ISO 13485 requirements guide for: Medical Devices – Quality Management Systems – Requirements for regulatory purposes
ISO 13485 can be used by organisations that are involved in one or more of the following activities against medical device products, software or services;
- Design and development
- Manufacturing/ production
- Storage/ Distribution
- Labelling/ packing
- Importing/ exporting
- Installation and servicing
- Disposal/ decommissioning
The standard is also used by 3rd party providers and sub-contractors who offer services such as;
- Equipment calibration
- Maintenance services
- Providers of raw materials
- Consultants/ service providers
The ISO 13485 standard was built around the structure of ISO 9001 which is a standard for Quality Management Systems Requirements applied across all industry settings other than medical device companies. Some companies choose to have a dual-QMS which complies to ISO 9001 and ISO 13485, having separate certificates issued against one all-encompassing system. Unfortunately, ISO 13485 can not be used as a ‘standalone’ certification to show full compliance to ISO 9001 as the standards to contains some additional/ separate requirements.
The ISO 13485 standard consists of 8 clauses; These 8 clauses are ISO 13485 Requirements.
- Normative references
- Terms and definitions
- Quality management system
- Management responsibility
- Resource management
- Product realisation
- Measurement, analysis and improvement
Clause by clause guidance
Implementing a Quality Management System (QMS) in compliance to ISO 13485 brings focus to various aspects of a business. Working through implementing the standard may highlight the need for involvement from other departments such as human resources, purchasing, production, IT managers, top management, customer services etc. Clause 1,2, and 3 don’t require any supporting documentation for compliance, however an understanding of these clauses is beneficial in navigating the rest of the document.
Clause 1- SCOPE
This clause is fairly short; it provides an ‘introduction’ to the rest of the clauses and background into who may benefit from applying the standard.
The scope focus on establishing a company’s ability to consistently design/ manufacture/ distribute a medical device or service that meets customer and applicable regulatory standards.
The scope of ISO 13485: 2016 is not just for manufacturers, it can be applied to other companies involved in offering medical device services, supply chain companies and any other applicable third party providers for activities such as design and development.
Within Clause 1 is the first mention of ‘non-applicable’ clauses, which is discussed in more detail within the paragraphs below.
Clause 2- NORMATIVE REFERENCES
This clause makes reference to ISO 9001: 2015. It is explained that for any dated references, only the edition cited in the standard applies, but for any undated references the latest edition of that standard applies.
Clause 3- TERMS AND DEFINITIONS
The terms and definitions given in ISO 9001:2015 apply to ISO 13485 but there are additional definitions provided more specific to medical device terminology.
When producing quality management system documentation, these exact terms do not have to be used, however it does help to clarify the meaning of the terms that have been used. Providing a glossary within system documentation may be useful for external auditors if there are a lot of in-house specific abbreviations/ acronyms.
This list can be helpful as a ‘training tool’ for those stepping into the industry, becoming familiar with the jargon is vital in understanding and working with standards effectively.
Clause 4- QUALITY MANAGEMENT SYSTEM
Clause 4 outlines the documentation requirements for the QMS including;
- Establishing the quality manual
- Having available any medical device technical files
- Records and procedures required by ISO 13485 and any other applicable regulations
- Record and document/ change control
Clause 4 is referred to throughout the standard, whenever documented evidence is required.
Additionally, clause 4 outlines the system’s general requirements such as;
- Meeting the requirements of the standard and any applicable regulations
- Defining the scope of the QMS
- Defining processes needed for the QMS
- Risk control (including quality agreements)
- Resource availability across the organisation
- Monitoring, measurement and analysis of data
- Change control and maintenance of documents and records
- Validation and revalidation of software used within the scope of the QMS
Clause 5- MANAGEMENT RESPONSIBILITY
Clause 5 focuses on establishing a quality policy and setting at minimum yearly objectives for the QMS/ company-wide.
Clause 5 also requires QMS planning evidence.
Examples of QMS planning inputs include:
• Establishing a quality policy for your company
• Setting Specific, Measurable, Achievable and Realistic ‘SMART’ quality/ companywide objectives
• Keeping up to date and in compliance with current and new regulatory requirements
Examples of QMS planning outputs include:
• Quality Manual
• Gap Analysis
• Action Plans
Other important aspects of QMS planning include carrying out Management Review Meetings (see below), conducting internal audits as per the internal audit plans and schedules and tracking your continual improvements/ current QMS actions issued.
