ISO 13485 is an internationally recognized Quality Management System (QMS) standard for the medical device industry.
Meeting the requirements of ISO 13485 Quality Management System (QMS) demonstrates a commitment to quality and customer satisfaction, which is essential for any organization that manufactures and/or sells medical devices.
In this article, we will discuss what ISO 13485 QMS is about, its purpose, the applicable requirements, as well as the role QMS software plays in supporting compliance with ISO 13485.
As a cloud-based QMS software provider, we at SimplerQMS have helped medical device companies of all sizes seamlessly transition from traditional paper-based and hybrid QMS systems to electronic QMS (eQMS).
SimplerQMS is uniquely positioned to help medical device companies achieve and maintain compliance with ISO 13485. Our software is designed to streamline all aspects of quality management, from creating and managing documents and records to managing audits, CAPAs, and more. If you are interested to learn more about how SimplerQMS can help your company, request a personalized demo.
Now, let’s take a closer look at ISO 13485 QMS.
Feel free to jump to the sections that you want to start with first:
- What Is the ISO 13485 Quality Management System?
- What Is the Purpose of ISO 13485 Quality Management System?
- What Are the Requirements of ISO 13485 QMS?
- What Does It Mean To Be ISO 13485 Certified?
- Benefits of Being ISO 13485 Certified
- The Role of ISO 13485 QMS Software
- Frequently Asked Questions About ISO 13485
What Is the ISO 13485 Quality Management System?
The ISO 13485 Quality Management System is the go-to standard when medical device companies aim for the highest standards of quality.
The ISO 13485 QMS published by the International Organization for Standardization, defines all the requisites for a medical device company’s QMS.
Any company that is involved in one or multiple stages of the lifecycle of a medical device (design and development, manufacture, storage, and delivery, or even installation or servicing/technical support) must be able to prove to their stakeholders, both the end-users and regulatory agencies, that their products/services are of the highest industry standards.
By implementing the ISO 13485 standard, you are emphasizing your organization’s commitment to quality and your device’s safety and efficacy.
For instance, let us say that two companies are manufacturing closed-loop artificial pancreas systems. Company 1 has ISO 13485 certification, implying that its QMS is top-notch, and the product is safe and reliable.
The product produced by Company 2 is cheaper by 500 USD. It has not bothered to get ISO 13485 certification, and not much is known about its QMS. Considering that the product is a critical medical device, and patients’ lives can be put at risk if the product were to malfunction, the obvious choice would be to purchase the closed-loop artificial pancreas system from Company 1.
When it comes to complying with the ISO 13485 Quality Management Systems requirements, it would be challenging, to put it mildly, to use traditional paper-based or even hybrid QMS systems.
You need to take into account human errors in documentation and recording, security issues, storage problems, and accessibility concerns in times of auditing.
With SimplerQMS, you are provided with an integrated ISO 13485 QMS software solution with in-built capabilities that will support compliance requirements of the quality management system (QMS) according to ISO 13485 standards.
Recommended Reading: What is a Quality Management System (QMS)?
What Is the Purpose of ISO 13485 Quality Management System?
The purpose of the ISO 13485 QMS is to spell out the medical device company’s obligations when it must prove that its medical devices and related services are consistently meeting both end-user and pertinent regulatory requirements.
With ISO 13485 in place, your medical device organization is also empowered to align your QMS with other industry requirements, including but not limited to:
- European Union’s Medical Device Directive (MDD)
- EU Medical Device Regulation (MDR)
- CE Marking
- UK Conformity Assessed (UKCA)
For medical device companies to legally sell their products in the European Economic Area, they must be compliant with the EU Medical Device Regulation (MDR) that has replaced the Medical Devices Directive (MDD) as of May 2021.
The purpose of the EU MDR is to ensure that medical devices produced in, or supplied to, the European Union must be of a very high standard. Similarly, when your products have the UKCA marking, you can sell your products in Great Britain (England, Scotland, and Wales).
You will see that different global regions have their specific regulatory guidelines/standards that must be complied with if you wish to market in particular areas.
Since ISO 13485 is the international go-to standard for a medical device company’s QMS, by implementing it you have a QMS in place that is accepted by the above-mentioned international regulatory authorities.
The question that you may now ask is: “So, is ISO 13485 mandatory for EU MDR?”
The answer to this is “No”. So, why go into the trouble of implementing ISO 13485?
