Understanding Risk Management Requirements in ISO 13485:2016

ISO 13485 is the international standard that outlines the requirements of the Quality Management System (QMS) for medical devices. Developing and deploying a QMS that meets the requirements of this standard is essential for commercializing your medical device in many important global markets.

ISO 13485 was revised in 2016 with a heavy emphasis on risk and planning. The word risk appears twice as often in this research as in previous versions! Risk and risk management are now clearly defined and a risk-based approach is required to control appropriate processes in QMS. A good understanding of these requirements is required to ensure that your QMS compliance continues.

It is important to note that the requirement for a risk-based approach now appears very early in the standard, starting at the top-level general requirements for a QMS.

It all starts with your organization’s role in the lifecycle of the medical device, and the processes you identify and apply to your QMS control of these processes to achieve the desired results are now expected to be risk-based. Simply put, high-risk processes are expected to have a higher level of control than low-risk processes. This high-level requirement then flows down to specific requirements under various clauses relating to employees, suppliers, verification of externally supplied products / services and validation / re-validation of software.

These newly added requirements can be difficult to interpret and implement. The following questions, and the accompanying discussion, are intended to help you evaluate the need for additional improvement actions in your QMS. 

Learn more about Risk Implementer for ISO Standards and how to find an ISO 13485 expert, please visit at www.punyamacademy.com

ISO 13485 Documents – Requirements for Medical Device Quality System Certification

The latest version of ISO 13485 was published in 2016, and the transition from the previous version is ahead. One of the most important steps in the transition process, as well as in the initial implementation, is determining what documents and records are needed for an effective Quality Management System (QMS) based on ISO 13485.

The key sections of ISO 13485 set out a range of document requirements for developing, implementing, and maintaining a Quality management system tailored to the design and production of medical devices.

Requirements of Documents for ISO 1345 Certification

• Quality Manual :

The ISO 13485 quality manual is a mandatory document for ISO 13485 Certification, which maintains quality management system in medical devices. This is a roof document for QMS, and it usually includes the QMS scope, role(s) undertaken by the organization, exclusions from the standard, references to relevant documents, and the business process model.

• ISO 1345 Quality System Procedures :

ISO 13485 procedures documentsrequired as necessary for effective planning, operation, control and monitoring of realization processes improvements. Mandatory procedures cover all the clause requirements to follow while implementation of Quality management system for preparing and maintaining medical devices.

• ISO 13485 Exhibits :

ISO 13485 exhibits documents are very useful tools that cover all the details for training to the user to implement the processes and get detail ideas for process implementation and improvement.

• ISO 13485 Formats :

ISO 13485 formats documents designed and required to maintain records as well as establish control and make system in the organization. The ISO 13485 samples formats given are as a guide and not compulsory to follow and organization is free to change the same to suit own requirements.

• ISO 13485 SOPs :

ISO 13485 SOPs documents cover sample copy of work instructions to link with significant aspects issues in the organization. It takes care of all such issues and used as a training guide as well as to establish control and make system in the organization. The samples given are as a guide and not compulsory to follow and organization is free to change the same to suit own requirements.

• ISO 13485 Audit Checklist

ISO 13485 audit checklist documents audit questions based on ISO 13485:2003 requirements as well as for Clause wise questions and department wise question. It will be very good tool for the auditors to make audit Questionnaire / clause wise audit Questionnaire while auditing and make effectiveness

6 Steps for ISO 13485:2016 Certification

The organization needs to demonstrate its ability to provide medical devices and related services that meet customer and regulatory requirements on a regular basis, ISO 13485:2016 clarifies the requirements of the quality control system. Such organizations may be involved in one or more phases of the life cycle, including design and development, production, storage and distribution, installation, or manufacture of medical and design and development services, or the provision of related services such as technical support.

ISO 13485: 2016 may also be used by vendors or third parties who provide products, including program management related services related to such organizations.

Here are 6 steps to ISO 13485: 2016 Certification

Step 1: Planning the quality system

ISO 13485 includes the need for quality planning. Writing an ISO 13485 Manual is Ok, but you need written quality plans to apply the change to your quality control system. The general requirement is that an ISO 13485 consultant must be seen in your specific industry/business.

Step 2: Meeting regulatory requirements

When making your quality plan, medical device companies must comply with the ISO 13485 Certification.

Step 3: Implementing design controls

Most customers already implemented design controls

Step 4: Documents, records, and training

One of the ISO 13485 requirements of a quality manual is to explain the process integration of your quality program.

Once you have expert in document management, record management, and composition management, you will need to begin training to write about processes.

Step 5: Management processes

The latest version of ISO focuses more on risk management and requires organizations to focus on the potential risks in which they operate and their quality management system – and then take effective measures to reduce the identified risks.

At the highest level, ISO 13485: 2016 places an emphasis on the integration of risk management and business processes. Key management processes are: corrective and preventive measures, internal audit, and management reviews.

Step 6: The Certification audit

With the certification Audit, ISO 13485: 2016 requires Stage 1 and Stage 2 research by industry/industry staff – and certain ISO employees.

Historically, the process of obtaining an ISO 13485 certificate begins with a financial assessment of desktop processes. The problem with this method is that some companies did not have the records to ensure that the plans were fully implemented. The Stage 1 Audit is usually a one-day survey. Finally, you get a report that shows the positive and negative consequences. The ISO 13485 auditor also indicates whether your company is ready for Stage 2. The stage 2 test may involve auditors for several days. During this study, all the remaining processes in your quality system will be tested.

