In addition to meeting rigorous safety requirements, medical device manufacturers must also comply with strict quality standards. That is why a compliant Quality Management System (QMS) is fundamental to any Life Sciences company operating in the tightly regulated healthcare space.
QMS compliance on the organizational level is controlled by the International Organization for Standardization (ISO), which has issued the most common QMS compliance standards ISO 13485 and ISO 9001.
Why is ISO 13485 so important?
ISO 13485 enables organizations - particularly medical device manufacturers - to integrate their QMS with medical device industry regulations. This international standard prepares manufacturers to address the requirements under the EU Medical Device Directive (MDD), the EU Medical Device Regulation (MDR), and other specific product-related regulations.
Compliance with ISO 13485 demonstrates an organization’s commitment to maintaining high quality and safety standards of medical devices, which consistently meet customer and regulatory requirements.
What’s the difference between
ISO 9001 and ISO 13485?
In short, the main difference lies in the scope of these two standards.
On the one hand, ISO 9001 is the international standard for QMS in all industries. Organizations use this standard to demonstrate their capability to produce products and services that consistently meet customer and regulatory requirements and maintain a continuous improvement process. The current version of ISO 9001:2015 was published in 2015 (hence the suffix 2015).
On the other hand, ISO 13485 is the standard for QMS in the medical device industry. The current version is ISO 13485:2016. Both standards serve almost the same purpose, but ISO 13485 is more refined, with additional requirements. In other words, ISO 13485 is built upon ISO 9001, with extra conditions. The additional requirements of ISO 13485 for medical devices include:
- Documentation requirements for medical device files
- Work environment requirements
- Contamination control requirements
- Production requirements for:
- Cleanliness of products
- Installation activities
- Servicing activities
- Sterile medical devices
- Validation of sterilization and sterile barrier system processes
- Requirements for reporting to regulatory authorities
Medical device companies only need to concern themselves with ISO 13485:2016 when manufacturing and distributing medical devices, not ISO 9001.
Why is ISO 13485:2016 based on an older version of ISO 9001?
Although the last revision of ISO 9001 was published in 2015 and supersedes the previous 2008 version, ISO 13485 is still based on ISO 9001:2008. The ISO 9001:2015 update included many new requirements, such as identifying the organization’s context, the upper management’s leadership, managing resources, and focusing on performance evaluation and process improvements. However, as the changes were irrelevant to the medical device industry, the ISO 13485 standard was not updated in alignment with these new ISO 9001:2015 requirements. It, therefore, remains based on the ISO 9001:2008 standard.
Key requirements of ISO 13485
The requirements of ISO 13485 apply to organizations no matter their size or type, except where explicitly stated. Wherever requirements are specified as medical devices, the requirements apply equally to associated services supplied by the organization.
The ISO 13485 structure is outlined in eight clauses. The first three are introductory (scope, normative references, and terms and definitions of the standard), and the last five clauses contain the mandatory requirements of a QMS. In the later sections, requirements are based on a Plan-Do-Check-Act (PDCA) cycle to drive process improvements.
The Eight Clauses of ISO 13485
The scope describes the standard’s purpose and use. If any requirements permit exclusions, the organization can state these requirements with a justification for their exclusion. For clause(s) that are decided to be not applicable, the organization records the justification by using this standard.
2. Normative References
This explains documents that are normatively referenced throughout the standard.
3. Terms and Definitions
These contain descriptions of the terminology used throughout the standard.
4. Quality Management System
This clause highlights the general medical device QMS requirements, the documentation requirements to meet the standard, and the requirements for the quality manual and medical device file.
5. Management Responsibility
This clause requires management to be involved in finance and policy decisions. It ensures that the quality policy, objectives, support, company-wide understanding, overview of the QMS, and delegation of resources are under the direct responsibility of company leadership. Management’s commitment should contain the following:
- Communicating the importance of meeting customers’ and regulatory requirements
- Setting a quality policy
- Ensuring quality objectives are established
- Involving management review meetings
- Providing resources as needed
6. Resource Management
Management should ensure and provide adequate resources, including personnel, buildings, workspace, and process equipment (hardware and software), services (transportation, communication, and IT). In addition, the QMS must include processes that ensure maintenance, monitoring, and control activities are performed as required. The work environment should be monitored and controlled regularly for cleaning, gowning, and contamination.
