ISO 13485:2016 is the internationally recognised standard that specifies requirements for a medical device quality management system. It requires companies to develop documented systems that ensure the highest levels of safety, consistency and traceability from design and development to manufacturing and post-market surveillance.
ISO 13485:2106 comprises 8 clauses:
1. Scope.
2. Normative References.
3. Terms and Definitions.
4. Quality Management System.
5. Management responsibility.
6. Resource management.
7. Product realisation.
8. Measurement, analysis and improvement.
Of these, clauses 4 - 8 cover the major, mandatory requirements of the standard.
At the core of ISO 13485 is the requirement to build a documented QMS (Quality Management System).
This section specifies the essential mechanics of a QMS. It defines how it should support your business as it works in cycles of PDCA (Plan, Do, Check and Act) to drive a process of continual quality assurance.
It also introduces the concept of risk-based thinking that should inform the way you approach quality management in your organisation.
Clause 4 goes on to define how your QMS should control documents and records to create products that exactly match specifications and regulatory demands - while generating the required evidence of compliance for auditors and regulators.
This section also specifies the production of two key pieces of documentation:
Your quality manual describes the scope of your QMS and the hierarchy of documentation in your system. The manual defines how all your QMS procedures should work together to generate the documents and records that can prove your products have been specified, designed and manufactured according to requirements and regulations. It demonstrates how quality cascades downwards through your system:
The standard defines the content requirements for the medical device file (aka the Device Master Record in the FDA QSR). The file shall include:
Top management's role is critical in the effectiveness of the QMS:
The standard emphasises the need for adequate resources, which include:
This involves the entire process of bringing a medical device from concept to delivery:
Continuous improvement is a cornerstone of ISO 13485:
Monitoring and Measurement: Regularly monitoring and measuring critical aspects of the QMS and product to ensure conformity to product requirements and QMS effectiveness. This includes feedback mechanisms, internal audits, and monitoring of production and service processes.
Analysis of Data: Analysing data gathered from monitoring activities to identify trends, opportunities for improvement, and the need for corrective or preventive actions.
Improvement: Implementing actions to improve processes based on data analysis and outcomes of audits and reviews. This includes corrective actions to address nonconformities and preventive actions to eliminate potential non-conformities.
Quite apart from ensuring the quality and safety of your end products, gaining ISO 13485 is often a prerequisite for gaining regulatory approval. For example, you’ll likely need ISO 13485 to be granted a CE marking by a Notifying Body in the EU.
In the same way, the harmonisation of FDA 21 CFR Part 820 and ISO 13485 will soon make the standard the required stepping stone for every developer in the US, the world’s largest medical device market.
The modern medical device development process can be fraught with complexity. In the new era of IoT, implantables, SaMD (software as medical device) and generative AI, developers are generating huge amounts of design, testing and safety documentation within complex, multi-team sprints.
Companies need to digitise and automate their processes to manage all this documented information to meet the demands of ISO 13485 for control and traceability.
Automation ensures that all documents are easily accessible, up-to-date, and controlled according to ISO 13485 requirements. It eliminates the risks of lost or outdated documents, facilitating better management of document lifecycles.
An automated QMS enhances the traceability of products throughout their lifecycle, a key requirement of ISO 13485. It enables accurate tracking of design changes, manufacturing processes, and distribution paths.
Automating compliance-related tasks, like CAPA (Corrective and Preventive Actions) and audits, ensures that these critical processes are conducted in a timely and effective manner, aligning with ISO 13485 standards.
Automation standardises processes across the organisation, reducing variability and ensuring consistent adherence to quality procedures, crucial for ISO 13485 compliance.
Automated workflows reduce manual tasks, freeing up valuable resources and time that can be redirected towards innovation and improvement, thus speeding up the certification process.
With an automated QMS, monitoring and measuring quality metrics become more straightforward, allowing for real-time quality management and improvements aligned with ISO 13485 requirements.
Automation provides tools for more effective risk management, a cornerstone of ISO 13485. It enables a systematic approach to identifying, evaluating, and mitigating risks associated with medical device manufacturing.
An automated QMS keeps all necessary documentation and records audit-ready, simplifying the audit process required for ISO 13485 certification and ensuring that any required information is easily retrievable.
As your company grows, an automated QMS can quickly scale to accommodate new products, processes, or regulatory requirements, ensuring continuous compliance with ISO 13485 as your business evolves.
But most medical device developers will understand all this. If you are currently using a paper-based QMS or coping with a DIY digital approach, you will be acutely aware of how difficult it is to prepare such a system for auditing by a notified body.
Yet the complexity of many proprietary eQMS systems may put you off taking the leap.
The real challenge may be migrating to a closed-looped eQMS system - without creating huge amounts of work and bringing extra disruption to your operations.
You need the formal digital tools to meet the control and traceability requirements of ISO 13485 without changing the ‘way you do things’ just to meet the demands of a piece of QMS software.
In fact, auditors and regulators are keen on seeing Quality Management Systems that do not impose unnecessary processes because it inflates the risk of the system becoming too unwieldy to use effectively. The risk of ‘overprocessing’ can be as dangerous as a lack of control.
The quest for a Lean eQMS should be a search for a system that integrates ISO 13485 compliance seamlessly into your business operations.
As you consider how to ready your business to gain ISO 13485, look for a partner and a set of digital tools that you can adopt and adapt to fit the way you work. You need a system that can act as a robust digital framework for compliance without taking months to implement or stopping your development in its tracks.