What is ISO 13485 Standard? Requirements for ISO 13485 Certification

What is ISO 13485?

ISO 13485 is a set of specific and comprehensive requirements for a quality management system (QMS). The manufacturer must demonstrate its ability to comply with the QMS standard within the life-cycle of the medical devices. The ISO was first published in 1996 and later updated several times with the latest version for the ISO 13485 published in March of 2016, also commonly known as the ISO 13485:2016. The ISO 13485 medical QMS standard was developed by the International Organization for Standardization (ISO), a worldwide federation of national standards bodies (ISO member bodies). 
 

ISO 13485 specifies requirements for a QMS that can be issued to a manufacturer involved in one or more stages within the life-cycle of the medical devices; these stages include:  

• Design & Development  
• Production  
• Storage & Distribution  
• Installation  
• Servicing & Final Decommissioning  
• Disposal of Medical devices

The requirements of the ISO 13485 can also be used by suppliers or other external parties that provide products to the organization that are involved in the overall life-cycle of the medical devices including:  

• Raw materials  
• Components  
• Subassemblies  
• Medical devices  
• Sterilization services  
• Calibration services  
• Distribution services  
• Maintenance services 

Therefore, the ISO 13485 certification allows an organization to deliver an effective quality management system for medical devices, emphasizing risk management and risk-based decision-making. In addition, it systematically emphasizes key principles for quality assurance in order to ensure safe deployment of medical focused products in the marketplace.   

What is the difference between ISO 9001 and ISO 13485?

The ISO 13485 is derived from the ISO 9001 but has additional medical device requirements. That is why there are various requirements in common between ISO 13485 and ISO 9001. However, ISO 9001 is the international gold standard for QMSs that focuses more on customer satisfaction and continual improvement of the products. Whereases ISO 13485 focuses more on medical device documentation and safety requirements. 

Moreover, when comparing the ISO 13485 with other standards such as the ISO 9001 and ISO 14001, the ISO 13485 is different in the manufacturing requirements. One of the main differences between ISO 13485 and other certifications is that "an organization does not need to be actively manufacturing medical devices or their components to seek certification to this standard. This means it can be a strategic decision to get the standard if a company has the capability of manufacturing components for medical devices or providing services to medical devices companies. By having this exception, it allows companies like ours to gain this certification, allowing us to manufacture medical computing systems in medical applications like mobile medical carts and imaging diagnostic machines. ISO 13485 also enables us to comply with most European standards and have access to European markets, as well as other international markets.    

FDA Harmonizing the Quality System Regulation with ISO 13485 Requirements

The ISO 13485 is fairly uncommon within the United States for medical devices but is recognized worldwide. However, for the United States market, on February 23, 2022, the FDA recently published a proposed rule to replace the Quality System Regulation (QSR) with a newly released Quality Management System Regulation (QMSR) that aligns with the ISO 13485:2016 requirements. The FDA announced this proposal in 2018 and has long been waited by medical device manufacturers. Harmonizing the FDA regulatory requirements for medical devices in the 21 CFR part 820 with the ISO 13485:2016 would help improve efficiency and save organizations hundreds of millions of dollars from the regulatory burden.
 

What are the Requirements for ISO 13485?

ISO 13485:2016 has a document from ISO that provides requirements for regulatory purposes that validates the medical devices' quality management systems. There are 8 requirements sections within the ISO 13485:2016 document; these include: 

How to Get ISO 13485 Certification?

To obtain an ISO 13485 certification, a company has to follow a PDF outlining 8 sections. Risk-based management is constantly repeated and underscored throughout the document. The first three sections are introductory. The rest of the sections follow the supply chain to ensure quality throughout. The fourth section addresses the general quality management system (QMS) and necessary documentation. Here, a company needs a quality manual, medical device file, control of records, and control of documents. Documents are constantly updated throughout the whole process, as every aspect of the company, from training procedures to other records, must be meticulously documented and recorded to ensure proper management. One of the most important processes within the QMS is the corrective and preventative action (CAPA) procedure. For each step, we also have a process failure mode and effects analysis (PFMEA) to evaluate the potential impact of failure, emphasizing the ISO 13485 standard of risk management.   

The fifth section calls for management responsibility and involvement in the ongoing system review. The ultimate objective of management review is to evaluate the suitability, adequacy, and effectiveness of the QMS. Therefore, we also follow a specific management review process. This allows the management team and the whole company to take full responsibility for anything that occurs.
 

The sixth section includes guidelines for resource management, whether it's infrastructure, human resources, personnel, and the overall work environment. For example, when we manufacture medical devices, we manufacture them in an enclosed warehouse to prevent contamination with debris and other materials. For example, some specific medical devices even require particle cleanrooms that control the level of dust and debris to avoid contamination during the manufacturing process.
 

Section seven consists of product realization, describing the process in how the medical device product is designed all the way to its distribution. Here, this process is extremely tedious. Each new product that is thought of goes through the new product introduction process, starting with the first article inspection (FAI). If something is wrong, the product undergoes an engineering change order (ECO) during production. Product realization also consists of identification and traceability through the product development cycle. Identification and traceability also connect to the last section.
 

The last section includes measurement, analysis, and lastly, improvement. With medical device manufacturing, a big thing is how we deal with nonconforming products. We go through a long and detailed process that is properly recorded in forms specifically for nonconforming products. The decision on what to do with the nonconforming product is also recorded and signed off by management through a material review board process (MRB). Any other product feedback is also analyzed, and the product is improved.
 

The last steps include an internal audit to verify all proper documents, procedures, and the whole QMS. Lastly, there is an external audit by a third party which will result in a certification if all the steps are taken properly.

C&T Solutions Inc. is an ISO 13485 Certified Manufacturing Company

Having C&T comply with all these standards gives us an advantage. As the FDA is still slowly adopting ISO 13485 standards to fit with the FDA QSR processes, other American manufacturers are still in the process of obtaining certification. Despite the fact that we mainly manufacture computing hardware, this certification gives us the ability to manufacture medical devices or technology needed for medical devices for key partners. This value-added benefit from a manufacturing standpoint helps our partners scale quickly into the market for medical devices. Having an ISO 13485 certification also guarantees a high level of quality and safety for the products we manufacture, as we are re-certified each year through a rigorous ISO audit   

This also ultimately reduces risk within our manufacturing process while improving our manufacturing processes and credibility. This key milestone becomes an integrated process that is constantly improved and reviewed on an annual basis. Quality control principles and QMS's become a harmonized model, creating effective product traceability and recall system. Having internal quality control and proactive quality feedback during a production run maintains our effective manufacturing operation for computing products. This also increases efficiency and cuts costs while monitoring supply chain performance.  Most importantly we want to provide better products to create customer satisfaction. Overall, this evidence-based decision-making process will create a culture of continual improvement within C&T for our computing products and how they are manufactured.