Common Pitfalls surrounding ISO13485:2016
The ISO13485 standard, published in February 2016 is already one year into its three year transition period which is due for completion on 28th February 2019.
With I ISO 13485 regulations shifting towards better alignment with the regulatory environment in the medical device industry, we’ve been able to identify some of the common pitfalls that many medical device manufacturers encounter during this transitional period and we wanted to highlight those findings.
Medical Device File - In order to comply with the latest regulations, companies must now maintain a Medical Device File (MDF), bringing ISO 13485 more in line with the FDA 21 CFR Part 820 requirements for the Device Master Record (DMR). The elements of the file are to demonstrate conformity with the standard, which should not be an issue for organisations already adhering to FDA requirements.
The MDF is essentially the shopping list and recipe book for manufacturing a medical device. It is even more vital for a sub-contract manufacturer as it becomes the key document for demonstrating that a device has been built to the correct specifications. As such, the Medical Device File must be very clear and unambiguous.
Regulatory - Greater vigilance is required for country specific regulations as some medical device companies conduct generic audits without reviewing the international standards of the market they are selling into. Ensuring all requirements are covered as part of the review can be a struggle for many manufacturers, but it is necessary to cover all bases and show you are aware of the latest regulations and standards.
Risk Management – Whether you know it or not, the medical device industry is quickly moving even more toward a risk-based approach, especially with the newest standard having greater emphasis on risk management and risk-based decision making.
The revised ISO expands risk management to more processes including training and purchasing:
• Training & Competence The 2016 standard specifies that an organisation must ensure the effectiveness of user training is proportionate to the associated risk, consequently, manufacturers may need to give greater emphasis to the methods of training, the reviews for effectiveness, and the staff training records.
• Purchasing/Vendor Controls ISO 13485 now demands an increased focus on supplier management, including the assessment of risks and regulatory requirements. These additions to the standard are again bringing better alignment with FDA 21 CFR Part 820. Being able to apply a risk based approach can help prioritise the control of certain suppliers.
When incorporating risk into a Quality Management System (QMS) it is worth aligning with the ISO14971 standard. The industry expectation is to reduce risk as far as possible regardless of where it stands, so it’s really important to define that within your risk management plan and procedures.
Know the common challenges with ISO 13485 and be prepared to mitigate those into your own processes. Risk management is a full life cycle activity for medical device development, be systematic and review often.