ISO13485:2003 V

S

ISO 9001:2000
Ritesh Chintakuntla
Why not adopt ISO 9001:2000 ?
! The Medical Device Industry did not agree with all
the changes to ISO 9001:2000
! Harmonizing with the QSR (GMP) requirements
! ISO 9001:2000 places an emphasis on Continual
Improvement and Customer Satisfaction
! Harmonizing EN 4600X Standards with ISO 13485
! Not user friendly
! Lacked Process orientation
! Could not tailor ISO to scope of registration
(service)
What they wanted to accomplish in the
ISO 13485:2003
! Useable by organizations of all sizes
! Specific to the Medical Device Community
! Easily Understood
! Compatible with other management systems
! 9001:2000, ISO 14001
! Direct relationship with the activities involved in
running the business
ISO 13485 Series Standards - QMS
! ISO 9000: Quality management system fundamentals and
vocabulary
! Except as noted in section 3 of 13485
! ISO 13485: Quality Management System Requirements
! combines ISO 13485 and 13488
! limitations will be indicated on certificate
! ISO/TS 14969: Quality Management Systems-Medical
Devices-Guidance on the Application of ISO 13485
What has Changed?
ISO 13485 now has a totally new structure,
! 20 elements is too linear,
! Adopted process approach
! Emphasis is now on regulatory requirements for a quality management
system rather than a quality assurance system.
! Increased attention to production of a conforming product and delivery of
a conforming service is included in and is part of the quality management
system.
! There is now only one management system requirement standard, i.e.
ISO 13485, where previously there were two requirement standards: ISO
13485 and ISO 13488.
2003 Changes Continued
! Went from 20 elements to 8
! Elements 4-8 contain all the requirements
! Emphasis on Consistency through Documentation
! Does Allow for permissible exclusions
! Exclusions need justification!
! Organization replaces supplier to refer to the company
implementing the standard
! Supplier replaces subcontractor when referring to
companies that your company purchases goods and
services from
2003 Changes - Continued
! Top Management must be involved in establishing and
communicating the purpose and direction of the
organization
! The management system begins and ends with objectives
established by Top management
! Top management responsibility for profit or loss*
! Top Management needs to create an atmosphere in
which people are not afraid to become involved, and
desire to help the company meet its goals and
objectives
Why Cant the FDA change Part 820 to
harmonize it with 9000:2000
! The FDA and medical device regulators take issue with following ISO
9001:2000 philosophies:
! Customer Satisfaction- goes above and beyond the safety and efficacy
of medical devices. Evaluating customer satisfaction beyond safety is
not FDAs purpose
! Continuous Improvement- done simply for the sake of operating more
efficiently is outside the scope of medical device regulatory agencies.
! Documentation- documentation is needed to know what a company
intends to do and what they actually did- ISO 9001:2000 requires less
documentation than does 13485:2003
! Process Approach- FDA does not feel its necessary for companies to
change the structure of their documentation.
! FDA is assuming the purpose of the change in ISO is a change in
documentation and that companies do not already use the process
approach.
FDA/QSR harmonization with the ISO Standards
! The FDA is planning on some level of harmonization with
ISO 13485 in late 2002 early 2003.
! Provided that ISO 13485 will remain more true to the medical
device/regulatory viewpoint
! Many other countries rely on ISO standards in regulating
medical devices.
! Promotes International Consistency.
! FDA and device regulatory agencies from other countries
can more readily rely on one another's inspections and
exchange inspection reports if the quality system
requirements are similar.
Why Would Medical Device Manufacturers want to maintain ISO
9001:2000 Certification as well as 13485:2003
! Customers (Doctors, Hospitals, OEMs) perceive a level of
security in knowing they are buying from a manufacturer that
has an ISO 9001 certified system.
! Helps companies obtain product certification CE mark,
! Companies do not have to be ISO certified to get CE Mark
! Depending on the product or service companies could opt for
ISO 17025
Permissible Exclusions - Allowable
! (7.5.3) Identification and traceability - only partially
applicable where there is no specific traceability requirement
for the organizations product
! (7.5.2) Customer property - Nothing is provided from the
customer to the supplier in the realization of its products or
processes
! (7.6) The organizations needs no measuring and test equipment
to provide evidence of conformity
Differences
Guidance standards
ISO 14969:200X will be the guidance document for
implementation to 13485:2003
! Section 3 of ISO 13485 has additional Terms and
Definitions not included in ISO 9000:2000
ISO 9000:2000 and ISO 9004:2000 used as consistent
pair
Differences: Section 4.1
! 13485: "Maintain the Effectiveness of these
processes"
! Records that you are meeting requirements and stated
objectives
! 9001:2000: Continual Improvement of these
Processes
Differences: Section 4.2.3
! Organization must define the period for retention of
obsolete documents
! Duration must be for the life of the device
! or as specified by relevant regulatory requirements
(GMP/GLP)
! 9001:2000 Does not specify retention times
Differences: Section 4.2.4
Additional Requirement in Section 4.2.4 13485:2003 that are not in 9001:2000
! "Records shall be established and maintained to provide evidence of conformity to requirements
and of the effective operation of the quality management system. records shall remain legible,
readily identifiable and retrievable. A documented procedure shall be established to define the
controls needed for the identification, storage, protection, retrieval, retention time and disposition
of records.
! Records from suppliers which demonstrate conformance to specified requirements and the
effective operation of the quality management system shall be maintained. The organization
shall retain the records for a period of time at least equivalent to the lifetime of the medical
device as defined by the organization, but not less than 2 years from the date of last shipment
from the organization.
