All about ISO 13485

What is ISO 13485?

ISO 13485 is a QMS standard that comes from the internationally recognized and accepted ISO 9000 quality management standard series. If you’re looking to establish a device’s effectiveness, then this might be the system for you.

The overall goal of the standard is to reduce the risk associated with medical devices and technologies. To accomplish this, ISO 13485:2016 outlines certain requirements that a company must meet.

Prevention oriented – This means that a device should be designed in such a way as to prevent faults from occurring whenever possible (i.e. as opposed to performing quality assurance after the fact).

ISO 13485

 What are ISO 13485:2016 requirements?

ISO 13485:2016 lays out the requirements for medical device manufacturers to consistently meet customer and regulatory needs. It requires device manufacturers to implement and adhere to a quality management system that offers the following elements:

  • Management responsibility
  • Documentation requirements (this is where the Risk Analysis comes into play)
  • Design controls
  • Process monitoring and control (measuring, testing, inspection, and fault prevention activities)
  • Supply chain management.

The latest version of ISO 13485, known as 2016, was released last year. If you’re not sure if your company is in compliance with the latest ISO 13485 standards, then talk to one of our experts at HQR so that we can help ensure that your system is up-to-date.

How does ISO 13485 relate to Risk Management?

Quality management systems are made up of a series of interrelated and overlapping elements. One such element is risk management. Risk analyses can help determine if the products a company has on the market pose any safety hazards to consumers. It’s important that medical device manufacturers understand these risks and have a system in place that decreases the likelihood of harm occurring as much as possible.

Who is ISO 13485 for?

ISO 13485 can be used by organizations involved In the design, production, installation, and servicing of medical devices and related services. It can also be used by other parties, such as certification bodies, for auditing processes.

What is a Medical Device?

As per iso.org, A medical device is a product, such as an instrument, machine, implant, or in vitro reagent that is intended for use in the diagnosis of diseases.

Coverage of legal requirements in ISO 13485

The ISO 13485 Medical Devices standard is voluntary, but many governments around the world including in the UK, make it a legal requirement to comply with the MDD.

The US FDA has also said that ISO 13485 is the “minimum standard for a quality management system.”

ISO 13485 implementation covers the guidance of:

  • International Medical Device Regulators Forum (IMDRF) including those documents maintained from the disbanded Global Harmonization Task Force (GHTF);
  • International Organization for Standardization (ISO);
  • European Committees for Standardization (CEN and CENELEC);
  • National regulatory bodies.

Companies must check with their regulatory body to see if the standard is a legal requirement in their respective country.

How to use ISO 13485?

It’s important for medical device manufacturers to understand the process flow and have an idea of which areas might require improvement or need extra attention. Some of the best ways to do this are:

  1. Evaluate current operations
  2. Review ISO 13485 requirements
  3. Look at gaps between the two. Risk Analysis is a process that can help identify improvement opportunities and potential risks in your quality management system.

Relationship between ISO 13485 and ISO 14971:

ISO 13485 is a standard for medical devices that deals with both regulations and customer requirements. It also looks to ISO 14971 for more detailed guidelines on risk management.

How Risk Analysis is done?

An organization can use ISO 14971 guidelines and/or other risk management methods to conduct a risk analysis. The first step is to understand the risks associated with your company’s products, and then determine what the best course of action would be to ensure that consumers are protected against harm.

The main goal of quality management systems is to reduce the occurrence of errors that may cause harm or injury. Thus, it’s important to understand how these are likely to occur and in what methods they can be avoided or minimized.

The entire ISO 13485 risk analysis process consists of four steps:

  1. Risk identification
  2. Risk assessment
  3. Risk evaluation and consideration
  4. Risk control.

Risk Identification

The process of risk identification includes identifying risks related to manufacturing, design and testing, operations management, service delivery, the supply chain/distribution of products in question, product maintenance or cleaning, and repair activities. Other areas that should be considered include storage facilities and shipping (when applicable), the development process including specifications and design changes. Some of the risk factors that should be considered include:

Human factors – these are internal to the manufacturing organization, such as errors in judgment from personnel and individual training. This also includes ergonomic issues, fatigue, or poor mental health that can affect overall safety standards at a company.

