ISO 13485:2016 (ISO/TC 210)
The new ISO 13485:2016 (Published February 25, 2016) specifies an effective framework to implement and to be in compliance of regulatory requirements specific for medical technology organizations and or related service providers.
Implementation of ISO 13485:2016 ensures effectiveness of operational processes such as research, design & development, production, installation, delivery of medical devices. Further, adequate implementation ensures the medical devices are safe for their intended purpose. The ISO 13485:2016 is also applicable across the whole supply chain and seeks the entire lifecycle of a medical device.
Implementation of ISO 13485:2016 ensures compliance with regulatory requirements, adequate risk management, and best practice for quality and safety.
In the process of implementation we’ll suggest to consider to implement also relevant key requirements of the Medical Device Regulations (MDR) and the In Vitro Diagnostic Regulations (IVDR). The impact of the mandatory requirements of ISO 13485:2016, the MDR (MDD and AIMDD) and the IVDR (IVDD) is significant! Consequently requires these standards higher investments from medical technology manufacturers and related companies to be in compliance with the new EU regulations & requirements. Although the transition period of maximum three years we advise you to anticipate on these changes in a pro-active and timely manner to avoid having CE certificates suspended or revoked.
In summary, there are basically five sections in the standard of the ISO 13485 where major changes have been made:
The first section establishes an emphasis on regulatory requirements that we see across the standard. This includes not only the local requirements that apply to your facility, but if you are an organization that commercializes its products globally, you also need to take into consideration all relevant international requirements. There are many references to this throughout the ISO 13485:2016 standard.
Another theme that permeates the standard is the need to incorporate risk management into all the main quality system processes within your organization. Almost everything you do needs to be based on that risk, justifying that what you are doing is adequate and conforms to what you defined as part of your design and production activities.
Validation, verification, and design transfer
The ISO 13485:2016 standard puts a lot more structure into place surrounding these activities. You must have plans in place and documented evidence to show what you have been doing for validation, verification, and design transfer activities.
Outsourced processes and supplier control
The ISO 13485:2016 standard asks organizations to do a lot more when it comes to outsourcing processes and putting into place controls for assessing your suppliers — again based on risk.
Finally, the ISO 13485:2016 requires you to monitor and measure the performance of your quality management system not only during production, but also post-market. You also have to incorporate those activities as part of your risk management process.
Interconnection of other requirements
The linkage between all the different clauses within the standard is improved. Everything is more interconnected. Expectation is that you have systems in place that allow you to demonstrate conformity across the requirements in a more streamlined manner. For example, there is not just one section that discusses risk-management or regulatory requirements or CAPA — instead we see these topics addressed throughout the standard. It is a much more integrated approach.