! NOTE National or regional regulations may require a period longer than 2 years. The
organization shall establish and maintain a record for each batch of medical devices that
provides traceability
! to the extent specified in 7.5.3 and identifies the quantity manufactured and quantity
approved for distribution. The batch record shall be verified and approved.
! NOTE A batch may be a single medical device."
Differences: Section 5
! Section 5.1 of 13485:2003 does not require "Continually
Improving its effectiveness"
! ISO 9001:2000 does.
! Section 5.2 of 13485:2003 focus is on meeting the customers
needs
! 9001:2000 is focused on meeting and exceeding the customers needs.
! Section 5.3 of 13485:2003 emphasizes maintaining the system
! 9001:2000 talks about continual improvement
Differences: Section 6
! Section 6.2.2 of 13485:2003 Requires a procedure
for training where as ISO 9001:2000 does not.
! Section 6.4 Work Environment of 13485:2003 is
more detailed (i.e. health records, cleanliness of
clothing and personnel, environmental
monitoring) than the same section in 9001:2000
Differences: Section 7
! Section 7.3 Design and Development of 13485:2003
references ISO 14971 (Risk Analysis) 9001:2000 does not.
! Section 7.5.1 of 13485:2003 has added sub-clause G, which
talks about packaging and labeling.
! Section 7.5.1.1 Cleanliness of Product and contamination
control (Cleaning of product) is added for 13485:2003
! Section 7.5.1.2 Installation (Installing the Device) is added for
13485:2003
! Section 7.5.1.3 Servicing (After the Device is installed) is
added for 13485:2003
Differences: Section 7 - contd
! Section 7.5.2 Validation of processes for production and service
provision- additional requirements for 13485:
! The organization shall establish and maintain documented procedures for
the validation of the application of computer software (and changes to
such software and/or its application) for production and service
operations and measuring and monitoring operations (see 8.2) that affect
the ability of the product to conform to specified requirements. Such
software applications shall be validated prior to initial use. The results of
validation shall be recorded (see 4.2.4).
Particular requirement for sterile medical devices:
! The organization shall subject the medical device to a validated
sterilization process and record all the process parameters of the
sterilization process (see 4.2.4).
Differences: Section 7 - contd
! Section 7.5.3 Identification and Traceability- additional requirements for
13485:
! Particular requirements for active implantable medical devices and
implantable medical devices:
! a) When defining the extent of traceability, the organization shall include
all components and materials used, and records of the environmental
conditions when these could cause the medical device not to satisfy its
specified requirements.
! b) The organization shall require that its agents or distributors maintain
records of the distribution of medical devices with regard to traceability
and that such records are available for inspection.
! c) The organization shall ensure that the name and address of the
shipping package consignee is recorded (see 4.2.4).
Differences: Section 7 - contd
Section 7.5.5 Preservation of product-
additional requirements for 13485:
! The organization shall establish and maintain documented
procedures for the control of product with a limited shelf-life
or requiring special storage conditions. Such special storage
conditions shall be controlled and recorded. (FIFO)
Differences: Section 8
! Section 8.1 Measurement, analysis and
Improvement- additional Requirements for 13485:
! If statistical techniques are used, organization shall establish and
maintain documented procedures to implement and control their
application.
Differences: Section 8 - contd
! Section 8.2.1 Customer Feedback-
Additional Requirements for 13485:
! The organization shall establish and maintain a documented feedback
system to provide early warning of quality problems and for input into the
corrective and preventive action system [see 7.2.3c)].
! If regulations require the organization to gain experience from the post-
production phase, the review of this experience shall form part of the
feedback system (see 8.5.1).
Differences: Section 8 - contd
Section 8.2.4 Monitoring and measurement of Product- additional requirements for
13485:
! Particular requirement for active implantable devices and implantable devices:
! The organization shall record (see 4.2.4) the identity of personnel performing any
inspection or testing.
Section 8.3 Control of nonconforming product- additional requirements for 13485:
! If product needs to be reworked (one or more times), the organization shall document
the rework in a work instruction that has undergone the same authorization and
approval procedure as the original work instruction. Prior to authorization and
approval, a determination of any adverse effect of the rework upon product shall be
made and documented.
Requirements for Documents 92K
! ISO 9001:2000 requires a minimum of 6 procedures.
! Quality Manual
! 4.2.3 Control of Documents
! 4.2.4 Control of Records
! 8.2.2 Internal Audit
! 8.5.2 Corrective Action
! 8.5.3 Preventive Action
Requirements for documents 13485
ISO 13485:2003 requires a minimum of 19 procedures!
! Quality Manual
! 4.2.3 Control of Documents
! 4.2.4 Control of Records
! 6.2.2 Competence, awareness and training
! 7.3 Design and Development
! 7.4.1 Purchasing Process
! 7.5.1.2 Installation activities (if applicable)
! 7.5.1.3 Servicing activities (when required)
! 7.5.3.1 Identification
! 7.5.3.2 Traceability
! 7.5.5 Preservation of Product
! 7.6 Control of Measuring and Monitoring Devices
! 8.1 Statistical Techniques (if used)
! 8.2.2 Internal Audits
! 8.3 Control of nonconforming product
! 8.4 Analysis of Data
! 8.5 Improvement
! 8.5.2 Corrective Action
! 8.5.3 Preventive Action
ISO 13485:2003 Certification = Certification to ISO
9001:2000???
! ISO 13485 is a stand alone standard
! It is based on ISO 9001:2000.
! Primary objective of ISO13485 is to facilitate harmonized medical
device regulatory requirements.
! Includes some particular requirements for medical devices and
excludes some of the ISO 9001:2000 requirements
! These exclusions prevent users from claiming conformity with
ISO9001:2000!
Thanks for reading!!!
Feedback Welcome.