Find out what it takes to achieve ISO 13485:2016 certification.
Earlier this month, SQA was invited to take part in a special MedTech panel at the ADM Expo in downtown Cleveland. The discussion was focused on ISO 13485 and the current challenges organizations might face during the transition period to the latest revision of the standard, ISO 13485:2016. Christopher Basil, a long-time quality and regulatory expert in the BioChemical, Pharmaceutical, and Medical manufacturing fields, as well as a certified ISO Quality System auditor, joined the panel and spoke on behalf of SQA.
Chris did a fantastic job of simplifying and crystallizing a few key obstacles facing organizations who are positioned to transfer, as well as those looking to get certified for the first time in a quality management system for medical devices. He was also able to convey a few important insights on how companies can meet and move past these roadblocks, too.
Below is a basic overview of the ISO 13485:2016 revision, followed by an ISO 13485 summary of the biggest challenges Chris has witnessed during audits, and what he recommends doing to overcome them:
The most recent revision to ISO 13485 is the 3rd since it was initially introduced, and organizations currently certified under the old version (ISO 13485 version 2003) have until March 1, 2019, to complete transition to the new version of the standard. ISO 13485:2016 places a greater focus on aligning ISO requirements with those of the current regulatory environment of the medical device field. As an example, auditors will be looking for things like an MDF file or a device master record file to be kept and updated whereas before that was not necessarily a requirement of certification. The latest version of ISO 13485 also places a greater emphasis on supply chain management. What does that mean exactly? The goal is to encourage companies to look beyond only their own shops, so to speak, and follow their devices through the whole supply chain. For instance, are your components coming from suppliers who are certified or have a quality management system in place?
1. Implementing risk-based management of medical devices beyond only the product's realization. In other words, is your company ready to consider how to mitigate the risks of your device throughout the product's life cycle? From cradle-to-grave? i.e. Starting with product development, testing, and production, but moving past distribution to also consider usage, repair, and end of life.
2. Increases in the language of regulatory requirements and documentation. The newest version of this medical device quality management system requires that organizations carefully identify what's most relevant or applicable to their specific business. For example, interested parties may no longer simply refer to only buyers or business, but may be expanded to include special disposal methods for your device.
3. Devoting time and resources to look deeper at your supply chain. In the revised standard, medical device manufacturers are asked to take more responsibility for their supply chain in its entirety. A medical component maker may now request that its supplier of nuts and bolts, used in a specific component, become ISO 13485 certified or at the very least have a quality management system in place.
4. More consistent gap management reviews. In the past, organizations could get away with one management review meeting per year, stretched even further by some to include an Email chain that is simply circulated around the office. That won't work anymore. Instead, auditors will be looking for a physical meeting to take place at least every 6 months, including information on who attended and an overview of what was discussed, particularly for risk-based medical device manufacturers.
5. Failing to plan. The ideal time to begin your transition from the old ISO 13485:2003 standard to the new 2016 version is by the end of this year, 2018. That means that your organization has its transition audit scheduled to occur before we get into 2019, otherwise you maybe be cutting things too close as the final deadline for transition is set for March 1st, 2019. If you wait until 2019 then you run the risk of having to compete for auditors whose schedules are filling up or are left with little time for corrections if your auditor finds non-conformities that need correcting. Either way, your company could find itself in a position where your certification could lapse simply because you run out of time.
Chris offered these 3 suggestions for meeting these challenges and making sure that your business gets ahead during this transition period:
1. Hire a transition consultant. A good consultant can help your organization learn the ins-and-outs of risk-based thinking, assist you with properly understanding the changes to the structure and terminology of the new standard, and aid in document writing and with audit findings.
2. Request that your Certification Body works with you to perform a specific gap analysis on your process. Most Certification Bodies offer gap analysis services which act as a review by a professional of your current processes and management systems against the requirements of the updated standard. Results are also strictly confidential.
3. Consider a pre-assessment. Think of this as a last look, or rehearsal exercise, before your official audit takes place. It's a good way to make sure all your "i's" are dotted, and "t's" are crossed. Additionally, it can usually be performed in a 1-day, taper-style audit, but in some cases, it may be performed remotely.
As we enter less than one calendar year before all ISO 13485 standards must be updated to the newest ISO 13485 revisions, now is the time to start preparing if you're a medical device manufacturer or medical device supplier who is, and wants to remain, ISO certified.