ISO 13485:2016 - Medical devices Quality Management Systems | ISO 13485 for Medical Devices QMS

ISO 13485:2016 - Medical devices — Quality management systems —Regulatory requirements

When a company decides to go for QMS (quality management system) and get a certificate in ISO 13485, there are millions of questions. There is a list of 12 steps that one needs to follow so that nothing is left behind while implementing it in the company. 

Introduction to ISO 13485 – 

• ISO 13485:2016 stipulates all the quality management system requirements required by an organization to show that it can provide medical devices and related services while following all the regulatory requirements.

• Organizations can handle more than one stage of medical device life like life cycle, design and development, manufacturing, storage and distribution, installation and servicing.

• Even medical device suppliers or external parties that handle products need to follow a quality management system.

• QMS applies to all organizations irrespective of the size and type of organization otherwise mentioned.

ISO 13485 revisions and main advancements – 

• All the standards are reviewed and revised if needed at a time interval of five years to keep up-to-date.

• ISO 13485:2016 medical device quality management system is up to date with the latest changes required in the Quality management system, including regulatory and technology requirements.

• The main focus of the updated version is risk management and decision-making based on risk, as well as changes in the supply chain due to changes in regulatory requirements.

Steps to obtain ISO 13485:2016 Certification –   There are fourteen an organization needs to follow to get the ISO 13485:2016 certificate.

Step 1: Managements support –

• An organization needs to have management support to get the ISO 13485:2016 certificate. The best way to onboard the management is to show them the benefits of the ISO 13485 certificate and how it will help them to get more business.

• Benefits of ISO 13483 – 

  Legally Compiled

  More Trusted Business Reputation 

  International Business Opportunities

  Ability to have more business 

  Better access to information 

  More customer satisfaction 

  Less Operating cost

  Controlled Risk management

Step 2: Review of documents and requirement study-

• Get a copy of ISO 13485:2016 and the supporting documents, and make sure the standard used is the latest.

• For this part, one needs to refer to the clauses given in the standard form, clause 4 to clause 8.

• These documents are crucial while outlining the implementation plan and will be reviewed by the auditor.

Step 3: Scope of ISO 13485:2016- 

• There is no need to apply QMS where quality is not a parameter to concern but don't narrow it down so that organization sees no benefit.

• Defining the scope will help to set the boundaries for the implementation in an organization. It will help in defining the quality policy and quality manual.

Step 4: Outline the Process and procedure- 

• ISO 13485 consists of many processes and procedures; thus, an organization must define their process and procedure to ensure consistent and satisfactory quality.

Step 5: Gap analysis-

• Gap analysis is the process of comparing an organization's existing process with that of the ISO 13485.

• It will help to understand the gap between the organization's existing processes and those that need to be established.

• The gap analysis will help make an informed decision on the implantation process.

• Gaps can be wider or smaller. Wider needs more sweeping changes as compared to minimal changes for small gaps.

Step 6: Implementation plan-

• Addressing the gaps is the crucial step in getting the QMS certificate.

• There is no need to document every process; only major processes that guarantee quality need to be documented.

• It will include designing quality manuals and policies, i.e., inspecting the existing process and making the necessary updates.

• Methods to create documents need to be covered.

Step 7: Training –

• All the employees who will be part of the implementation need to be trained in QMS to understand its working and how they can fit in.

• Communicate the effect of QMS implementation, their responsibilities and how it will benefit them.

Step 8: Plan continuation-

• Implement the plan as per the design, monitor it closely, and make the required changes.

• Document every change and make sure the related employee is informed.

Step 9: Internal audit and review –

• Before the third-party audit, an internal audit is conducted of each process to know if the plan's performance is as per planning or not.

• An internal audit checklist of medical device ISO 13485 needs to be prepared, which will help in the inspection, and make sure to file the findings carefully.

• Audits can be used as evidence that the processes are working suitably and meeting the essential requirements.

Step 10: Management review-

• During the management review, the QMS activities data is examined to ensure the process is effective and is improving the quality.

Step 11: Corrective action-

• Here the organization will look for the reasons and take corrective actions for the problems that came across during the internal audit and management review.

• Organizations can make changes before the third-party audits.

Step 12: Certificate body selection- 

• Choosing the right certificate body is a crucial step as it comes after implementing the changes after conducting of internal audit and management review.

• It will determine whether the organization is legally complied with ISO 13485 or not.

• Choosing the right auditor is necessary as this audit is conducted on-site, and thus right auditor will reduce the language or cultural barriers.

Step 13: Third-part audit-

• The auditor will review the documents and will verify whether all the requirements of medical device QMS have been implemented or not.

• An application containing information on the organization's background and details of implantation will be submitted.

• The assessment phase starts once the organization provides enough evidence that QMS has been operated for at least three months and the full cycle of internal audit and management review cycle has been followed.

• If there is any non-compliance, the auditor will describe it or is passed next assessment visit is scheduled.

Step 14: Surveillance audits-

• A partial surveillance audit will be conducted for the three-year cycle certificate, also called a maintenance audit.

• It mainly covers internal audits, management reviews, corrective action, and critical processes.

• It occurs once a year, and the cycle starts again after three years if the organization continues to maintain QMS certification.