The EU MDR (Article 10, 9) states that medical device manufacturers must have a QMS. Although ISO 13485 is not directly mentioned. Although, ISO 13485:2016 is the only QMS standard that is referenced in the list of harmonized standards created by the EU.
Therefore, most medical device companies use ISO 13485 when they are implementing their QMS and aim to comply with EU MDR.
What Are the Requirements of ISO 13485 QMS?
The latest edition of the ISO 13485 standard, namely ISO 13485:2016, has the following key sections concerning the requirements.
This article will not explain all the requirements of ISO 13485:2016, but only the key sections. Do follow the standards and the requirements that apply to your organization.
Documentation Requirements (Section 4.2)
Your medical device company’s Quality Management System must have a Quality Manual, Medical Device File, Quality Policy and Objectives of the company, and other documented procedures and records as mandated.
The Quality Manual will include the scope of the company’s QMS and detail the structure of the documentation protocols used for quality management.
One or more Medical Device Files are maintained for every medical device type that the company manufactures. These files will provide details such as general description, intended use, label, specifications, and so on.
All documents and records that are mandated by the QMS need to be controlled.
This means that these documents/records must be:
- Reviewed and approved before being issued
- Updated and re-approved whenever necessary
- Be legible and readily identifiable, and obsolete documents/records must not be in circulation
Considering the enormity of the documents and records required, you should consider implementing quality management software that will help you manage all your documentation in a more streamlined way. An eQMS like SimplerQMS with document controls built for medical device organizations will help manage and track changes, and maintain version control of all your documents.
Recommended Reading: Medical Device Document Control: What It Is & How to Simplify It
Management Responsibility (Section 5)
The senior management of the company must show its commitment to developing and implementing an effective QMS. This means that the management will need to communicate to your employees the importance of customer and regulatory requirements.
You not only should establish your company’s quality policy, but also establish the objectives, conduct reviews, and ensure that resources are made available for implementing the QMS.
Management Review (Section 5.6)
An important subcomponent of Section 5 (Management Responsibility) is Management Review.
This section emphasizes that the top management of your company will review QMS activities at premeditated intervals that are documented.
The purpose of management review is to make certain that the organization’s QMS is adequate, suitable, and effective. During the review, you will also assess whether there is scope for continuous improvement and if further changes are necessary.
With the SimplerQMS software solution, data is collected and stored in a central location. This makes it easy to generate reports on various aspects of the QMS that can be used during management review meetings for data-driven decision-making.
Resource Management (Section 6)
This section highlights the resources needed for effectively implementing the ISO 13485 standard.
These resources are in the form of:
- Human resources (with requisite training, competence, and awareness of the importance of their activities concerning quality)
- Infrastructure resources (in the form of workspace and buildings, equipment, and supporting services such as information systems and transport)
With medical device quality management software, with robust training management capabilities in place, you can ensure that the employees receive the necessary training and are kept up-to-date on the latest changes to SOPs, quality protocols, and so on. Schedule training activities, send reminders before training is due, manage employee training records, create training assessments to measure training effectiveness, and generate training completion reports, all in one system.
Product Realization (Section 7.1)
This section of ISO 13485:2016 explains the complete planning and the processes that are needed during the lifecycle of any of your company’s products, namely product realization.
With product realization, efficient quality standards are set for the design, development, manufacture, packaging, labeling, and transport of every medical device manufactured by your company.
During this stage of ISO 13485:2016 implementation, you must be fully aware of your customer’s needs and requirements.
A simple example is that if the labeling is in English, but the language spoken in a particular country is French, you will need to incorporate the local language as well.
Design and Development (Section 7.3)
The designing and development of every medical device that your company manufactures are highlighted in section 7.3 of the ISO 13485:2016 standard.
You will need to maintain appropriate documents related to the design and development process, and update them when required.
This can be a time-consuming and tedious process, especially if you are still using paper-based documentation. SimplerQMS software solution can help you accelerate the development of your medical devices by tracking and managing your design and development processes from design and development planning to design review to verification, validation, and design transfer. The system allows you to relate design control documentation to multiple archives such as Technical File (TF), CE Marking, etc. Easily overview and retrieve all the necessary documentation through highly customizable dashboards.
Recommended Reading: Design Controls for Medical Devices
Purchasing (Section 7.4)
This subsection under Product realization underscores the importance attached to evaluating and selecting third-party vendors/suppliers, also known as medical device supplier management.
This evaluation and selection are proportionate to the risk of the product/service provided by the supplier. You will monitor the supplier’s performance, and any non-fulfillment of your requirements must be assessed and documented.