7. Product Realization
This requires everything needed to realize the product, from planning (design and development) to manufacturing, implementation, and support of medical devices. Product design and development, their controls, and the criteria for risk management (assessment, analysis, and reduction) are laid out in this clause. Furthermore, the following requirements are defined here:
- Purchasing process
- Production and service requirements
- Control of monitoring and measuring equipment
8. Measurement, Analysis, and Improvement
The final clause offers instructions on how to incorporate feedback and other related information that will enable management to maintain the effectiveness of the QMS, including:
- Customer complaints and the handling of adverse events
- Internal audits
- Notifying regulatory authorities
- Monitoring and measuring:
- Products, including non-conformities
- Improvements and CAPAs
- Data analytics
- Control of nonconforming products:
- Actions for when the nonconforming product is detected before or after delivery
Spotlight on Medical Device QMS Requirements to Meet ISO 13485
For those of you who wish to drill down into Clause 4 of ISO 13485:2016 and discover the exact requirements that a medical device QMS must meet, the following lists will be a joy to read. However, If that’s too much detail, skip right ahead!
Keep in mind that Scilife helps you meet all requirements for ISO 13485 through intuitive and compliant Document Control and KPIs. That means 95% of the validation process is taken care of by Scilife, with all documented evidence being made available to you.
ISO 13485:2016 - QMS General Requirements
- Document a QMS and maintain its effectiveness.
- Establish, implement, and maintain any requirement, procedure, activity, or arrangement that has to be documented.
- Determine the processes needed for the QMS and the application of these processes throughout the organization, taking into account the organization’s roles.
- Apply a risk-based approach to control the appropriate processes required for the QMS.
- Determine the sequence and interaction of these processes.
- Determine the criteria and methods needed to ensure that these processes’ operation and control are effective.
- Ensure the availability of resources and information which are needed to support the operation and monitoring of these processes.
- Implement actions that are necessary to achieve planned results and maintain the effectiveness of these processes.
- Monitor, measure, and analyze these processes.
- Establish and maintain records to demonstrate conformance.
- Any changes to be made to a process should be evaluated for their impact on the QMS.
- Any changes to be made to a process should be evaluated for their impact on the medical devices produced under this QMS.
- Any changes made to a process should be controlled by the requirements of the standard and applicable regulations.
- The specific approach and activities associated with software validation and revalidation need to be proportionate to the risk associated with the use of the software.
- When the organization chooses to outsource any process that affects product conformity to requirements, it must monitor and ensure control over such processes. The organization must retain the responsibility of conformity to this standard and customer and applicable regulatory requirements for outsourced operations. The management of those operations need to be proportionate to the risk involved and the external party’s ability to meet the requirements, and those controls should be stated in quality agreements.
- The organization must document procedures for the validation of the application of software used in the QMS. Such software applications must be validated before initial use and, as appropriate, after changes to the software or its application. The specific approach and activities associated with software validation and revalidation are required to be proportional to the risks associated with the use of the software.
ISO 13485:2016 - QMS Documentation Requirements
An established QMS documentation should include the following:
- Documented statements of a quality policy and quality objectives
- A quality manual
- Documented procedures and records of each process (and its subprocesses)
- Documents, including records, are determined by the organization to be necessary to ensure the effective planning, operation, and control of its processes
- Other documentation is specified by applicable regulatory requirements and other necessary product-related regulations
ISO 13485:2016- QMS Quality Manual Requirements
The ISO 13485:2016 standard requires the organization to document a quality manual. This manual is expected to summarize the structure of the documentation used within the QMS. It should include the following aspects:
- The scope of the QMS, including details and justification(s) for any exclusion or non-application
- The documented procedures for the QMS and their references
- A description of the interaction between the processes of the QMS
ISO 13485:2016 - QMS Medical File Requirements
For each medical device type or family, the standard requires the organization to establish and maintain one or more medical files containing or referencing documents generated to indicate conformity to this standard and compliance with applicable regulatory requirements.
The content of the file(s) is expected to include at minimum:
- A general description of the medical device, its intended use/purpose, and labeling, including any instructions for use
- Product specifications
- Specifications or procedures for manufacturing, packaging, storage, handling, and distribution
- Procedures for measuring and monitoring
- Procedures for servicing (if applicable)
- Requirements for installation (if applicable)
Scilife Helps You Meet ISO 13485 and ISO 9001
Although medical device manufacturers only need to worry about meeting ISO 13485, Scilife makes it possible to have a QMS that is efficient enough to become fully compliant with both standards. Scilife is a platform that is tailored to address your exact medical device regulatory requirements. To discover what Scilife can do for your organization, get in touch with our experts who would be happy to show you around. Whether you are operating in the medical device space or any other Life Sciences industry, Scilife can help you elevate your Quality culture to new levels.