ISO 13485 has undergone its first major overhaul of manufacturing system requirements since 2003. Over the next three years, both the previous requirements and 2016 requirement will co-exist, enabling medical device manufacturers time to plan and implement the required changes. Accordingly, it is critical for companies to begin transitioning to ISO 13485:2016 certification as soon as possible, if not in the process already.
Start with an ISO 13485:2016 Certification Readiness Review
Start the process by initiating a corporate readiness review to identify the gaps in the corporate quality management system. Be sure to review key areas including:
- Management responsibility and reviews including scheduled intervals and increased focus on regulatory compliance
- Training effectiveness management including monitoring, evaluation of competence and awareness employing a risk-based approach
- Looking at a risk-based approach to product storage, handling, distribution, and traceability
- Processes for communicating with stakeholders and regulatory authorities
- Customer feedback and complaint handling with built-in risk management
- Track and manage supplier quality for purchased goods, sub-assembly, and services
- Non-conformance management and linkages into rework and regulatory requirements
Incorporating a Risk-Based Methodology
The revised ISO 13485 standard places a greater emphasis on employing a risk-based approach throughout the quality management system. For example, a risk-based approach is required for many quality management activities. These include but are not limited to outsourced processes, purchased materials, software validation, training management, and non-conforming product.
Transitioning to the updated standards can be a daunting and time-consuming process. However, automated quality management systems that are designed specifically for the life sciences and medical device industries have built-in capabilities that can help facilitate the process. These capabilities include:
- Built-in risk scoring algorithms used to assess the likelihood and severity of identified problems and proposed activities
- Live trend reporting and alert tools to identify high-risk events and drive mitigation
- Automated process workflow and approval routing functionality to ensure risk assessments are performed by qualified personnel and signed off on by management
- Workflow-driven training processes to ensure that those who are affected are made aware of and trained on process and document changes
- Data and content management demonstrating controlled change and retention of document histories
- Questionnaire-driven supplier qualification and audit processes that verify risks associated with purchased products are clearly identified, assessed and properly mitigated
The transition to the revised ISO 13485:2016 certification standard will require significant effort for most medical device manufacturers. It will require companies to take a risk-based approach to quality and compliance management that combines GMP and ISO 9001 compliance processes. It will also require management to develop a flexible system compliant with international regulations such as European regulations when applicable. The key to successfully navigating the transition will be to start early and take advantage of an industry-specific quality management system that provides built-in capabilities that ensure enterprise-wide compliance.