The publication of the ISO 13485:2016 standard in March of this year realizes work that began in July 2014 with the rejection of the first Draft International Standard (DIS) version that was carried forward with the publication of DIS 2 in February 2015. Companies now have a three-year transition period to update certificates to meet the new standard that ends in March 2019.
According to ISO:
ISO 13485:2016 specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements. Such organizations can be involved in one or more stages of the life cycle, including design and development, production, storage and distribution, installation, or servicing of a medical device and design and development or provision of associated activities (e.g. technical support). ISO 13485:2016 can also be used by suppliers or external parties that provide product, including quality management system-related services to such organizations.
Requirements of ISO 13485:2016 are applicable to organizations regardless of their size and regardless of their type except where explicitly stated. Wherever requirements are specified as applying to medical devices, the requirements apply equally to associated services as supplied by the organization.
The processes required by ISO 13485:2016 that are applicable to the organization, but are not performed by the organization, are the responsibility of the organization and are accounted for in the organization’s quality management system by monitoring, maintaining, and controlling the processes.
In the new standard, quality management system requirements have been updated to close gaps with other regulatory requirements. Richard Vincins, Vice President, Quality Assurance Consulting at medical device consultant Emergo, notes the key changes that medical devices need to know:
- The organization needs to document the role and responsibility they are taking under the regulatory requirements, e.g. manufacturer, authorized representative, importer, or distributor. Clarification of roles and responsibilities of each organization within the delivery chain is made with the revision; the organization must clearly delineate their role in order to assure the actual legal manufacturer is identified.
- Outsourced processes need to be clearly identified, including the sequence and interaction of those processes. Organizations must determine the processes needed, taking into account the roles taken by each party, including the company itself.
- It is understood that the legal manufacturer cannot “absolve” itself of the responsibilities for quality system requirements that they must retain responsibility of conformity; written agreements may be required between the parties. If any processes are outsourced, these must have the proper controls applied proportional to the risk involved and the activities that are outsourced.
- Validation of the applicable computer software in the quality system needs to be assessed and performed. This includes electronic Quality Management Systems (eQMS), complaint management systems, corrective action systems, or Enterprise Resource Planning (ERP) systems that may require validation.
- There is now more synergy with the FDA’s Device Master Record (DMR) that has been in place for many years. The standard clarifies the establishment and maintenance of a file, called the Medical Device File, that references intended use, specifications, manufacturing, labeling, packaging, monitoring, traceability, installation, and/or servicing.
- The standard clarifies the record retention period for quality records and obsolete documents; these need to be maintained at least the lifetime of the medical device as defined by the organization.
- As the electronic management of documents has significantly changed since 2003, the standard clarifies controls that are required for identification, storage, security, and integrity of records. Many organizations are keeping their quality data in some type of electronic format whether it is a simple Excel log sheet or eQMS system.
In an earlier post, we talked about the importance of executive buy-in to realizing the desired maturation of quality management processes. By placing a stronger emphasis on top management, the new standard underscores this importance. As Vincins notes, “It is always understood that quality, safety, and performance requirements for a medical device start from the top of an organization.”
How MES Can Help
Maintaining medical device history records is increasingly important as standards evolve, and this is one reason that medical device manufacturers should consider MES like Solumina for manufacturing execution as they look to comply with ISO 13485 and other pertinent standards.
With MES, process control and enforcement mechanisms ensure compliance with ISO 13485, ISO 9001, and FDA 21 CFR Parts 11, 21, and 820 regulations. This compliance enables customers to increase control over their process changes by providing the authentication and tracking of system activities against key business processes and sensitive data. MES strict adherence to data collection ensures that each device meets the highest quality standards and compliance regulations. Non-acceptable data, such as out-of-limit data collections or duplicate serial numbers, are immediately identified and resolved.