ISO 13485:2016 - decoding the enigma

Understanding ISO 13485_2016 (1)Developing medical devices can be a process fraught with challenges. As a startup or established business about to side step into medical device development you may feel overwhelmed at the amount of regulatory hoops you’ll need to jump through to get your product to market.

What does it all mean?

In the barrage of initials and strings of clause numbers you’ll encounter as you start your regulatory research, some will be known to you, others not. Some may even have you reaching for your Enigma machine, hoping to turn the tide of the war.

MHRA, MDSAP, CMDCAS, FDA 21 CFR Part 11, GCP, ISO 13485:2016, ISO/TS 16949

Of these, the ISO initials will likely be most familiar, since the International Organization for Standardization (ISO) sets the standards for so many different sectors that are recognised by business and governments around the world.

ISO 13485 certification is no exception, and is used as a key compliance measure for medical device developers internationally.

But what is ISO 13485?

ISO 13485 certification focuses on the needs and safety of medical device end users by specifying the requirements for a rigorous quality management system (QMS) in the device development setting. Completing the certification process demonstrates a commitment to compliant medical device manufacturing - vital for satisfying regulatory standards.

Indeed, it is the quality management system standard accepted as the basis for CE marking medical devices under European Directives. Meanwhile, manufacturers in Canada and other territories must, by law, have ISO 13485 certification if they want to operate there.

It also should be noted, that although ISO develops these international standards it is not the inspectorate and does not issue certificates. Instead, this function is performed by external certification bodies, which companies engage to audit and examine them.

The challenge of ISO 13485 Certification

While the requirements for certification are by no means unfathomable or unattainable, they are exacting. The principal challenge for startups and businesses, therefore, who have not previously focused on their quality systems management is aligning their existing processes with a whole new battery of standards quickly and efficiently.

If your business is shifting from developing tools for ordinary scientific research into creating devices with a clinical application, the QA systems you may have in place will probably be inadequate to the task. For ISO 13485 there are required standards regarding documentation, auditing and design processes, that would be unnecessarily stringent in other development contexts. Nevertheless, you will need to provide for them and, obviously, the sooner the better in your development cycle. Otherwise, there’s going to be a lot of reverse engineering to do.

One eQMS to rule them all

 But the good news is that there are proprietary Document Management Systems, which offer excellent eQMS (electronic Quality Management System) functionality to the exacting standards of ISO 13485. And they will make your life easier.

Migrating your systems to one of these solutions will not only smooth your way to gaining the necessary ISO certification, but, by extension support the QMS requirements of the MHRA and the FDA.

A brief look at some of the ISO 13485:2016 requirements (the latest iteration of the standard) will also demonstrate how a DMS with advanced, paperless eQMS functionality will fulfil those standards in the most efficient way. Not only this, but it will also make the work of the auditor more efficient, too, making the whole certification process altogether less onerous and time consuming.

Defining and Documenting your QMS (Clause 4.1.1)

 ISO13485:2016 requires that you formally document your Quality Management Systems.

This document (in paper or electronic format) should be available to your employees as part of their training and every day working practice, and it should specify the procedures and resources they’ll need to manage a project, perform a process or realise a product to achieve your QA objectives.

The right DMS will be able to show the entire flow, scope, dependencies of your QMS in one place, illustrating this graphically using Business Process Mapping with objects linking dynamically to relevant documentation.

It will also allow changes to these process to be flagged, approved and monitored by key stake holders in real time (a requirement of Clause 4.1.4).

Risk Based Thinking (Clause 4.1.2)

The requirement to take a risk based approach to your QMS can be evidenced holistically by deploying the right Document Management System. It can be demonstrated in business process flow diagrams and a ‘phase gating’ approach to product development. Evidenced approval gathering, ongoing auditing and process driven decision making all place risk management at the centre of your business thinking.

Design and development requirements (Clause 7.3.2)

The QMS requirements are clearly designed to ensure your process for developing medical devices is as safe, considered and auditable as possible. The right DMS will provide for proper version control, allowing you to seek approval from selected stake holders at each stage of the process, capturing comments and responses as plans and designs change and evolve.

 At the end of the process you need to have a design that reflects the requirements established in the planning process. But you should also have a searchable record of the process that got you there - and the input of the teams and individuals who created the solution.

Solving regulatory challenges with an eQMS

The above examples of ISO 13485:2016 requirements are by no means comprehensive or exhaustive, just a glimpse at some of the challenges businesses new to the space will encounter and their potential solutions.

When it comes to gaining ISO certification you clearly want this to happen as efficiently as possible. An advanced DMS will help you do this with the minimum of pain and disruption.

An auditor will be asking if your approvals can be evidenced? Do you have control of the distribution of your documents? And, are you confident in your management review processes and your QMS?

A good document management system with plenty of graphical process diagrams and a search function will make it easy for your auditor to find the answers to these questions and certify you quickly.

The best DMS solutions will actually help you demonstrate, there and then, to the certifying authority, that all of the steps required for proper Quality Assurance are in place.

ISO Demystifed

There is no great mystery to the requirements of ISO 13485:2016, but they are exacting in the standards they promote.

For a start up or growing business, who may have developed processes in an ad hoc way or be focusing for the first time on medical device development, implementing these standards quickly and efficiently will be the biggest challenge.

 Apply risk based thinking to quality processes


Tags: quality management system, Compliance

Joe Byrne

Written by Joe Byrne

Joe Byrne is the CEO of Cognidox. With a career spanning medical device start-ups and fortune 500 companies, Joe has over 25 years of experience in the medical device and high-tech product development industries. With extensive experience in scaling businesses, process improvement, quality, medical devices and product development, Joe is a regular contributor to the Cognidox DMS Insights blog where he shares expertise on scaling and streamlining the entire product development cycle, empowering enterprises to achieve governance, compliance, and rigour.

Related Posts

A short guide to non-conformance reports; what, why and how

How do you log and deal with non-conformities so that faulty products don't end up in the hands of ...

How to build a supplier quality management system in 4 simple steps

How do you transform regular supplier reviews from a box-ticking exercise into a genuinely useful ...

ISO 9001 vs ISO 13485. What’s the difference?

ISO 9001 is the internationally recognised standard for quality management used in many sectors ...

A short guide to non-conformance reports; what, why and how

How do you log and deal with non-conformities so that faulty products don't end up in the hands of ...

ISO 9001 vs ISO 13485. What’s the difference?

ISO 9001 is the internationally recognised standard for quality management used in many sectors ...

Corrective actions: why, when and how?

It’s the job of your corrective action process to identify and eliminate the systemic issues that ...