QMS software with built-in supplier quality management functionality can help you manage and monitor your suppliers more effectively.
SimplerQMS, for instance, allows you to create, and maintain Approved Supplier List, manage all supplier-related documentation, schedule supplier audits, as well as utilize forms and templates to create various records such as supplier surveys, evaluations, agreements, and certifications.
This way, you can easily keep track of your supplier performance and compliance.
Measurement, Analysis, and Improvement (Section 8)
This section of ISO 13485:2016 emphasizes the planning and implementation needed for monitoring, measuring, analyzing, and improving processes for product conformation, QMS conformation, and effectiveness of the organization’s QMS.
A key aspect to be noted here is feedback regarding your product. For instance, customer requirements/complaints are documented. The information gathered will then be used for improving the product.
All CAPAs related to the product must be documented. In case a complaint is not investigated, you need to justify the same.
This section also highlights the notification of complaints to appropriate regulatory authorities.
You will see that this section has several important components, namely, CAPA management, customer complaints management, and change management.
Also, these quality processes are supported and streamlined by the best QMS software vendors currently on the market.
- Medical Device Complaint Handling: Processes and Best Practices
- What Is CAPA in the Medical Device Industry?
What Does It Mean To Be ISO 13485 Certified?
The ISO performs an annual survey of valid certificates (including ISO 13485) issued by certification bodies across the world. The data regarding the number of valid ISO 13485 certificates and sites is presented in the following chart.
You will notice that, except from 2018 when a different measurement methodology was introduced, there is an increasing trend across the globe to get the ISO 13485 certification.
This shows the importance companies attach to this certification.
Let us now understand what goes into getting the ISO 13485 certification and how to maintain it.
Step 1: Learn About the ISO 13485 Standard
The very first step is to make your organization aware of ISO 13485 and to give some general training.
This will give high-level insight into what needs to be done to meet ISO 13485’s requirements.
Step 2: Perform Gap Analysis
You will next need to perform a Gap Analysis. This will help determine the possible lacunae in your current QMS, and what changes are necessary.
The organization can get the gap analysis conducted by an external agency/consultant or by using a detailed checklist, which covers all sections of ISO 13485.
If you prefer the former, we recommend you check out our article on what to take into consideration when selecting a medical device consultant.
Step 3: Create a Project Plan
The next step is to create a project plan.
You will need to plan how the quality system will function, the roles required, and the personnel needed for these roles.
For instance, consider answering the following questions:
- Who amongst the top management of the organization will play a key role in the implementation of the new QMS?
- Who will take charge during the training and implementation of the ISO 13485 standards?
- What are the timelines for each activity?
Also, you need to assign adequate resources such as time, money, and personnel.
Step 4: Educate the Organization
Remember that all employees within the organization need to be trained in ISO 13485 Quality Management System (QMS).
This could be with the help of training materials/power point presentations or using reliable online training resources.
Step 5: Design and Document the ISO 13485 Quality Manual and Procedures
The major portion of implementing the ISO 13485 standard is to understand your organization’s current quality processes and protocols and to modify them so that ISO 13485 requirements are addressed.
In this process, you will need to develop the Quality Manual, and other relevant forms and procedures needed for successfully implementing the standard.
If you choose to implement an eQMS, such as SimplerQMS, while implementing ISO 13485, you might find the form/template and procedure package that comes with the SimplerQMS solution to be of great help. Our form/template and procedure package has been created according to the ISO 13485 requirements and could be used as an inspiration for creating your own organization-specific procedures, forms, and templates.
Step 6: Use the New QMS
Now you need to implement the new QMS and ensure that your employees are following all the protocols.
An important component is data collection and fine-tuning the system. Consider a time frame of 3-6 months for running the new QMS and collecting pertinent records.
Step 7: Conduct an Internal Audit
How will you make sure that the newly implemented ISO 13485 QMS is working?
This is possible with internal audits. Select key personnel is tasked with conducting the internal audit in such a way that the organization is prepared for the actual audit by a Notified Body.
Recommended Reading: ISO 13485:2016 Audit: Overview, Audit Types and Execution
Step 8: Get ISO 13485 Certification
The final step is to get the coveted ISO 13485 certification. You will have to hire an independent certification body to get the ISO 13485 certificate of conformity.
The certification body should be chosen with care. Find out whether:
- They are internationally accredited
- They cognizant of the medical device industry
Their experience and deliverables must be taken into consideration before a final choice is made.
