What is ISO 13485:2016?
ISO 13485:2016 is an internationally recognized quality standard which states the requirements of the Quality Management System (QMS) for the design and manufacture of Medical Devices throughout the world. Certification to the standard requires its quality system to pass a third party Medical Device Single Audit Program, or “MDSAP” audit.
ISO 13485 = ISO 9001 + Additional Medical Device Requirements
ISO 13485:2016 is the latest, and most current version of quality management system for medical devices, (learn about the differences here). While it remains a stand-alone document, the latest version aligns with ISO 9001:2008 (Yes, 2008, not 2015). Meaning that 13485 does not follow the high level structure (Annex SL) of the latest version, ISO 9001:2015. (See ISO 9001:2015+13485:2016 QMS) There are some additional clauses as well as the removal of some requirements.
This global standard is mandatory in some countries and in April of 2019, ISO 13485 became the FDA’s mandatory QMS for Medical Devices. Third party registrars (CB’s) conduct audits to ensure conformance.
- Learn more about the relationship between FDA-QSR 21 CFR 820 and ISO 13485:2016
There are many different stages of medical device development from design and development to distribution and servicing, and this standard was developed to be used in organizations no matter what their role in the life-cycle.
For more information, please see our tutorial:
- What is ISO 13485?
- Why become ISO 13485 Registered?
- What are the requirements of the Standard?
- What are the steps to certification?
- And more…
To learn more about the Medical Device terminology, please view: Definitions which covers the various classifications of medical devices across the globe.
Who is ISO 13485:2016 for?
ISO 13485:2016 is beneficial for many organizations, and can be used by suppliers and external parties that are involved with providing medical device products.
Requirements of the standard are applicable to organizations regardless of their size and regardless of their type except where explicitly stated. Wherever requirements are specified as applying to medical devices, they apply equally to associated services as supplied by the organization. The requirements may vary based upon the class of medical device – from a wheelchair to a pacemaker.
The processes required by the standard are applicable to the organization, but are not performed by the organization, are the responsibility of the organization and are accounted for in the organization’s quality management system by monitoring, maintaining, and controlling the processes.
If applicable regulatory requirements permit exclusions of design and development controls, this can be used as a justification for their exclusion from the quality management system. These regulatory requirements can provide alternative approaches that are to be addressed in the quality management system. It is the responsibility of the organization to ensure that claims of conformity to the standard reflect any exclusion of design and development controls.
If any requirement in Clauses 6, 7 or 8 are not applicable due to the activities undertaken by the organization or the nature of the medical device for which the quality management system is applied, the organization does not need to include such a requirement in its quality management system. For any clause that is determined to be not applicable, the organization records the justification as described in 4.2.2. Today, the standard has become more harmonized internationally, and will replace the U.S.’s FDA’s regulatory requirements documentation 21 CFR 820 in 2019.
If you are certified to the QMS standard, learn how to advertise your certification.
Changes from ISO 13485:2003 to ISO 13485:2016
There are several key changes between the 2016 requirements and 2003 requirements, we will discuss the 11 key changes here, which were changed to align with the FDA.
Clause 4.1 General Requirements
The first big change is the application of a risk based approach in establishing and maintaining a QMS.
4.2 General Requirements
Within 4.2, there are two major changes. First, there is a change regarding confidential health information, and second a large change is how to deal with deterioration and the loss of documents.
6.2 Human Resources
The newest version of the standard expands upon the 2003 version, requiring more processes to identify that individuals are competent, that they are provided with any necessary training, and make sure that personnel, and their roles are documented.
7.2 Customer-related processes
Several new terms in regards to communicating with regulatory authorities relating to product information, customer feedback, and advisory notes.
7.3 Design and Development
The 2016 version of 13485 has better aligned with the FDA.
7.3.8-Design and Development Transfer
Another big change, is that this new revision has specific requirements for the transfer of products and design.
7.3.10 Design and Development Files
The old standard had no criteria regarding the requirements for maintaining documentation regarding design and development, in the new revision, these requirements are defined
There are several new requirements as it relates to purchasing. New requirements address the following:
- Monitoring and re-evaluating suppliers
- Actions to be taken when purchasing requirements are not met
- Notifying of any change in regards to purchased products
- Purchasing verification
The new standard now requires that procedures are documented as it relates to production identification and status.
8.2.2 Complaint handling
In the previous standard there was no clause addressing complaints. This has changed with the new 2016 standard.
8.2.3 Reporting to regulatory authorities
There are now requirements for reporting to regulatory authorities, unlike the old version of the standard.
Historic Medical Device Quality Management Systems
EN ISO 1SO 13485:2012
EN ISO 1SO 13485:2012 was a revision based off of ISO 13485:2003 established by the European Union. The EU has two standard organizations, the European Committee for Standardization (CEN) and the European Committee for Electrotechnical Standardization (CENELEC). When the CEN issues a standard based off of an ISO standard, you will see a prefix “EN” and the year will be adjusted accordingly.
The standard includes parts of ISO 9001, and was a revision of ISO 13485:2003. It was created to be compliant with CE-marking requirements. The standard’s requirements remain unchanged and the updated revision was created only for manufacturers placing devices on the market throughout Europe. ISO 13485:2003 remained the applicable standard for all other international markets, including the U.S
ISO 13485:2003/Cor 1:2009
ISO 13485:2003/Cor 1:2009 = ISO 9001:2008 + Medical Device Requirements
Technical Corrigendum 1 to ISO 13485:2003 was prepared by the ISO/TC 210 technical committee and published on January 8, 2009. It is a very brief document where the standard is aligned with ISO 9001:2000 and ISO 9001 is replaced with ISO 9001:2000 in pages v and vi at sub-clauses 0.3 and 0.4; in page 1 at sub-clause 1.1: and in page 25 at first paragraph of Annex B.
This document was published after the 2007 release of ISO 9001, making only minor adjustments. At the time, there were not enough adjustments to justify a new revision of the standard, but in 2016 ISO released a new revised standard ISO 13485:2016.
ISO 13485:2003 = ISO 9001:2000 + Medical Device Requirements
ISO 13485:2003 Medical Devices- Quality Management System requirements for regulatory purposes is an ISO standard, originally published in 1996. This standard incorporated aspects of ISO 9001:2000 Quality Management System, but is specific to the global medical device industry.