Select your ISO 13485 Auditor Course

What are the Benefits of a Formal Medical Device Management System?

1. A body of evidence demonstrating compliance with applicable legal and regulatory requirements. Under EU MDR and IVDR, a formidable mass of documentation can be required.
2. Management systems are designed to:
   • Get it right the first time,
   • Be consistent and reliable,
   • Seek out the root causes of problems,
   • Not to repeat mistakes.
3. All aspects of supply, installation, and maintenance throughout the product lifecycle are done in compliance with applicable regulations.
4. Organized management: An organization certified to the Standard is managed in a standard and structured way.
5. Clarity of Purpose: Staff know their responsibilities, authorities, and accountabilities.
6. Processes and procedures suited to the Mission and strategic objectives that you have set for the organization.
7. Internal audits to monitor compliance with requirements and highlight deficiencies.
8. Corrective actions to prevent the recurrence of errors – try to make mistakes only once, if at all.
9. An informed Board of Directors, knowing that the organization is focused on strategic objectives while satisfying compliance requirements and planning and acting to address future challenges.
10. Management satisfaction knowing that the organization is functioning in line with strategic objectives.
11. Reduce errors: Fewer costly errors, less rework, replacement of goods and/or services, and increased productivity.
12. Fewer customer complaints as fewer errors occur.
13. Better retention of customers: a consequence of reduced errors.
14. Management performance improved as less time is spent apologizing to customers and managing the unnecessary repetition of work.

What is ISO 13485 Certification?

An ISO 13485 Certificate is recognition from a Certification Body – CAB (usually an accredited Certification Body), or in relation to EU regulations, a Notified Body, that an organization has implemented and is maintaining a quality management system that meets the requirements of ISO 13485:2016.

Who needs ISO 13485 Certification?

Organizations globally, both in the public and private spheres and from every economic sector involved in providing medical device products and associated services, need to demonstrate compliance with ISO 13485.

Relevant organizations would include distributors and those trading in medical devices, and this can apply to any stage of the lifecycle. For more, see ISO 13485 Certification for the Medical Device Supply Chain.

What are the benefits of having ISO 13485 Certification?

1. Feedback: First and foremost, ISO 13485 Certification is about confirming compliance with regulation and then through Feedback (including PMS – Post Market Surveillance) that the device remains fit-for-purpose in fulfilling its specification and purpose and identifying opportunities for improvement.
2. Reputation: Be taken seriously as a prospective supplier, other than a manufacturer, as the holder of ISO 13485 Certification, based on the independent assessment of an accredited certification body.
3. Qualify for pre-tender and tender opportunities, especially for distributors to the public sector.
4. Status: On equal terms with the ‘big’ boys’ – the size of your organization won’t hold you back. And for newcomers, you demonstrate commitment to the medical device sector.
5. Risk management is implemented by manufacturers and others to ensure the safe and misuse of the device. Invariably, ISO 14971 is used here. Apart from this, a risk-based approach is applied to all processes.
6. Objectives and improvement obligations focus you on setting targets for improvement and then planning and implementing them in a timely manner.

How can you be sure that the ISO 13485 Certificate is legitimate and internationally-recognized?

CABs issue certificates to organizations after they have undergone an ISO Certification process. This process is based on a comprehensive two-stage audit (itself based on the auditing standard ISO 19011) that involves a documentation review and an independent on-site audit.

The CAB gathers and documents objective evidence of compliance with the requirements of ISO 13485. After the CAB has confirmed that all the requirements of the ISO 13485 Standard have been implemented and are being maintained, a Certificate is issued as is permission to use logos to publicize the fact.

How can you get an ISO 13485 Certificate?

The IAF logo is important for medical device manufacturers in countries where their accreditation body is not well known on the world stage. It signifies worldwide recognition without any doubt as to legitimacy.

The EA, an association of 49 national accreditation bodies in Europe, has completed the administrative requirements of the IAF (International Accreditation Forum) necessary for the extension of their IAF multilateral recognition arrangement (MLA) to include ISO 13485.  This omission has in the past, for example, been a barrier for European medical device exporters in gaining access to markets such as Australia.

The availability of the IAF logo for ISO 13485 certification means that any conformity assessment body (CAB)accredited by the European accreditation body can apply the IAF MLA mark to their ISO 13485 Certificates.

Three logos on ISO 13485 certificates are the new normal in Europe:

1. The CAB logo,
2. The EA member National Accreditation Body logo and
3. The IAF logo.

The Australian Therapeutic Goods Administration (TGA), which previously had refused to recognise the legitimacy of ISO 13485 certificates carrying EA member accreditation, now accepts (according to their website) certificates carrying the IAF MLA Mark.

How does ISO 13485:2016 differ from ISO 13485:2012?

Compared to ISO 13485:2012, the 2016 version places greater emphasis on risk management and risk-based decision-making for processes outside the realm of product realization.

This version, like its predecessor, requires the application and documentation of risk management to the control of the appropriate processes. This is not to be confused with the ‘risk-based approach’ of ISO 9001:2015.

The focus is on risks associated with the safety and performance of medical devices and compliance with regulatory requirements. In addition, the Standard asks organizations to be more stringent when it comes to outsourcing processes by putting into place controls (e.g., written agreements) for assessing their suppliers, again based on risk.

How else do the ISO 13485:2016 versions differ from the previous one?

ISO 13485:2016 incorporates significant changes to quality management systems requirements for medical devices, including…

• Application to organizations throughout the life cycle and supply chain for medical devices;
• Expanded requirements for…
  • document management,
  • management review, and
  • human resources;
• Emphasis on appropriate infrastructure, work environment, and contamination control, particularly for the production of sterile medical devices, and addition of requirements for validation of sterile barrier properties;
• Additional requirements for…
  • planning, and
  • record keeping;
• Increased linkage and communication with regulatory requirements, particularly for regulatory documentation;
• Additional requirements in design and development on consideration of usability, use of standards, verification and validation planning, design transfer, and design records;
• Harmonization of the requirements for software validation for different software applications (QMS software, process control software, software for monitoring and measurement) in different clauses of the standard;
• Emphasis on complaint handling and reporting to regulatory authorities in accordance with regulatory requirements, consideration of post-market surveillance, and
• Planning and documenting corrective action and preventive action and implementing corrective action without undue delay.

Other changes include more explicit detail related to the nature of the organization and the life-cycle stages covered by ISO 13485 QMS.

It contains requirements related to the control of changes to processes. The standard also addresses new requirements to protect confidential health information.

What is the difference between ISO 13485:2016 and EN ISO 13485:2016?

The harmonized EN edition is identical word-for-word with the international edition. However, it contains three additional annexes identifying where compliance with the Standard does not adequately address requirements in EU Directives.

These three ISO 13485 Annex Z’s provide greater clarity on the applicability and alignment of the current AIMDD (active implantable medical device directive), MDD (medical device directive), and IVDD (in vitro medical device directive) with the Standard.

How can changes in the ISO 13485:2016 versions affect organizations?

The structural relationship between ISO 13485:2016 and ISO 9001:2015 is outlined in Annex B.

The mismatch between the two Standards is clearly to be seen, and those manufacturers and suppliers who require certification to both Standards are advised to have two Quality Manuals, one for each Standard, to show how quality policy will address the differing requirements. An integrated set of procedures can then implement the policies across the common processes.