Top Background
Blog banner

Technical Aspects of ISO 13485:2016 Medical Device Quality Management System

10th May, 2023
Technical Aspects of ISO 13485:2016 Medical Device Quality Management System

ISO 13485 is an international standard that outlines the requirements for a quality management system (QMS) for medical devices. This standard is specifically designed for organizations that are involved in the design, development, production, installation, and servicing of medical devices.

ISO 13485 certification is widely recognized as a prerequisite for companies looking to sell their medical devices in global markets. Compliance with this standard ensures that medical device manufacturers meet regulatory requirements and industry best practices, while also providing a framework for continuous improvement. In this technical blog, we will explore the key aspects implementation for ISO 13485 and how they apply to medical device manufacturers.

The implementation of ISO 13485 requires companies to establish and maintain a comprehensive quality management system that covers all aspects of the medical device lifecycle. This includes processes for design and development, production, installation, servicing, and monitoring of medical devices.

To comply with ISO 13485, organizations must document their quality management system and demonstrate its effectiveness through regular internal audits and management reviews. They must also establish clear procedures for risk management, including the identification, assessment, and mitigation of risks associated with the design, production, and use of their medical devices. Here are the technical and essential requirements depicted in ISO 13485 must include below listed items:

  1. Risk Management and Risk analysis
  2. Medical Device File
  3. Supplier Management
  4. Management of Medical Device recall:
  5. Process validation
  6. Design and Developments
  7. Process control
  8. Document control
  9. Inspection and testing
  10. Corrective and Preventive actions
  11. Monitoring and Measurement
  12. Infrastructure
  13. Managing cleanliness of a product and contamination control
  1. Risk Management and risk analysis:

Risk management is a critical component of this standard and is essential for ensuring the safety and effectiveness of medical devices. ISO 13485 requires medical device manufacturers to implement a risk management process that addresses the identification, analysis, evaluation, and control of risks associated with their products. The risk management process should be based on a systematic approach that considers risk analysis based on identified potential hazards associated with the medical device and evaluate the severity of the associated risks. Then assess the likelihood of harm occurring and the severity of the potential harm to evaluate the risk. If the process is within the identified risk criteria it’s okay but if its hazardous implement measures to control the identified risks and reduce the likelihood of harm occurring.

Procedure for communication to relevant stakeholder shall be there to communicate information about the identified risks and the measures in place to control them. Once the risk is under control, Monitor the effectiveness of the risk management process and implement changes as necessary.

In addition to the above steps, the ISO 13485 standard also requires organizations to document their risk management process.

By implementing an effective risk management process in accordance with ISO 13485, organizations can ensure the safety and effectiveness of their medical devices, meet regulatory requirements, and improve customer confidence in their products

  1. Medical Device File : (MDF)

  • Prepare a file for each product or family of items used in devices.
  • Maintain records that demonstrate compliance with relevant regulatory obligations.
  • Provide a general description of each family’s medical device together with a statement of the function it is meant to serve.
  • Develop and maintain, updated policies for each family of medical devices – Each file for a medical device must contain policies that have been produced, or policies that outline policies for production and all related manufacturing processes.
  • Establish and maintain standards and guidelines for measuring items. The medical device file should have documentation of all standards (such as device critical dimensions, material specifications, manufacturing specifications, and finishing specifications) for each SKU (Stock Keeping Unit). Additionally, it should outline the process for inspecting devices in this family, as well as process checkpoints, product related specification, and the equipment that will be employed.
  • Document installation and servicing procedures in case of external scope or in house – This requirement only applies to products or services that need to be installed or serviced. Where appropriate, the medical device file should keep track of the documentation needed to install a device and should outline the service process. The frequency of routine maintenance and the process flow for repairs and preventive maintenance can both be included in the servicing method.
  1. Supplier Management: Evaluation and selection of Supplier :

Supplier management is key element for any medical device manufacturing organization.

From a legal aspect, vendor management issues were given a lot of weight age by ISO 13485:2016 and nation-specific QMS requirements. The requirements related to supplier evaluation to validation of the purchase products. The process of supplier management or purchase evaluation must have following basic needs and accordingly the procedure needs to established and maintained across the organization.

