.svg "Cognidox logo")
ISO 9001 is the internationally recognised standard for quality management used in many sectors from construction to high-tech manufacturing. ISO 13485, on the other hand, is the QMS standard specifically for those working in the medical device industry.
This blog post looks at the similarities and differences between the two standards and what digital tools developers and manufacturers need in place to meet them.
What do the ISO 9001 and ISO 13485 standards have in common?
- Both standards are intended to help companies plan, build, and maintain an effective Quality Management System
- Both focus on the realisation of products through meeting customer needs
- Risk assessment and mitigation is a significant focus in both standards
- Both 9001 and 13485 use cycles of Plan-Do-Check-Act to proactively assure quality
- Both emphasise employee competency and infrastructure to deliver quality outcomes
How do the quality standards differ?
ISO 13485 is based on the ISO 9001 standard. However, because of its focus on regulatory compliance and patient safety, ISO 13485 is much more prescriptive in its demands. These differences include:
Documentation
ISO 13485 is more demanding in terms of documentation and document control than ISO 9001. Developers must produce user requirements and detailed product specifications - then provide formal evidence of validation against deliverables for internal and external audits. The standard specifies the creation of technical files that will answer regulatory requirements. A QMS designed to the ISO 13485 standard will ensure you have the data you need to generate such regulatory documents as the: DHF (Design History File) DHR (Design History Record) and Device Master Record (DMR).
Design and development controls
Design and development controls in ISO 13485 are much more stringent than those in ISO 9001, with separate sections in ISO 13485 for design review, verification and validation. There are also specific requirements relating to medical device function, clinical evaluations, safety requirements and risk management.
Resource management
Both ISO 13485 and ISO 9001 specify that you should have sufficient control of your resources to deliver products to the required standard. This includes access to the right equipment, buildings, competent personnel, and IT resources. But ISO 13485 also demands medical device developers and manufacturers should have ways of documenting and managing sector-specific requirements such as:
- Cleanliness of clothing
- Temporary work conditions
- Contaminated product controls
Management Responsibility
ISO 9001 allows a business to assign quality responsibilities without defining roles. But ISO 13485 demands businesses identify a member of the management team who will be responsible for each aspect of the QMS. Also, the standard for medical device manufacturers specifically addresses the need for managers to ensure awareness of regulatory requirements across the business, regularly reviewing all the cGMP (Current Good Manufacturing Practice) regulations which impact the organization.
Improvement models
Clause 10.3 in the ISO 9001 standard focuses on customer satisfaction as the ultimate measure of quality. Working in sequences of planning, execution and review (Plan, Do, Check, Act), the standard encourages companies to continuously improve their products and practices by:
- Finding new internal efficiencies
- Identifying and meeting new customer requirements
- Matching and exceeding the level of performance that your sector expects
On the other hand, ISO 13485:2016 does not mention ‘continuous improvement’. Instead, it requires all organizations to focus on ‘improvements’, ensuring their QMS is always effective in securing the ongoing safety of end users. Here's what the regulation actually says:
8.5 Improvement
8.5.1 General
The organization shall identify and implement any changes necessary to ensure and maintain the continued suitability, adequacy and effectiveness of the quality management system as well as medical device safety and performance through the use of the quality policy, quality objectives, audit results, post-market surveillance, analysis of data, corrective actions, preventive actions and management review.
Working in cycles of ‘Plan, Do, Check, Act’ (aka Denning Cycle) is a requirement of both standards. In ISO 13485, though, it's all about determining and specifying end user needs, then translating them into engineering specifications that exactly meet those needs. It’s about guarding against the risk of product failure and potential patient injury by refining how you identify non-conformities and their root causes in decisive and trackable ways
ISO 9001 vs ISO 13485; additional requirements for medical device developers
|
ISO 9001:2015 |
ISO 13485:2016 |
|
7.1.4 Environment for the operation of processes |
6.4 Work environment and containment control |
|
7.5.3 Control of documented information |
4.2.3 Medical device file 4.2.4 Control of documents 4.2.5 Control of records 7.3.10 Design and development files |
|
8.3.4 Design and development controls |
7.3.5 Design and development review 7.3.6 Design and development verification 7.3.7 Design and development transfer |
|
8.5 5 Post delivery activities |
7.5.1 Control of production and service provision 7.5.3. Installation activities 7.5.4 Service activities 8.2.2 Complaint handling 8.2.3 Reporting to regulatory authorities 8.3.3 Actions in response to nonconforming product after delivery |
|
9.1.2 Customer satisfaction |
7.2.3 Communication 8.2.1 Feedback 8.2.2 Complaint handling |
|
10.2 Non-conformity and corrective plan |
8.3 Control of nonconforming product 8.5.2 Corrective action |
|
No equivalent clause |
7.5.2 Cleanliness of product 7.5.5 Particular requirements for sterile medical devices 7.5.7 Particular requirements for validation of processes for sterilisation and sterile barrier system |
Both standards are the key to developing products of consistent quality and evidencing to partners, auditors and regulators that they’re able to do so.
To continue meeting the standards and implement improvements effectively over time, you need the digital tools to manage these processes digitally. Whether you need to gain SO 9001 or ISO 13485 you need to automate document and change controls to accelerate workflows, while helping de-risk your passage to launch and beyond.
How can you move from ISO 9001 to ISO 13485?
But businesses who are moving into medical device development for the first time will need even more advice and support in meeting the specific requirements of ISO 13485.
The right digital QMS will also come with the specific SOP templates and forms that you need to adapt your processes to meet the particular requirements related to medical device development.
But these shouldn’t be overly rigid, complex or time-consuming to implement. Templated forms and processes should be easy to tweak and optimise to meet the regulation while supporting the way you want to work.
The right eQMS will help you control your processes and structure your documentation in a way that exactly meets your business needs and your regulatory obligations, without slowing your business down.
A great eQMS will seamlessly support you as your business ambitions grow and you explore new opportunities in new sectors that may make new quality demands.
%20(1).webp?width=133&height=76&name=ISO%20IEC%2027001%20(1)%20(1).webp)