Emily Drinks, Digital Content Consultant with WebFX08.05.21
The ISO 13485 standard provides medical device manufacturers with a set of formal requirements for establishing quality management processes.
Certification in the standard is also necessary to market products in Canada and the European Union. While certification or compliance aren’t necessary for organizational marketing devices in the United States, the FDA plans to eventually harmonize its quality management rules with the ISO standard.
Compliance with the standard is one way to ensure lifelong quality of an organization’s medical devices and gain access to certain medical device markets.
To become certified, however, an organization needs to go beyond just being compliant with ISO 13485. An ISO certification body will need to audit the organization’s internal quality management processes and verify the implementation is in line with the standard.
Becoming Compliant with ISO 13485
Once an organization has acquired a copy of the standard and reviewed the standard’s requirements, the next step is conducting a gap analysis.
During the gap analysis, or pre-audit, the organization will review the existing quality management system and compare them with the ISO requirements. During this process, the team reviewing the quality management system will identify gaps, or areas of noncompliance with the ISO standard.
Once the gap analysis is complete and documented, organizations typically begin to develop an implementation plan — or a formal strategy for how they will harmonize their quality management guidelines with the ISO standard. This plan should have a defined scope, which will determine the boundaries of the quality management system implementation.
After the implementation plan is drafted, the organization will design documentation and prepare to train employees who will be responsible for implementing and maintaining the quality management system.
At this point, the organization is ready to put the plan into place and begin to perform internal audits that track the effectiveness of the quality management system in practice.
Reviewing Quality Management Processes
All organizations should conduct an internal audit before the official audit by the ISO certifying body.
This internal audit will provide you with a chance to review your quality management system and identify areas of noncompliance with the ISO standard.
The internal audit should be roughly as rigorous as the official audit will be — meaning that it should take about as long or longer than the certifying body’s audit.
Once the audit is complete, managers should review the audit findings with the auditor. They should discuss potential gaps and how the organization can likely improve compliance with standards before the official audit.
Obtaining ISO 13485 Certification
In accordance with ISO 17021, the standard that defines requirements for ISO certification bodies, the official auditors that investigate an organization’s quality management system will divide their audit into two stages.
The Stage 1 Audit exists to determine an organization’s readiness for the Stage 2 Audit. During this stage, the auditor or auditors will review organization documentation, interview personnel and evaluate site conditions.
The Stage 2 Audit will evaluate the effectiveness of the organization’s management systems as they are implemented.
The auditor will evaluate documented information, report how well quality management systems align with the organization’s quality manual and standards and evaluate internal audits. The auditor will also report all noncompliances and create a surveillance plan for the organization.
If this audit is successful and the auditor does not find any serious non conformances, the organization’s management system will be formally certified.
After certification, the certifying body will perform surveillance audits once per year while the organization is certified.
The Importance of ISO 13485 Certification
For medical device manufacturers — and organizations involved in the design, installation and servicing of these devices — ISO 13485 certification can be a valuable asset. For organizations wanting to market medical devices or device services in Canada and the EU, it will be necessary.
Preparing for ISO 13485 certification is a multi-step process that requires significant planning, internal systems review and training. An effective implementation plan and documentation process will help to prepare an organization for both stages of the ISO 13485 certification audit.
Certification in the standard is also necessary to market products in Canada and the European Union. While certification or compliance aren’t necessary for organizational marketing devices in the United States, the FDA plans to eventually harmonize its quality management rules with the ISO standard.
Compliance with the standard is one way to ensure lifelong quality of an organization’s medical devices and gain access to certain medical device markets.
To become certified, however, an organization needs to go beyond just being compliant with ISO 13485. An ISO certification body will need to audit the organization’s internal quality management processes and verify the implementation is in line with the standard.
Becoming Compliant with ISO 13485
Once an organization has acquired a copy of the standard and reviewed the standard’s requirements, the next step is conducting a gap analysis.
During the gap analysis, or pre-audit, the organization will review the existing quality management system and compare them with the ISO requirements. During this process, the team reviewing the quality management system will identify gaps, or areas of noncompliance with the ISO standard.
Once the gap analysis is complete and documented, organizations typically begin to develop an implementation plan — or a formal strategy for how they will harmonize their quality management guidelines with the ISO standard. This plan should have a defined scope, which will determine the boundaries of the quality management system implementation.
After the implementation plan is drafted, the organization will design documentation and prepare to train employees who will be responsible for implementing and maintaining the quality management system.
At this point, the organization is ready to put the plan into place and begin to perform internal audits that track the effectiveness of the quality management system in practice.
Reviewing Quality Management Processes
All organizations should conduct an internal audit before the official audit by the ISO certifying body.
This internal audit will provide you with a chance to review your quality management system and identify areas of noncompliance with the ISO standard.
The internal audit should be roughly as rigorous as the official audit will be — meaning that it should take about as long or longer than the certifying body’s audit.
Once the audit is complete, managers should review the audit findings with the auditor. They should discuss potential gaps and how the organization can likely improve compliance with standards before the official audit.
Obtaining ISO 13485 Certification
In accordance with ISO 17021, the standard that defines requirements for ISO certification bodies, the official auditors that investigate an organization’s quality management system will divide their audit into two stages.
The Stage 1 Audit exists to determine an organization’s readiness for the Stage 2 Audit. During this stage, the auditor or auditors will review organization documentation, interview personnel and evaluate site conditions.
The Stage 2 Audit will evaluate the effectiveness of the organization’s management systems as they are implemented.
The auditor will evaluate documented information, report how well quality management systems align with the organization’s quality manual and standards and evaluate internal audits. The auditor will also report all noncompliances and create a surveillance plan for the organization.
If this audit is successful and the auditor does not find any serious non conformances, the organization’s management system will be formally certified.
After certification, the certifying body will perform surveillance audits once per year while the organization is certified.
The Importance of ISO 13485 Certification
For medical device manufacturers — and organizations involved in the design, installation and servicing of these devices — ISO 13485 certification can be a valuable asset. For organizations wanting to market medical devices or device services in Canada and the EU, it will be necessary.
Preparing for ISO 13485 certification is a multi-step process that requires significant planning, internal systems review and training. An effective implementation plan and documentation process will help to prepare an organization for both stages of the ISO 13485 certification audit.