  • Evaluation of suppliers and subsequent monitoring of suppliers should be based on the risks that each supplier poses to your ability to deliver medical devices that adhere to regulatory and customer criteria.
  • It is not meant for supplier evaluation to be a one-time process; once a supplier is authorized for usage, performance monitoring is essential to make sure they continue to meet your needs. As soon as it is detected, a need is not being met, it needs to be addressed and fixed. Records that are kept to show that the suppliers are capable of satisfying criteria must show that the suppliers have been approved, monitored, and corrected as needed.
  • Criteria for evaluation and selection of suppliers must be but not limited to this only:
    • Ability to meet requirements – How well does the supplier meet your requirements?
    • Supplier performance – How well does the supplier meet your needs?
    • Effect on quality – How much of an effect does the supplied product have on your medical device manufacturing?
    • Risk to the medical device – Along with quality, how does the supplied product affect the safety of the medical device?
    • Supplier audit as and when necessary.
  1. Management of Medical device recall:

According to the ISO 13485 standard, organizations must notify regulatory agencies of undesirable occurrences like recalls, identify recalled products from compliant ones, and, if necessary, publish corresponding advisory notices for the recall. Businesses can efficiently manage their recall by implementing the following actions:

  • Recall Committee
  • Process for recall in house as well as externally
  • Analysis of recall report
  • Issue of advisory notices
  • Decision for approval or disposal or recall devices
  • Corrective and preventive actions.
  1. Process Validation:

Process validation is essential for Organization that produces medical devices and is regarded as a separate discipline. Process validation, identifying the processes where verification cannot be performed, procedures impacted by computer software in production, and sterilization and sterile barrier systems are all particularly mandated by ISO 13485. Process validation enables businesses to eliminate risk while producing sensitive products and essential value-added services like software and sterilizing.

Organizations may guarantee that processes run efficiently and don’t result in inaccurate outputs by performing process validation. As a result, verified processes have trained staff, certified machinery, controls over the process parameter values, and additional record-keeping procedures.

Organizations are benefitted by ISO 13485 since it mandates the following:

  • Identify processes with unverified outputs.
  • Document procedures for validation of processes. The procedure must include the criteria and processes that require validation, test methods for validation, plan , qualification and test methods requires for validation, sampling plan, record keeping and method for revalidation in case of change in process or product at any level of production process. Document procedures for validation of computer software.
  • Document procedures for validation of sterilization and sterile barrier systems.- . In case of sterilization – the procedure for sterilization validation also must be part of validation procedure.
  1. Design and Development :

ISO 13485 specifies the requirements for the design and development of medical devices, including the need for design inputs, design outputs, and design reviews. Here are the key steps involved in the design and development process according to ISO 13485:

  • Design and Development Planning
  • Design Input: This includes inputs from stakeholders such as patients, healthcare providers, regulatory bodies, and other interested parties.
  • Design Output: This step involves creating the detailed design specifications, drawings, and other documents required to build the device.
  • Design Review
  • Design Verification
  • Design Validation
  • Design Transfer
  • Design Changes
  • Design History File
  1. Process control:

The standard requires medical device manufacturers to establish and maintain processes that ensure the consistency and quality of their products, such as production control, validation, and monitoring of manufacturing processes. The process controls outlined in ISO 13485 at each level of product and process controls are

  • Document control
  • Control of Records
  • Corrective and Preventive Action
  • Inspection and Testing
  • Calibration and Maintenance
  • Supplier Management
  • Process Validation
  • Risk Management
  1. Document control:

Document control is an important aspect of ISO 13485, which is a standard that outlines the requirements for a quality management system (QMS) for medical devices. Document control is a process that ensures that all documents related to the QMS are managed, updated, and controlled to ensure their accuracy, completeness, and availability. The key elements of document control in ISO 13485 is document Identification, Approval and Review, Change Control, Distribution, Retention, Obsolescence and easy Document Accessibility.

  1. Inspection and testing:

The standard mandates that medical devices must be inspected and tested throughout the production process to ensure that they meet the specified requirements. Here are the key elements of Inspection and testing in ISO 13485:

Testing Plan: A testing plan should be developed that defines the testing requirements for the medical device, including the test methods, acceptance Criteria , Sample size, equipment Calibration , sampling plan, inspection, testing, records and non conformance reports.