Procedure and policy failures – this is another internal risk factor that should be considered. When making changes to a company’s procedures or policies, it is important to ensure that this process is done properly, without introducing new risks for consumers.

Technical failures – a technical failure may include using inferior materials in the manufacturing process and these can lead to product defects or even recalls at later stages of production. It’s important to identify these risks early on in the process and take steps to avoid them. Supply chain concerns – it is also important to take a look at potential problems or issues with third-party suppliers for raw materials, sub-assembly components, or other parts used in the manufacturing process

External factors come into play when dealing with product recall situations. This makes it important for medical device manufacturers to identify potential risks in the supply chain and during the shipping of products.

External factors can also include hazards that might not be related to a specific person or company but affect quality management activities. These could include:

Market risks – including market changes, new competitors or private concerns, which pose threats to businesses that need to be addressed and managed

Uncertainties about future demand – political changes or economic slowdowns can have a detrimental effect on the marketing of a product. Other factors related to demand include pricing, etc.

Incomplete data – insufficient data, inaccurate data, bad measurement practices or flawed results can lead to complications in manufacturing and quality management in general.

Risk Assessment

The risk assessment is an important part of the whole process. This involves identifying risks associated with different aspects of a company’s operations, products, and services, as well as external factors that can affect quality management practices. The risk assessment will help organizations identify threats, determine the likelihood of occurrence and estimate potential impact if they were to occur. The next step is to evaluate the risks and arrive at a plan for risk control.

Risk evaluation and consideration

Once all internal and external factors have been evaluated, it’s important to prioritize them in order of severity. This will help identify the most likely threats and address them first. The goal is to eliminate or reduce risks as much as possible while adhering to the organization’s standards.

When prioritizing the risks, it’s important to consider both the likelihood of occurrence and severity during an incident. There might be certain risk factors that are likely to occur but would have a low impact on the organization if they were to happen. Less severe risks can also be identified, such as data security breaches and contamination events. When ranking the most likely risks, it’s recommended to use a medium-term and long-term view for planning purposes.

Risk Control

A risk control plan should be put in place to identify what steps need to be taken in order to reduce or eliminate certain risks. By developing a clear process for handling different types of incidents, organizations can better prepare themselves for managing risks associated with quality management activities. Some of these actions include:

The primary goal here is to prevent an incident. This can be done by improving the accuracy and reliability of data, as well as establishing clear guidelines for employees on how to handle specific risks related to product recall situations. It’s important to identify all aspects that could lead to faulty or incorrect data and measure them constantly.

What is an ISO 13485 Quality Management System?

A quality management system conforming to ISO 13485 requirements is a documented set of interrelated processes, including any forms or templates, that establish, implement and maintain provisions outlined in the standard’s requirement with the aim of meeting customer and applicable regulatory requirements for businesses operating in the medical device sector.

These processes and their interactions are also subject to improvement as directed by top management to achieve quality objectives. If your QMS already exists and is based on one of the older editions, it will need to be updated to ISO 13485.

Annex A

Annex A gives a detailed overview of the changes in the 2003 and 2016 editions. This includes recommended readings for developing transition plans. However, in order to make sure that you have fully complied with all requirements, it’s important that you not just read through Annex A, but make sure you take into account all clauses mentioned instead of only reading what’s called

Annex B

Furthermore, ISO 13485 has a correlation with ISO 9001. This means your own organization can benefit the most if it holds dual certifications in both of those, which are similar to one another because you wish to continue holding dual certification.

Conclusion

While there are some differences between ISO 9001 and ISO 13485, they largely have a lot in common. Both of these standards require you to implement a risk-based QMS that meets regulatory requirements for quality management systems for medical devices. The two overlap with regard to implementation strategy and managerial responsibilities. However, it’s important to make sure you keep track of the differences between ISO 9001 and ISO 13485 as well.

Contact IAS today to learn more about ISO 13485, or visit our ISO 13485 frequently asked questions page!