ISO 13485:2016 for manufacturing Medical Devices

Allowing innovation, while also ensuring safety and efficiency, requires international standards. This article provides details on companies that manufacture medical devices for the benefits of holding an ISO 13485 certificate and how to obtain a certificate.

ISO 13485 allows a company to demonstrate that it always meets customer requirements and regulatory requirements for a health device and complies with local law. There are many similarities of ISO 9001, which covers the requirements of quality control systems, but emphasizes areas such as risk management, work environment and medical device documentation and reporting.

A medical device under ISO 13485 includes any tool, equipment, machinery, implant, in vitro reagent or similar, used for detecting, preventing or treating a medical condition. This installation is very wide and includes anything from basic literature tools such as scalpels, to wheelchairs, life support equipment, test kits and pacemakers.

Benefits of holding ISO 13485 certification

As the medical device industry is highly regulated, the safety, efficiency and effectiveness of all products are paramount. Holding an ISO 13485 certification clearly demonstrates to customers and directors the company’s commitment to continuous improvement, safety and quality. Companies with ISO 13485 certification:

• Demonstrate compliance with medical device rules and legal requirements, eliminating uncertainty from all participants
• Successfully manage risk
• Manufacture advanced medical devices
• Improve processes, efficiency and overall efficiency with an effective quality control system
• Reduce costs for process efficiency and provide chains
• Get a competitive advantage
• Have more opportunities to reach global markets and build corporate growth.

ISO 13485 is very discriminating against – and very focused on – risk management, because medical devices are used by people in some way. A risk-based approach is incorporated into a quality management system and is required through the use of medical device life. While this can be a challenge for medical equipment manufacturers, it is a necessary focus that improves the safety, quality, compliance and effectiveness of the product effectively. For example, it is a requirement that any employee working on the identified device identification process have the relevant ISO 13485 information to minimize the risk of personal error and ensure that they are able to make informed decisions.

First, you must ensure that your devices manufactured by your company can be described as a medical tool under ISO 13485 standards; or, if you are providing a medical device, that your device is associated with a product that is defined as a medical device. Obtaining an ISO 13485 certificate is challenging and requires commitment, secondly, it is important for your leadership team to ensure that managing the certificate will add value to your company, meet your business objectives and support its strategy.

Although full ISO 13485 Certification is not required, as your company can still follow and benefit from ISO 13485 standards without external certification, it clearly shows to all stakeholders that it complies with its requirements. If you want ISO 13485 Certification, The ISO 13485 Documents represent the requirements that the medical device manufacturers must incorporate into their management systems.

ISO 13485: What does it require from Quality manual?

Sometimes organizations go too far with quality manual, creating a huge, unusable book that is pretty much just the ISO 13485 standard and just rewritten it with do some modification. Technically suppose that, this would show written proof that the organization is committed to meeting every single requirement the standard lists for their Quality Management System (QMS) – but a document like this is much too long and difficult to understand to be of any use to employees. Many modern companies like to go with a short with its ISO 13485 manual that’s easy to read and understand.

The actual requirement to include in ISO 13485 quality manual that is mainly understands. So here are the requirements of a quality manual, and the thinking behind each requirement:

(1) The QMS scope:

The QMS scope is a description of what company does for example we can say Distribution of Medical Devices, Software Design for MRI Machines, etc. and the boundaries of your Quality Management System. It requires to be agreed upon with the certification body, as it will be stated on the ISO 13485 certificate.

Now you are capable to understand what’s included in your scope and what’s not, you required to list any exclusions from the standard. Mostly, there won’t be any to list, but a common exclusion is the “Design and Development” clause of the ISO 13485 standard, because many companies manufacture products according to customer specifications, and don’t actually design any products.

(2) ISO 13485 Documented procedures:

There are quite a lot of procedures that ISO 13485 requires an organization to document or require at least reference in the quality manual. Mandatory documented procedures include:

• Control of documents
• Control of records
• Internal audit
• Control of non-conforming products
• Corrective and preventive actions
• Validation of computer software
• Customer specifications such as manufacturing, inspection, packaging, and delivery
• Monitoring and measurement
• Servicing and installation (if applicable)
• Management review
• Work environment and contamination control
• Design and development
• Validation of sterilization and sterile barrier systems (if applicable)
• Identification and traceability
• Preservation of product
• Calibration or verification for measuring equipment
• Feedback and complaint handling
• Reporting to regulatory authorities
• Advisory notices, reworks, data analysis

Additionally to the required documents, there is a requirement for companies to develop ISO 13485 documentation for any procedures that are likely to have non-conformances were they not considered or forgot to write. Basically, if you require a ISO 13485 documented procedure to prevent mistakes from occurring, then you require a good documented procedure.

The Documented Procedures that are shown graphically such as in form of flowcharts can be included right in the quality manual. For longer procedures it requires more written information, it is easy to include references to these documents in the quality manual. In this way, the quality manual can serve as a kind of quick-reference guide to company procedures.

(3) Descriptions of processes and interactions: The easiest way to accomplish descriptions of processes is with a simple, top-level flowchart illustrating the basics of organization’s processes, with arrows determining how they interact. There is no requirement to go into great detail for this in the quality manual.