  1. Corrective and Preventive actions:

Corrective and preventive actions (CAPA) are an integral part of the quality management system (QMS) outlined in ISO 13485. CAPA involves identifying problems, investigating, and correcting problems with appropriate implementation and verification of preventive actions in the QMS to prevent them from recurring.

  1. Monitoring and measurement:

The standard requires manufacturers to establish and maintain a system for monitoring and measuring the effectiveness of their Medical device quality management system, including customer feedback, internal audits, and management reviews. Here are the key elements of monitoring and measurement in ISO 13485:

Performance Indicators: Performance indicators should be established to monitor the effectiveness of the QMS and identify areas for improvement for the processes like

  • Monitoring and measurement plans
  • Data collection and data analysis at each process.
  • Handling complaints / rework or recall with relevant reporting events to regulatory authorities
  • Undergoing internal evaluations through auditing
  • Continual process and product evaluation internally and externally through customer feedback, user feedback and review, or also via post market surveillance if required.
  • Identifying and controlling products that don’t meet the original design requirement (nonconforming product)
  • Analyzing data generated and continually improving the process
  1. Infrastructure:

There is a new requirement in the latest standard, unlike in ISO 13485:2003, that requires organizations to maintain the infrastructure to prevent product mix-up and ensure the handling of product in an ordered manner. Moreover, information systems have also been added under the supporting services branch of infrastructure. The requirements can be summarized as:

  • Document infrastructure requirements – Document all infrastructure requirements to ensure product quality; to avoid mixing within different lots, batches, and other product (e.g., from different types or lots); and to ensure the effective handling of customer orders.
  • Identify maintenance activities that could affect quality, and maintain records – All the maintenance activities within planned intervals for processing equipment, whether hardware or software, that affect product quality should be identified, recorded, and managed. For example, an organization analyzes poor quality records, reworks, and rejections.
  • Provide the infrastructure needed to control the work environment – Ensuring the quality of the end product requires a controlled work environment. So, it is necessary to identify and provide the instruments that will be required to monitor and maintain the environment (air conditioners, heaters, temperature and humidity meters, or any other device).
  • Provide the infrastructure for monitoring & measurement – All those devices that are used to monitor and measure product quality should be identified and provided. These devices must be calibrated both within and externally to ensure their effectiveness.
  1. Managing cleanliness of a product and contamination control

Cleanliness is highlighted in ISO 13485:2016 during the assembly and packaging procedures. In comparison to the previous standard, ISO 13485:2016 now includes a few new requirements.

  • Record keeping for products that are cleaned.
  • List the devices need to clean before sterilization and usage.
  • List the medical equipment that can’t be cleaned before sterilization or usage
  • The specifications for cleaning these devices following sterilization or use must be given.
  • Identify the equipment that needs cleaning while in use but is not sterile when delivered.
  • The cleaning or contamination control procedures for equipment that is not sterile when delivered but requires considerable cleaning while in use.
  • A list of all the process agents that must be removed from the final product during manufacture.
  • Contamination prevention for these agents should also be documented.

In conclusion, ISO 13485 is a critical standard for medical device manufacturers seeking to achieve global regulatory compliance and improve the quality of their products. This standard outlines the requirements for a comprehensive quality management system that covers all aspects of the medical device lifecycle, from design and development to production, installation, and servicing.

By implementing ISO 13485, organizations can establish clear procedures for risk management, ensure personnel are appropriately trained, and demonstrate the effectiveness of their quality management system through regular internal audits and management reviews. Compliance with this standard can lead to improved product quality, enhanced customer satisfaction, and increased market access.

While implementing ISO 13485 requires a significant investment of time, resources, and expertise, the benefits of compliance can be substantial. By adhering to this standard, medical device manufacturers can demonstrate their commitment to quality and safety, and provide assurance to customers and regulatory authorities that their products meet the highest standards of quality and effectiveness.

How 4C can help you attain ISO 13485 Certification?

4C team has empowered 12+ clients with ISO 13485 services and helped in achieving the standard quality. The trained and experienced professionals at 4C Consulting have provided 40+ training sessions and conducted 20+ internal audits. To enhance the quality of your medical devices and implement ISO 13485, Contact us now