ISO 13485:2016 Medical Device Quality Management System Requirements

Introduction to ISO 13485

ISO 13485:2016 specifies requirements for a quality management system (QMS) for organizations involved in the design, development, production, storage, distribution, installation, servicing, and final decommissioning of medical devices. It is the globally recognized standard for medical device quality management.

Scope and Purpose

Primary Objectives

• Demonstrate ability to provide medical devices that consistently meet customer and regulatory requirements
• Facilitate compliance with regulatory requirements worldwide
• Emphasize risk management throughout product lifecycle

Applicability

Applicable to organizations regardless of size or type:

• Medical device manufacturers
• Contract manufacturers
• Design houses
• Distributors providing services
• Service providers

Key Differences from ISO 9001

• Regulatory compliance is explicitly required
• Risk management integrated throughout
• Design and development requirements cannot be excluded
• Traceability requirements are more extensive
• Customer satisfaction monitoring is optional
• Continual improvement replaced by maintaining effectiveness

Quality Management System Requirements (Clause 4)

General Requirements (4.1)

• Establish, document, implement, and maintain QMS
• Document roles within organization
• Apply risk-based approach to control of processes

Documentation Requirements (4.2)

Quality Manual

• Scope of QMS including justification for exclusions
• Documented procedures or reference to them
• Description of QMS process interactions

Medical Device File

Required for each medical device type or family containing specifications and QMS procedures specific to that device.

Control of Documents (4.2.4)

• Approve documents before use
• Review, update, and re-approve
• Identify changes and revision status
• Ensure relevant versions available at point of use
• Retain documents for specified periods

Control of Records (4.2.5)

• Establish procedures for record control
• Records must be legible, identifiable, retrievable
• Retain for at least device lifetime or regulatory requirement

Management Responsibility (Clause 5)

Management Commitment (5.1)

• Communicate importance of meeting requirements
• Establish quality policy and objectives
• Conduct management reviews
• Ensure resource availability

Customer Focus (5.2)

• Determine customer requirements
• Ensure requirements are met
• Ensure applicable regulatory requirements addressed

Quality Policy (5.3)

• Appropriate to organization purpose
• Includes commitment to compliance and effectiveness
• Communicated and understood throughout organization

Management Representative (5.5.2)

• Appoint representative with defined authority
• Ensure QMS processes established and maintained
• Report to management on QMS performance
• Ensure promotion of regulatory requirement awareness

Management Review (5.6)

Review QMS at planned intervals to ensure suitability and effectiveness:

• Review inputs: audit results, feedback, process performance, CAPA status
• Review outputs: decisions and actions on improvements, resource needs
• Maintain records of management reviews

Resource Management (Clause 6)

Human Resources (6.2)

• Determine competence requirements
• Provide training or take other actions
• Evaluate effectiveness of actions
• Ensure awareness of quality policy relevance
• Maintain appropriate training records

Infrastructure (6.3)

Determine, provide, and maintain infrastructure needed:

• Buildings and workspace
• Process equipment
• Supporting services
• Document maintenance requirements

Work Environment (6.4)

• Determine and manage work environment conditions
• Document requirements for health, cleanliness, clothing
• Ensure temporary work arrangements controlled

Product Realization (Clause 7)

Planning (7.1)

• Plan and develop processes for product realization
• Determine quality objectives and requirements
• Establish processes, documents, resources
• Apply risk management throughout

Customer-Related Processes (7.2)

• Determine product requirements including regulatory
• Review requirements before commitment
• Establish customer communication arrangements

Design and Development (7.3)

Planning

• Determine design stages and reviews
• Define responsibilities and interfaces
• Update plans as design progresses

Inputs

• Functional and performance requirements
• Applicable regulatory requirements
• Risk management outputs
• Information from previous similar designs

Outputs

• Meet input requirements
• Provide appropriate information for production
• Specify product characteristics essential for safe use

Review, Verification, Validation

• Conduct systematic reviews at planned stages
• Verify outputs meet input requirements
• Validate device meets intended use requirements
• Complete before release

Transfer

Verify design output suitable for manufacture before production.

Control of Changes

• Document and review design changes
• Evaluate effect of changes on delivered products
• Verify and validate changes before implementation

Design and Development Files

Maintain design and development file for each device type.

Purchasing (7.4)

• Establish criteria for supplier evaluation and selection
• Define purchasing requirements
• Verify purchased products meet requirements

Production and Service Provision (7.5)

Control of Production

• Plan and carry out under controlled conditions
• Establish product specifications
• Establish documented procedures and work instructions
• Use suitable equipment
• Implement monitoring and measurement

Cleanliness and Contamination Control

Document requirements where cleanliness affects product quality or contamination control required.

Installation and Servicing

Establish requirements and records for installation and servicing activities.

Particular Requirements for Sterile Devices

Maintain records of sterilization process parameters for each batch.

Validation of Processes

Validate processes where resulting output cannot be verified by subsequent monitoring or measurement.

Identification and Traceability (7.5.8-9)

• Identify product throughout realization
• Establish documented procedure for traceability
• Maintain traceability records

Control of Monitoring and Measuring Equipment (7.6)

• Calibrate at specified intervals
• Identify to allow calibration status determination
• Safeguard from adjustments invalidating results
• Assess validity of results if found out of conformance
• Maintain calibration records

Measurement, Analysis and Improvement (Clause 8)

Monitoring and Measurement (8.2)

Feedback

Gather and monitor information on meeting customer requirements. Include post-market surveillance data.

Complaint Handling

Establish documented procedures for:

• Receiving and recording complaints
• Evaluating need for investigation
• Investigating and documenting
• Determining need for corrective action
• Reporting to regulatory authorities

Internal Audit

• Conduct audits at planned intervals
• Plan based on importance and previous results
• Ensure objectivity and impartiality
• Document procedures and maintain records

Process and Product Monitoring

• Apply suitable methods for monitoring and measurement
• Verify product requirements met before release
• Maintain evidence of conformity
• Identify person authorizing release

Control of Nonconforming Product (8.3)

• Identify and control nonconforming product
• Document procedures for handling
• Evaluate, segregate, and disposition
• Consider rework and concession procedures
• Document investigation and actions taken

Analysis of Data (8.4)

Determine, collect, and analyze appropriate data demonstrating suitability and effectiveness:

• Feedback data
• Product conformity
• Process and product trends
• Supplier performance

Improvement (8.5)

Corrective Action

• Review nonconformities including complaints
• Determine causes
• Evaluate need for action to ensure nonconformity does not recur
• Implement actions and verify effectiveness
• Document procedures and records

Preventive Action

• Determine potential nonconformities and causes
• Evaluate need for action to prevent occurrence
• Implement actions and verify effectiveness
• Document procedures and records

Certification and Compliance

Certification Process

1. Implement QMS per ISO 13485 requirements
2. Select accredited certification body
3. Stage 1 audit: Documentation review
4. Stage 2 audit: Implementation verification
5. Address any nonconformities
6. Certification granted (3-year validity)
7. Annual surveillance audits
8. Recertification audit before expiry

Conclusion

ISO 13485:2016 provides a comprehensive framework for medical device quality management. Certification demonstrates commitment to quality and facilitates global market access for medical device organizations.