ISO 13485 Medical Devices - Quality Management System
ISO 13485 is the internationally recognized standard for quality management systems in the medical device industry. It specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices, and that related services consistently meet customer requirements and applicable regulatory requirements. It is designed and intended for use by organizations for the design and development, production, installation, servicing and sales of medical devices.
The primary objective of ISO 13485 is to facilitate harmonized medical device regulatory requirements for quality management systems. ISO 13485 is a standalone standard. It is largely based on the structure of ISO 9001, but includes some particular requirements for medical devices such as risk analysis, sterile manufacturing and traceability. Organizations being certified to ISO 13485 cannot claim conformity to ISO 9001.
The standard contains specific requirements for manufacture, installation and servicing and calls for:
- Implementation of a Quality Management System with several enhancements
- Risk Management approach to product development and product realization
- Validation of processes
- Compliance with statutory and regulatory requirements
- Effective product traceability and recall systems
Connection with national requirements for approval of medical devices
Legal access to markets for products is essential for manufacturers of medical devices. ISO 13485 is often required by national regulations as part of the approval process for medical devices, e.g. for the EU directive on medical devices (Medical Device Directive 93/42/EEC, In Vitro Diagnostic Directive 98/79/EC, Active Implantable Medical Devices 90/385/EEC).
TUV SVERIGE Business Assurance is appointed as a notified body to carry out conformity assessment according to Annex II, IV and V of the Medical Device Directive 93/42/EEC. Manufacturers certified according to ISO 13485:2003 fulfill all the quality management requirements for any class of devices under this directive.
ISO 14969:2005 – This standard provides guidance for the application of the requirements for quality management systems contained in ISO 13485. This guidance can be used to better understand the requirements of ISO 13485 as it helps illustrate some of the variety of methods and approaches available for meeting the requirements of ISO 13485.
ISO 14971:2007 – This standard specifies a procedure by which a manufacturer can identify the hazards associated with medical devices and their accessories. It also specifies a procedure to estimate and evaluate the identified risks, control these risks and monitor the effectiveness of the control. Its primary objective is to facilitate harmonized medical device regulatory requirements
Who can apply for ISO 13485 certification?
ISO 13485 is applicable to all manufacturers and suppliers of medical devices, components, contract services and distributors of medical devices. For a number of markets ISO 13485 certification is not sufficient on its own and the appropriate local regulatory certification is also required to legally manufacture and sell medical devices.
What are the benefits of certification?
- Customer satisfaction – through delivery of products that consistently meet customer requirements as well as quality, safety and legal requirements
- Reduced operating costs – through continual improvement of processes and resulting operational efficiencies
- Improved stakeholder relationships – including staff, customers and suppliers
- Legal compliance – by understanding how statutory and regulatory requirements impact the organization and its customers
- Improved risk management – through greater consistency and traceability of products and use of risk management techniques
- Proven business credentials – through independent verification against recognized standards
- Ability to win more business – particularly where procurement specifications require certification as a condition to supply in a highly regulated sector
What is the certification process?
The certification process is in three simple steps:
- Application for certification
- Complete the on line form for TUV_ SVERIGE to send a quotation.
- Initial Certification Audit
The assessment process is based on a 2 stage approach as follows:
Stage 1 – a basis audit to check whether the organization is in a state of readiness for the stage 2 audit and involves the following:
- Confirm that the quality manual conforms to the requirements of the ISO 13485
- Confirm the scope of certification including any justifiable exclusions
- Check legislative compliance
- Production of a report that identifies any non-compliance or potential for non-compliance and
- Agree a corrective action plan if required.
- Production of an assessment plan and confirm a date for the stage 2 assessment visit.
Stage 2 – the purpose of this visit is to confirm that the quality management system fully conforms to the requirements of ISO 13485 in practice and involves the following:
- Undertake sample audits of the processes and activities defined in the scope of assessment
- Document how the system complies with the standard
- Report any non-compliances or observations
- Produce an audit programme and confirm a month and year for the first surveillance visit.