One of the most prominent regulations within the medical device industry is ISO 13485, which specifies requirements for a quality management system to ensure compliance with appropriate standards. The regulation impacts companies involved in any stage of the medical device life-cycle, including design and development, production, storage and distribution, installation, and servicing. In the first quarter of 2016, the International Standards Organization finalized ISO 13485:2016, which represented the first revision to ISO 13485 since 2003.
Although the revision carries a 3-year transition period (implementation required by February 2019), there are significant differences as compared to the 2003 version, and therefore Quality and Regulatory professionals should not delay their assessment of the impact. Here is a high-level summary of 5 of the more noteworthy changes encompassed in ISO 13485:2016:
1. Risk-Based Approach:
The revised standard stipulates a much stronger emphasis on a risk-based approach throughout your entire quality management system. In fact, all processes comprising the quality management system, including those outsourced to third parties, now need to be developed utilizing a documented, risk-based methodology, which was previously not the case.
2. Documentation of Skills and Training:
The skills and experience levels of those individuals involved with your quality management system will now need to be specifically defined and documented. Further, there is an enhanced focus on ongoing training, as well as assessing the effectiveness of training methods, to ensure your team has the required knowledge and skill sets to maintain an effective quality management system.
3. Complaint handling:
While the 2003 standard addressed complaints to some extent, the new standard substantially enhanced the requirements in this area, including post-market surveillance. Specific complaint handling procedures must now be developed and documented, and the scope has been expanded to cover all types of complaints, rather than solely customer complaints. In addition, procedures must address the need to report complaints to the appropriate regulatory authorities and the implementation of appropriate corrective actions, as necessary.
4. Supplier Monitoring:
Evaluation of suppliers has always been covered under ISO 13485, but now that evaluation must go further. Continuous monitoring of your suppliers’ performance levels, along with the appropriate re-evaluations of such performance, must be conducted. These procedures are to include documented assessments of the impact and risk posed to your organization from an under-performing supplier.
5. Design and Development:
Unlike the 2003 standard, this latest revision provides specific details as to how an organization should control changes in design and development. Personnel must now assess the impact of these changes and maintain a file that documents such changes. Also, validation and verification requirements are now addressed under the new standard. Lastly, the new standard explicitly addresses the necessary criteria that must be followed when transferring a medical device from design and development to production.
With the substantial changes in technology and the overall regulatory landscape over the last decade or so, this latest revision to ISO 13485 was needed to keep up with the times. It brings about substantial benefits as it helps to ensure compliance with customer and regulatory requirements, it promotes enhanced product safety and effectiveness through continuous improvements, and it represents an accepted approach to quality management by regulators in the industry. Don’t wait to tackle this latest revision…the implementation will take some time. Get on it now so you don’t find yourself scrambling as 2019 is fast-approaching!