ISO 13485: Medical devices – quality management systems was published in March 2016. This third edition cancels and replaces the second edition (ISO 13485:2003), which has been technically revised.
Rather controversially, ISO 13485:2016 has not been revised in line with the high level structure, HLS, adopted by ISO 9001:2015, ISO 14001:2015 and 30 other management systems, which comprises the following structure:
- 1 Scope
- 2 Normative references
- 3 Terms and definitions
- 4 Context of the organisation
- 5 Leadership
- 6 Planning
- 7 Support
- 8 Operation
- 9 Performance evaluation
- 10 Improvement
So while ISO 13485:2016 has been revised it has not been revised in line with the HLS, which means that it and ISO 9001:2015 are no longer in line. Therefore, it is necessary to map the gaps between the two standards.
ISO 9001:2015 now has 7 quality system core processes (excludes, scope, normative references and terms and definitions) while ISO 13485:2016 retains 5 quality system core processes. Annex A of ISO 13485:2016 provides a comparison of content between ISO 13485:2003 and ISO 13485:2016 and Annex B a correspondence between ISO 13485:2016 and ISO 9001:2015.
The standard supports the design of a quality management system that establishes and maintains the effectiveness of a manufacturer’s processes to ensure the consistent design, development, production, installation, and delivery of medical devices, or related services, that are safe for their intended purpose. The standard applies across the whole supply chain and seeks to address the entire lifecycle of a medical device.
The requirements of ISO 13485 are applicable to suppliers or other external parties providing products or services to medical device manufacturers. By using the standard, organizations are able to demonstrate compliance with regulatory requirements, manage risk, ensure best practice vis a vis quality and safety, improve processes and provide confidence to patients.
Some of the key changes in ISO 13485:2016 are as follows:
- Alignment of global regulatory requirements
- Inclusion of risk management and risk-based decision making throughout the quality management system
- Additional requirements with regard to validation, verification, and design activities
- Strengthening of supplier control processes
- Increased focus on feedback mechanisms
- More explicit requirements pertaining to software validation for different applications
Existing certification body customers have three years to transition from ISO 13485:2003 and the associated European Standard EN ISO 13485:2012 to ISO 13485:2016.