ask the best way to validate their software.

September 2015 - ISO 13485 Under Review

As we progress through 2015, companies are becoming increasingly aware that they will need to implement significant operational and cultural changes (over the next 3 years) in order to demonstrate how they fully meet the requirements of the new ISO9001:2015 standard.

Many are also aware of the draft ISO13485-2:2015 that is going through its committee and industry reviews, with lots of comments already being gathered for consideration and possible updates to the new standard.

As ISO 9001:2015 has now become more process-based, business focused and aligned into the new Annex SL format (10 sections) for Management System Standards , early reading of ISO 13485:2015, is clear that updates are still reflecting the format used in the older ISO 9001:2008 (8 sections) and that the requirements inside ISO 13485 remain process-based and more device focused.

As we wait to see if ISO 13485:2015 stays in the 8 section format and not aligned to Annex SL (which is the intended format for any release of new Management System Standard), one thing is becoming clearer is that those organisation that have certification to both ISO 9001 and ISO 13485 will see an increase in the amount of time that organisations will have to host their certification bod. They will have to test each system separately in order to assure that each fully complies with the relative standard and those of UKAS or MHRA, especially for competency requirements for their auditors.

February 2015 - Next Version of ISO 13485 Delayed Until 2016

Due to the large number of comments received and the timeline to consider them, the committee decided to reconvene in early December 2014 to continue their work and as a result, the new version of ISO 13485 was delayed beyond its originally projected Q1 2015 publication.

The good news is that the delay gave companies time to better prepare for the transition to 13485:201X. The proposed changes were considerable, and included:

  • Management responsibility
  • Corrective Action Preventative Action (CAPA)
  • Software validation and use of Software for controlling the QMS
  • Supply chain and Outsourcing
  • Risk management
  • Post market activities
  • Process validation
  • Product lifecycle management
  • Annex Z to EN ISO 13485
  • Alignment with ISO 9001 (although ISO 9001 is changing in 2015)

The standard was made more applicable to the entire supply chain in the medical device industry. While the previous version was mainly tailored to device manufacturers, the DIS aims to be relevant to suppliers of components and services, as well. This way, everyone can work off the same standard. Exclusions are now allowed for sections 6 and 8, in addition to section 7, of the standard if they are not applicable to the activities undertaken by the organisation or to the nature of the medical device for which the quality management system is applied

May 2012 - BS EN ISO 13485:2012

BS EN ISO 13485:2012 has now been issued which will supersede the current version ISO 13485:2003. But you may be asking yourself why the change was so low key? The simple answer is that it is the European version that has been updated and other countries outside of Europe therefore still use ISO 13485:2003.

Why was the change made?

The change was made as a number of European countries objected to the inference that ISO 13485 inferred compliance to the Medical Device Directive. To solve this problem, annexes at the beginning of the new standard have now been expanded to link the clauses of ISO 13485 to the Medical Device Directive.

So how do the changes affect me?

Practically, they don’t really affect the standard. There are no new requirements, in fact there are no changes at all in the main text of the standard, and so Certification Bodies will just issue a new certificate once the standard is harmonised.

A non commercial version of ISO 13485:2012 is available so that you can preview the changes made.

TOP