SimplerQMS provides all the requisite tools for medical device companies, big or small, established or start-ups, to transition from paper-based or hybrid QMS to an electronic QMS. With all the core QMS processes supported, the system helps you maintain a compliant quality management system (QMS) according to ISO 13485 standard.
Benefits of Being ISO 13485 Certified
The chief benefits that you will accrue by getting the ISO 13485 certification are listed below.
- Valuable and credible certification. With ISO 13485 certification, you are assuring your stakeholders, both end-users and regulatory agencies, that your medical device company is following global QMS requirements.
- Evidence-based decision making. You are continually provided with facts and data that are useful for making decisions that are in tune with your goals and objectives.
- Employee participation. Since ISO 13485 implementation needs authentic documentation and process control, your employees get fully involved. This, in turn, ensures greater efficiency and productivity.
- Quicker detection of non-compliance and risk. You have a set of standardized protocols and procedures in place to ensure quality is maintained. This makes it easier for non-conformances or risks to be detected and resolved.
Due to the benefits it confers, an ISO 13485 certification is essential for any medical device company that wants to improve its chances of success.
Because SimplerQMS is being looked at as a critical supplier for customers, specifically those operating in the medical device industry, we (as an organization) have decided to obtain ISO 13485 certification and have maintained our certification since 2018.
You can view our current certificate and learn more about regulatory compliance here.
The Role of ISO 13485 QMS Software
When you take into account the ISO 13485 requirements and benefits mentioned in the earlier sections, you will understand that for a streamlined and efficient Quality Management System (QMS), a paper-based or hybrid QMS solution is just not sufficient.
You will need a purpose-built software solution that takes into consideration all core quality processes and requirements of ISO 13485 standards while providing a single source of truth for your quality data.
Quality management software like SimplerQMS is designed to do just that:
- Support all the processes of your quality management system on a single platform
- Automate and streamline tasks
- Improve communication and collaboration between teams
- Provide real-time visibility into the QMS
- Help maintain compliance with ISO 13485
Frequently Asked Questions About ISO 13485
What Is the Current Version of ISO 13485?
The current version of the ISO 13485 standard is 13485:2016. It was published on 1 March 2016. It has superseded the previous version from the year 2003, namely ISO 13485:2003.
Where is ISO 13485 Compliance Required?
Compliance with ISO 13485 is required by organizations that are involved in the design, production, installation, and servicing of medical devices/related services. Additionally, others such as certification bodies can obtain ISO 13485 certification to help them with their auditing processes.
Does the US FDA Accept Compliance with ISO 13485 QMS Requirements?
The US FDA accepts compliance with ISO 13485 QMS requirements from manufacturers under the Medical Device Single Audit Program (MDSAP). MDSAP is so designed that medical device companies can meet the requirements of certain markets (Australia, Brazil, Canada, Japan, and the USA) via a single audit.
Who Enforces ISO 13485 QMS Requirements?
ISO 13485 Quality Management System requirements are enforced by audits that authorized third-party certification bodies conduct. The certification is valid for three years.
Once your organization has received the ISO 13485:2016 certificate, you will be regularly audited to ensure your compliance. These audits are conducted by the registrar and usually take place once a year. As the 3-year validity is expiring, you need to go for a recertification audit.
What Is the Difference Between ISO 13485:2016 And EN ISO 13485:2016?
The main difference between ISO 13485:2016 and EN ISO 13485:2016 is that ISO 13485:2016 is the international QMS standard for medical device companies, while EN ISO 13485:2016 has been created for the specific purpose of the medical device industry to use within the European Union.
What Is the Difference Between ISO 9001 And ISO 13485?
The main difference between ISO 9001 QMS and ISO 13485 QMS requirements is that ISO 9001 QMS is the internationally accepted standard for organizations in any type of industry. On the other hand, when you are specifically looking for a QMS standard for medical device companies, you need to have ISO 13485 QMS.
Recalls, malfunctions, mishaps, or even deaths due to faulty medical devices are a stark reminder that quality is just not a 6-letter word but a yardstick that everyone in the organization is aware of and complies with.
The ISO 13485:2016 standard helps ensure that medical device companies have top-class quality management systems in place. This is needed if you want to safeguard your customers, brand, and other stakeholders.
Nowadays, to implement ISO 13485 QMS successfully and efficiently, a paperless quality management system that is supported by technology is the need of the hour.
If you are keen on streamlining your quality management processes, and at the same time, making compliance with the ISO 13485 standards easier, request a demo of SimplerQMS and talk to our quality solution experts.