YY/T0287/ISO13485-Brief Introduction
ISO 13485: 2003 represents the requirements that medical device manufacturers must incorporate into their management systems. The current document supersedes its 1996 incarnation as well as EN 46001, EN 46002 and ISO 13488.
Though based on ISO 9001, 13485 removes 9001’s emphasis on continual improvement and customer satisfaction. In its place is an emphasis on meeting regulatory as well as customer requirements, risk management and maintaining effective processes, namely the processes specific to the safe design, manufacture and distribution of medical devices.
13485 is in part designed to produce a management system that facilitates compliance to the requirements of customers and—preeminently—various global regulators. While being certified to 13485 does not fulfill the requirements of either the FDA or foreign regulators, the certification aligns an organization’s management system to the requirements of the FDA’s Quality System Regulation (QSR) requirements as well as many other regulatory requirements found throughout the world. Therefore, 13485 certification serves to create a management system that can be thought of as a framework on which to build compliance to various regulatory and customer requirements.
13485 dictates that risk management must be thoroughly documented and conducted throughout a product’s entire lifecycle, from initial concept to delivery and post-delivery. However, the standard leaves the specifics to a related standard, ISO 14971: 2001, Application of Risk Management for Medical Devices. While 13485 states that a manufacturer’s management team is charged with the management of device-related risks and the development of risk management plans, 14971 defines a list of steps to be taken by management in order to fulfill risk-related requirements. While it is not mandatory that a manufacturer be 14971 certified in order to attain 13485 certification, being certified to the former standard can ease the attainment of certification to the latter.
Issues and Trends
The purpose of 13485 certification is sometimes misunderstood. 13485 certification does not fulfill the requirements of 9001, nor is it equivalent to or have the ability to take the place of any country-specific requirement for medical device manufacturers. As previously mentioned, the standard is in part meant to serve as a means to the creation of a management system that aligns with the requirements of various regulators.
13485 is no longer thought of as pertaining solely to finished medical device manufacturers. Today, such manufacturers are requiring their sub-tier suppliers to also attain 13485certification. This is risk management enacted to establish supplier quality, as it is difficult for a manufacturer to single-handedly regulate the quality programs of its suppliers.
The Certification Process
Like any ISO certification, medical device manufacturers wishing to obtain 13485 certification first need to educate themselves on the requirements of regulators and customers, as well as what a 13485-compliant management system will entail. Then a management system that conforms to the standard’s requirements needs to be implemented within the organization.
The first step to creating the management system should be drafting a quality manual; the quality manual outlines an organization’s goals, processes and procedures for compliance and quality management. An employee with the know-how to develop and implement such a program can create the management system internally; otherwise, a hired consultant with an expertise in the 13485 market can be used. After the quality manual has been written and a management system has been implemented, the organization needs to seek a certification body it is comfortable with.
When seeking a certification body, the organization needs to be sure that the registrar is accredited by an accrediting body to include 13485 certification in their scope. The organization seeking certification should ask to see credentials and references from a prospective registrar. For example, in North America, certification bodies will be accredited through an organization such as ANSI/ASQ National Accreditation Board (ANAB). There are accreditation boards in every major country that review certification bodies to ensure they meet requirements.
It also is important to keep the target market in mind. For instance, if a medical device manufacturer wants to sell in North America, it should seek certification through a registrar accredited by a North American accreditation body to ensure they will meet country-specific or customer requirements.
The steps to attaining 13485 certification are similar to those of 9001, with some type of off-site document review followed by a preassessment and then assessment. After certification, an organization will be subject to on-going surveillance by its certification body. The duration of the assessment is contingent on an organization’s scope—its size, number of personnel, and type and complexity of products manufactured. Taking these elements into consideration, an organization can expect an assessment to last anywhere from a couple of days to more than a month.
The frequency of surveillance assessments will be determined by an organization’s scope as well as its performance, though they will usually be conducted annually or semi- annually. However, organizations should expect a complete reassessment three years after initial certification. A surveillance assessment takes into account concerns such as the fulfillment of management responsibilities, the execution of internal audits and how an organization is performing in relation to the state of the industry and customer expectations.
Tech Tips
13485 emphasizes meeting regulatory as well as customer requirements, risk management and maintaining effective processes.
13485 is in part designed to produce a management system that facilitates compliance to the requirements of customers and global regulators.
Benefits can be reaped from being both 9001 and 13485 certified, because 9001 focuses on business aspects not found in 13485 that are good for all businesses.
Benefits of Dual Certification: 13485 & 9001
Medical device manufacturers can benefit from being both 9001 and 13485 certified. While such manufacturers are not required to have 9001 certification, it can bring further business benefits, because it focuses on business aspects that are good for all businesses—for example, the emphasis on customer satisfaction and continuous process improvement that a 13485 management system omits. Manufactures of medical devices also will need to acquire 9001 certification if they want to branch out to other industries, as 13485 certification will not be honored where 9001 is required.
Why choose Jiushun Enterprise Management?
Jiushun Management has determined the medical device consulting with adequate and systematic service as its major service since found on August, 1996. Jiushun has developed to be the one of the most qualified, widest service-providing and most customers in the Greater China (including Hong Kong, Macao andTaiwan).
We have provided the specialized service for more than 5,000 customers from the Greater China, UK, U.S.A, Japan, Singapore, Malaysia, etc. spreading all over the world, including 15 listed companies.