The 2016 revision to ISO 13485 brings with it many changes.  In this article, we highlight some of the more significant revisions to the standard.

Heavy focus on risk

The most prevalent change that one can readily identify is risk. The standard expects manufacturers to apply a risk-based approach to the control of the appropriate processes needed for the quality management system.

Risk is mentioned some 15 times throughout ISO 13485:2016 to account for specific issues being addressed. Risk is to be considered in outsourcing and supplier controls, with respect to software validations, and in the training of personnel commensurate with risks inherent in the processes they perform. Risk is also to be taken into account in product planning processes.

Clarified management, training responsibilities

ISO 13485:2016 clarifies top management responsibilities, laying out explicit requirements for reviews at documented, planned intervals. More emphasis is put on results of activities and effectiveness of quality systems and measurable quality objectives.

There is more emphasis on training to quality processes, and also establishing competence and awareness of personnel duties. The standard now specifies that the organization shall determine any user training needed to ensure specified performance and safe use of the medical device.

Facility, design and development issues

Facilities must be arranged in order to prevent mix-ups and control contamination; requirements for documenting the work environment have been added.

The revised standard states design and development planning requirements to more closely reflect regulatory expectations of design control planning.

A design and development transfer sub-clause was added.

A Design History File (DHF) must be documented and maintained. For change control, there must be an evaluation of the change effect on products, processes and activities.

Greater emphasis on supplier controls

The purchasing process focuses the supplier sourcing and selection criteria on the effect of the supplier performance on the quality of the medical device, the risk associated with the medical device, and the product meeting applicable regulatory requirements.

Additional components of ISO 13485:2016

• Documented procedures are required for traceability.
• A new requirement was added to include notification of changes in purchased products.
• Installation and servicing activities include requirements for analysis of records and details where procedures are required.
• There is a specific requirement for software validation prior to initial use.
• A number of requirements are added for record keeping with respect to service, installation and verification and validation activities.
• Corrective and preventive actions (CAPA) must verify that actions do not have adverse effects on products, and that corrective actions are taken without undue delay.
• Complaint handling is added as a completely new sub-clause to the standard, and requires much the same complaint handling process as FDA for recording, investigating, communication and moving to CAPAs when indicated or justifying why they are not.
• Status identification of products is required throughout the stages of production and storage, and details regarding the preservation of products are added.
• Monitoring and measurement of products, and non-conforming product sections, add requirements to identify the test equipment used to perform measurement activities and details related to kinds of controls that are to be documented.
• Cleanliness of product requirements is enhanced for non-sterile product whose use depends on cleanliness.

How to start preparing for ISO 13485:2016

Here are ways your company can prepare for a more successful transition:

• Plan the transition – what will be needed? From whom? When? Risks?
• Consider ISO 9001 – does the company also need to maintain that certification?
• How to reconcile the requirements of the two standards
• How to meet the requirements of each
• Is some division in the Quality System needed?
• Review related procedures – what changes will be needed?
• What paradigm shifts will the company need? Are they aligned and what is the significance?
• What and when should training be considered?

Don’t wait! Due to the significant divergences and changes, it will take time to comply!