Information & Training. | Medical Devices.

ISO 13485 2016.

Explanation of changes from the 2003 revision.

The revised and updated version of the ISO 13485 standard was published on 1st March 2016. This revision will now replace the previous ISO 13485 2003 version. There is a 3 year transition period up until 1st March 2019, during which time, organizations can be certified to either version of the standard, however, after 1st March 2019, only certification to the ISO 13485 2016 revision will be acceptable, any organization at that time still only complying to the older 2003 revision will not be seen as “certified” to ISO 13485.

What are the changes being introduced under the ISO 13485 2016 revision?
The introduction within the new revision, specifically includes the addition of storage, distribution, final decommissioning, disposal, and provision for associated activities. Controls in these areas need to consider activities within supplier organizations.

The scope of the ISO 13485 2016 standard includes those organizations which may influence the “life-cycle” of the process under certification, there is also a need to consider processes which have been outsourced.

Validation. Classification. Regulation. Requirements. Current best practices.
FDA cGMP’s. EU MDR’s / MDD’s.
FDA Medical Device Regulation. Outline of the FDA regulatory requirements.
FDA Medical Device Classification. The FDA approach to Medical Device Classification.
EU Medical Device Regulation and Classification (per MDD’s).
New European Medical Device Regulations (MDR’s). MDR Classification. MDR General Safety requirements.
Current Good Manufacturing Practices. QSR’s. General requirements of the QSR’s.
Quality System requirements to maintain compliant Validations.
Medical Device Process Validation. Validation requirements. Protocol development. IQ. OQ. PQ.
Medical Device Software Validation.
Medical Device Design Validation.
Electronic Signature, Electronic Records.
Life Cycle Approach to Validation.
Risk Identification. Documentation. DHR’s. DMR’s.
Etc. Etc. …
Information & Training presentation >>>



Definitions include “clinical evaluation, performance evaluation, post-market surveillance, importer, distributor, life-cycle, medical device family, product, purchased product, risk management, authorized representative, sterile barrier system, sterile medical device”.

 

Under documentation requirements, the revised ISO 13485 2016 standard places an emphasis on the need to prevent documentation loss, specifically the security of documents need to be considered, this is based on a need to ensure that confidential health information is adequately controlled.

 

Management responsibility requires that regulatory requirements are included in customer requirements, also quality KPI’s (key performance indicators) include regulatory expectations.

The management review outputs need to include actions to be taken to address any updated regulatory requirements impacting on the organization.

 

The resource management section, requires that processes are documented for identifying, ensuring and maintaining the competence of those staff involved in quality or regulatory impacting activities. There needs to be a process for ensuring the awareness of staff to the impact of their actions on quality or regulatory compliance. Competence needs to be verified on an ongoing basis, the approach to verification needs to be risk based proportionate. Infrastructure requirements to assure product integrity need to be documented, also maintenance requirements need to be documented for items of equipment used in the (production) process, for environmental control, for measurement or monitoring the process. Contamination control requirements to prevent product mix-up’s need to be documented. For sterile devices the standard specifies the need for documentation of process controls, contamination prevention, cleanliness requirements and micro-organism control.

 

The product realization, planning section requires consideration of the infrastructure and work environment in terms of resource needs, also requirements for handling, storage, distribution, measurement and traceability need to be considered.

Product realization, customer related processes, as indicated previously, regulatory requirements need to be addressed, within the customer process, user training needs to be considered and where appropriate, such training may include the customer interface with regulatory bodies.

 

Product realization, design and development. Design and development reviews are separate activities from reviews associated with verification and validation activities. There needs to be a process for ensuring clear traceability between the design inputs and the design outputs. Under design inputs, added a “usability” requirement (references IEC 62366), standards are to be included as inputs, also inputs need to be verifiable or able to be validated.

Note: “IEC 62366 – Medical Devices, application of usability engineering to medical devices”.

The outputs of the design process must be verifiable against the required inputs. An ability to verify requires that there is a pre-determined acceptance plan, detailing acceptance criteria, including explanation for the establishment of the acceptance criteria, for example methods of test sampling and basis for sample determination. Where validation is being performed to verify that outputs meet desired inputs, clinical evaluation where applicable needs to align with regulatory requirements.

Design and development “transfer” is specifically defined, requiring documented procedures, manufacturability of the design needs to be considered and confirmed, product and process specifications must be achievable to confirm the required product design.

The standard practice of maintaining a design and development file is included.

 

Product realization, purchasing controls need to be risk based, including supplier selection and management. There is also a focus on confirming the competences of supplier staff. The verification requirements for purchased product needs to be based on potential risk impacts.

 

Product realization, production and service. There is a specific focus on cleanliness and contamination control. Where there is a requirement to install the product, the compliance of the installation needs to be subject to a defined and documented verification activity. Where there is a product service requirement, then service procedures, equipment and necessary materials must be pre-defined, provided and detailed in relevant procedures. Service records need to be gathered and reviewed as a potential source for on-going improvement activities.

Validation efforts need to consider both the product and service aspects, also the validation efforts applied must be based on potential risk levels. As per the previous version of the ISO 13485 standard, there is a requirement for product identification and traceability throughout the process, however, regulatory requirements specifically need to be considered.

The appropriateness of the controls in place to assure product preservation, include potential requirements to validate product packaging, records of storage conditions need to be retained if product quality could be impacted, this may also include storage of raw materials.

 

Product realization, monitoring and measuring equipment. Specific reference is made to ISO 10012. Records of adjustments need to be retained. Where there is a software element in the monitoring and measuring equipment, the validation efforts need to be related to the potential risks.

Note: “ISO 10012 – Measurement Management Systems. Requirements for measurement processes and measuring equipment”.

Measurement, Analysis and Improvement. Where decisions are taken based on a risk assessment, the application of statistical analysis should be considered and applied as an input into the risk processes. Complaint handling is given a greater focus. There is a need for procedures to be defined for the complaint handling process, also roles and responsibilities need to be detailed. Complaint records must be maintained, also the requirements and processes for exchanging information with third parties (e.g. regulatory agencies) must be documented.

 

Where non-conformances are identified, the need to investigate must be determined. Rework where applicable within a process, needs to have pre-defined procedures.

The ISO 13485 2016 standard requires that audits and service reports need to be included as sources of data for performance review and as a source of ongoing improvement.

Where corrective action is required, there is an expectation what such action will be taken without “undue delay”.

Information & Training.

Medical Device:

      • Validation. Classification. Regulation. Requirements. Current best practices.
      • FDA cGMP’s. EU MDR’s / MDD’s.
      • FDA Medical Device Regulation. Outline of the FDA regulatory requirements.
      • FDA Medical Device Classification. The FDA approach to Medical Device Classification.
      • EU Medical Device Regulation and Classification (per MDD’s).
      • New European Medical Device Regulations (MDR’s). MDR Classification. MDR General Safety requirements.
      • Current Good Manufacturing Practices. QSR’s. General requirements of the QSR’s.
      • Quality System requirements to maintain compliant Validations.
      • Medical Device Process Validation. Validation requirements. Protocol development. IQ. OQ. PQ.
      • Medical Device Software Validation.
      • Medical Device Design Validation.
      • Electronic Signature, Electronic Records.
      • Life Cycle Approach to Validation.
      • Risk Identification. Documentation. DHR’s. DMR’s.
      • Etc. Etc. …
      • Information & Training presentation >>>