Procedure for Obtaining ISO Certificate What Is ISO Certification? ISO Certification refe...
The International Organization for Standardization (ISO) has introduced the ISO 13485 that is an international standard that sets down the rules and regulations for a quality management system (QMS) for manufacturers of medical devices and also for such organizations that support manufacturers of medical devices. The medical industry is a critical industry – ISO 13485, that pertains to design and manufacture of medical devices is an assurance to the end user or the customer that the medical device is free from danger and the quality of the product is reliable for use.
Clause 4.2.1 of ISO 13485 mentions that quality objectives are essential for a Quality Management System (QMS) for manufacturers of medical devices. In details it has been explained as – a quality policy is required for setting goals of a QMS whereas quality objectives are the ways and means that would be adopted to reach the goal. The overall intention is to improve the system. Customer and regulatory requirements are the inputs of quality policy and the quality objectives help in achieving them. Since the organization as a whole needs to put their best foot forward to achieve the listed objectives, employees at every level within the system need to be informed of the quality objectives.
Once the products and processes that need to be monitored, measured and improved have been identified by the organization, it needs to set down SMART objectives (Specific, Measurable, Agreed, Realistic and Time-based).
The ISO 13485 is based upon ISO 9001 but there are differences between both. One of the key differences that ISO 9001 emphasizes upon continual improvement whereas ISO 13485 talks about implementing and maintaining an effective quality system. Even the customer satisfaction related requirement is missing in the ISO 13485 standard.
In the initial years, there were two versions of this standard –ISO 13485 for Original Equipment Manufacturers (OEM) and ISO 13488 for contractual manufacturers (suppliers to manufacturers). In 2003, both the standards were merged and there were revisions that were made. After the merger of the standards, many countries including Canada and the European Union made it mandatory for all medical device manufacturing companies to be ISO 13485 certified whether it be Class I devices or Class II-IV devices. It is mandatory even for subcontractors to be ISO 13485 certified or be audited for the same. The FDA certifications in the US are also similar to standards mentioned in ISO 13485. Hence it became mandatory for all manufacturers, sub-contractors, and suppliers of medical devices to obtain this certification for operating in these countries. Today governments of almost all countries in the world have made it a compulsory clause for organizations participating in government tenders.
The first version of this standard was published in 1996. Earlier there were different standards like the EN 46001 and EN 46002 which were later phased out after the introduction of the ISO 13485. The latest version of this standard was published on 1st March 2016 thereby superseding the earlier versions –1996, 2003 and 2016. All organizations that are compliant with the earlier versions have been given time till 31st March 2019 to upgrade to the latest one.
Any medical device manufacturing company will have to meet the following minimum requirements to obtain this certification:-
Step No. 1: planning the Quality Management System. ISO 13485 mentions 19 procedures and a Quality Manual that the organization needs to identify and work upon to develop its quality plan. The first two procedures pertain to Control of Documents and Control of Records. The quality plan is required to be written down properly, in sequence and the process of implementation. This is the time when the organization needs to identify the process owners of each of the procedures. This stage also should be used by the organization to appoint a certification body after due research and shortlisting.
This is also the time to make sure that there are sufficient resources in hand to implement the quality plan. Resources typically include people, money, time and equipment. This stage also requires communicating with internal stakeholders about the procedures, training them, carry out internal audits, preparing records, writing corrective action plans post internal audits and addressing aspects of the QMS that are not effective.
Step 2: implementing additional regulatory requirements – in the case as a manufacturer, the organization aims to target global markets, and then the organization needs to go ahead with other regulatory requirements that are necessary for operating in the selected countries.
Step 3: Design Controls –as per clause 7.3.1, 7.3.2 to 7.3.7, there are seven sections pertaining to design control requirements in ISO 13485. The controls are related to Design planning, Design Input, Design output, Design reviews, Design Verification, Design Validations and Design changes. What is required here is that the organization prepares a Waterfall Design to illustrate the procedures for the seven steps mentioned above. The procedure is required to be written, the team to be trained on design controls and risk management.
Step 4: Document control and Training –these two are required to ensure that the processes are running as required. Document changes need to follow specific tasks and procedures.
Step 5: Internal Audit, CAPA and Management Review –internal audit identifies problems. CAPA identifies the root cause of the problem and eliminates them. Management review is made to ascertain that resources are in place so that the QMS can work effectively.
Step 6: Stage 1 and Stage 2 audit and responding to findings –Stage 1 is a one-day audit for QMS documentation. Stage 2 audit is reviewing or records from the previous step.
After this, the certification auditor will recommend the company for ISO 13485 certification and also arrange for semi-annual or annual surveillance audits to be conducted.