Management review meetings FAQ’s
Q. How often should we have a management review meeting?
A. Such meetings should be held a minimum of once per year as they allow for top management to review the effectiveness of the QMS. If the QMS is new or meeting agenda is lengthy it may be better to hold more regular meetings focusing on different topics each time.
Q. Who should attend the meetings?
A. Depending on the size and structure of the organisation different employees may attend but generally at a minimum the management representative and an appointee from top management would be present. Additionally, a company may wish to include 3rd party providers for PRRC (Person Responsible for Regulatory Compliance) or Management Representative, if these responsibilities are outsourced.
Q. What documentation is required?
A. The meeting plan, schedule, list of attendees agenda, minutes and actions need to be formally documented as evidence for compliance to ISO 13485.
Clause 6- RESOURCE MANAGEMENT
Resource management covers four main aspects;
- PROVISION OF RESOURCES: To have the resources available for successful implementation and management of the QMS such as qualified personnel/ IT equipment/ software etc.
- HUMAN RESOURCES: Ensuring the organisation has well trained, skilled and competent employees for the established job roles, with clear and defined job descriptions in place.
- INFRASTRUCTURE: To provide and maintain buildings, technology, hardware and software and any other infrastructure needed to achieve product conformity such as storage and manufacturing facilities.
- WORK ENVIRONMENT AND CONTAMINATION CONTROL: To provide a suitable environment appropriate to the activities performed, such as an office or factory. Ensuring the environment is suitable for purpose with regards to cleanliness, sanitation, hygiene and contamination control.
Clause 7- PRODUCT REALISATION
Clause 7 is the lengthiest of clauses within the standard and mainly focuses on the product/ software/ service-related activities such as;
- The product requirements and customer journey/ communication
- Risk management for the business/ QMS (in addition to managing product risks)
- Design and development activities, such as inputs and outputs
- Purchasing processes
- Supplier evaluation and monitoring processes
- Production controls, such as product cleanliness, sterilisation, servicing, installation, validation etc.
- Goods in checks and quality control
- Traceability and identification of products/ software/ services
- Preservation of customer property and products/ software/ services
- The monitoring and measurement of equipment used within production-related activities
Clause 8- MEASUREMENT, ANALYSIS AND IMPROVEMENT
This clause is about managing the QMS and focusing on continually improving the system. The tools provided to do so are;
- Logging, monitoring and as applicable investigating customer feedback and complaints
- Conducting internal audits against the QMS as per the internal audit plan and schedule
- Raising and processing non-conformances against products, suppliers, processes and procedures
- Keeping track of continual improvements and actions assigned during audits and management review meetings
- Measurement & analysis of data from various places within the QMS
- Processing corrective and preventive action plans
Certain clauses of ISO 13485 will not fit within the scope of the business. If this is the case, a detailed justification as to why the clause is non-applicable must be produced and presented clearly in the Quality Manual. Within the scope of ISO 13485 it specifically states ‘’if any requirement in clause 6,7 or 8…is not applicable…the organisation does not need to include such a requirement in its quality management system…’’. Therefore, an auditor wouldn’t expect to see non-applicable justifications for clause 4 or 5.
A common example of this would be clause 7.5.5 – Particular requirements for sterile medical devices; if the company does not handle any activities relating to sterilisation then procedures/ parameters and records would not need to be established.
The benefits of implementing ISO 13485
- To ensure the reliability and quality of medical devices across different territories.
- Helps businesses expand their selling potential and to gain approval to sell devices in the major markets such as the US, EU and Canada
- Allows businesses to demonstrate commitment to designing, manufacturing and distribution of high-quality medical devices
- Larger medical device businesses prefer to work with vendors who have ISO 13485: 2016, subcontractors that are certified are more likely to be prioritised
- The documentation required by the standard allows personnel to have comprehensive access to necessary information. It also helps identify any faults or potential failures, product improvements and manufacturing process efficiencies
Overall, the implementation of ISO 13485 brings additional structure to any medical device company, making it easier to monitor the day to day business activities. Its is vital for the wider organisation to have awareness of the QMS and understand its importance/ benefit from a ‘bigger picture’ perspective, rather than seeing it as a set of documents and paperwork. The QMS when implemented successfully can bring profit increase and success to a company and help achieve organisation wide aims and objectives. This standard is now being seen as a golden stamp for selling into the US and EU marketplaces; it shows investment in quality and makes sharing information and aligning with other companies much more effective. If you are looking for assistance with ISO 13485 or 9001 implementation, please reach out to us. We’re Quality.
EN ISO 13485:2016+A11:2021 – Medical devices — Quality management systems — Requirements for regulatory purposes