What is ISO 13485
Specifically developed for the manufacture of medical devices, ISO 13485’s primary objective is to help facilitate harmonized medical device regulatory requirements in the industry. It contains a comprehensive list of requirements meant to guide organizations that belong to the pharmaceutical supply chain by referencing specific requirements for the manufacture, installation and servicing of supplies. Its applicability is extended by the fact that it is useful to companies that operate in any tier of the industry, with a special focus on organizations that service medical device manufacturers.
Despite it being based upon ISO 9001, ISO 13485 shifts its focus from continual improvement to meeting regulatory requirements and risk management. The system aligns its requirements to match those of the FDA and other foreign regulators, which provides it with the framework to expand upon with further regulatory as well as customer requirements.
Why is it important?
The requirements of ISO 13485 are flexible enough to be applicable to any organization within the production line regardless of their size. These organizations could be involved within design, production, distribution, servicing or even external suppliers. ISO 13485 establishes specific requirements for organizations to follow through on to ensure that they can meet customer and regulatory requirements.
Because of its versatility and range within the market, ISO 13485 has become a staple necessity for organizations in the market, especially competitive ones.
How do you become certified?
The process of becoming certified to ISO 13485 involves developing a management system based on the standards’ guidelines customized to your company and then hiring a recognized third party to conduct regular audits.
The primary objective of your management system development process must revolve around your product policy and quality manual; these set the basis for the implementation of the system. Starting with management support and identifying the customer requirements for the management system, you will need to start with defining your quality policy, objectives, and manual which will work to determine the scope and extent of implementation of the management system.
Additional processes and procedures – including mandatory ones, need to be created to ensure efficient delivery of products and services. For this, you must consult the list of mandatory documents required by ISO 13485:2016.
Once all of this is accomplished, your management system will need to be operational for a period to collect necessary records and documentation required for audits and system reviews to become certified. This length of time will be stated by your certification body.
Steps to Get Certified:
Internal audit- Provides the ideal opportunity for you to check that all the records are in place and to verify that all the processes of the management system are being followed and there is total compliance.
It also serves as an opportunity to investigate potential issues and threats and to rectify them prior to a third-party audit. For this reason, the internal audit needs to be followed up with a Management Review.
Management review- A formal review conducted by management to meticulously go over the management system processes and make appropriate decisive plans and assign resources based on them. Certain key variables need to be looked upon based on the results of the internal audit and action plans must be created that will need to be implemented within a reasonable timeframe. These new procedures must be communicated with all relevant parties prior to being set in place.
Corrective Procedures- Any previously identified non-compliances or opportunities for improvement found during the internal audit need to be resolved with procedures set in place to ensure this. Documentation, procedures and results shall be kept for third-party certification auditor’s review.
After these actions have been performed, the organization will begin the certification process which is further divided into 2 stages, Documentation Review (Stage 1) and Certification Audit (Stage 2).
Documentation Review – Auditors from the selected certification body will review all company documentation to ensure it meets the ISO requirements.
Certification Audit – The certification body will conduct a comprehensive audit of your organization to assess whether your activities conform to ISO 13485 as well as your own provided documentation.
If your certification body deems it fit, your company will become certified after these steps.
To the novice quality manager, ISO jargon can be extremely overwhelming. What is an NCR? What do you mean by OFI? Are we certified or accredited? But before you go and pull out your hair, let’s take a moment to go over some of the most frequently used terms and their definitions with regards to ISO and Management System Certification.