ISO 13485 – Medical Device Quality Management System Requirements

by Kishan Tambralli

ISO 13485 – Medical Device Quality Management System Requirements

ISO 13485 is a medical device standard that has been established by the International Organization for Standardization (ISO). It was created to ensure the quality and safety of medical devices. The ISO 13485:2016 sets global standards and guidelines for designing, manufacturing, and servicing medical devices.

Points need to be included in QMS 13485

The ISO 13485:2016 Quality Management Systems – Requirements for Medical Devices Standard was developed in response to the globalization of the medical device industry and the need for increased international harmonization in regulatory oversight. This update to ISO 13485 includes new risk-based requirements and clarifications, and improvements in guidance and structure over previous versions.

The purpose of this standard is to improve patient safety by providing a framework that will help organizations design, develop, manufacture, install, calibrate, inspect/test/inspect, and distribute safe products.

The following are some examples of what might be included in such a document:

  • Management responsibility
  • Quality policy
  • Quality objectives
  • Product quality
  • program
  • Design controls include design assurance activities and verification processes.
  • Development process.
  • Design inputs.
  • Product realization process.
  • Production process control (including production planning).
  • Production equipment/systems qualification.
  • Production reference conditions.
  • Post-production process controls (including distribution and customer feedback).
  • Management of production changes.

What are the Differences Between ISO 13485 and ISO 9001?

ISO 9001 is a quality management system standard. It was developed in 1987 by the International Organization for Standardization (ISO). ISO 13485, also often referred to as Medical Devices Quality Systems Standard or MDQS, outlines requirements specific to medical devices and related services. These two standards are not identical, but they have similarities that can be helpful when trying to decide on one of them for your company. Below, we will discuss some of the significant differences between these two standards.

One of the main things that set ISO 13485 apart from ISO 9000 is its focus on risk management. The standard requires organizations to identify and assess risks associated with their medical devices and then put controls to mitigate those risks. This helps ensure that products coming off the production line are safe for patients.

  • The first significant difference is that the ISO 13486 standard requires manufacturers to assess their product’s safety throughout the design process. This requirement ensures that any potential risks are identified before they become actual problems. The ISO 9001 does not have this provision.
  • A second significant difference is who is responsible for maintaining records of complaints or incidents related to products or services provided by the organization – it’s either the manufacturer or customer service department under ISO 13485.

Who Enforces ISO 13485?

The FDA is the primary negotiator of ISO 13485. The US Department of Health and Human Services (HHS) has entrusted this responsibility to the FDA. This act was enacted to provide more excellent protection for consumers from products being marketed as medical devices but may not be safe or effective enough for use on humans.

Many different organizations can be involved in the enforcement. For example, depending on where your manufacturing facility is located, one or more of these agencies may investigate and enforce ISO 13485 compliance: FDA (Food and Drug Administration), Health Canada’s Medical Devices Bureau, EC (European Commission), TGA (Therapeutic Goods Administration) Australia, PMDA (Japan Ministry of Health Labor & Welfare).

The FDA is responsible for enforcing ISO 13485 and has the authority to audit a company’s quality management system. This responsibility includes ensuring that organizations are following all of the requirements in ISO 13485, such as:

  • Implementing corrective and preventive action processes.
  • Effectively designing and conducting investigations of nonconformities identified during monitoring activities.
  • Establishing procedures for receiving feedback from customers on product performance before or after delivery.

Steps Outlined when Implementing ISO 13485

How is ISO 13485 Structured?

The following steps are outlined when implementing ISO 13485:

1.First, define your scope of work

Scope of work is a document that identifies the tasks, resources, and deliverables required to complete an assignment.

The scope of work in ISO 13485 is typically defined by the following

  • The project goal or objective.
  • The roles and responsibilities for team members.
  • Tasks assigned to each team member (and any dependencies).
  • Milestones for completing tasks.
  • Resources needed to complete tasks (equipment, personnel).

2.Normative References

A normative reference is a document that provides requirements or guidelines that must be followed to meet the standard. The documents listed in ISO 13485:2016 are all internationally recognized as providing best practices for medical device manufacturing. Meeting the requirements of these documents is critical to demonstrating compliance.
ISO 13485:2016 includes the following normative references:

  • Quality management system – ISO 9001:2015
  • Design control – ISO 14971-1:2011
  • Production control –ISO 14971-2:2014
  • Nonconformance assessment–ISO 14972-1:2011

3.What are Terms and Definitions in ISO 13485?

  • It is essential to understand the difference between “externally” versus “internally” regulated products, as they have different requirements under the standard.
  • There are three parts of ISO 13480: Part 1 deals with design control, Part 2 deals with manufacturing control, and Part 3 deals with product verification.
  • To be compliant with ISO 13485, a company must have written procedures for risk management.

4.Quality Management System

ISO 13485 is a quality management system that provides guidelines for designing, implementing, and maintaining an adequate Quality Management System. It prescribes the general principles of quality management and establishes the criteria for ISO 13485. This standard has been designed with three objectives in mind:

  • To provide a framework of broad scope for managing risks related to medical device safety.
  • To promote continual improvement in product assurance processes.
  • To improve communication between manufacturers, regulators, and users.

5.Resource Management

Resource management is a process that helps organizations to manage and control their resources. It’s essential for companies who want to meet ISO 13485 standards.

ISO 13485 requires an organization to establish the following:

  • A policy on resource availability.
  • A procedure for resource allocation.
  • A procedure for releasing resources
  • An inventory of all available resources.

6.Product Realization

Product realization, also known as product development, is designing, and developing a product or service to meet customer needs. This includes everything from conceptualizing and researching new products to final design and production.