What is ISO 13485:2016?
ISO 13485:2016 is an internationally recognized quality standard which states the requirements of the Quality Management System (QMS) for the design and manufacture of Medical Devices throughout the world. Certification to ISO 13485 requires its quality system to pass a third party Medical Device Single Audit Program, or “MDSAP” audit.
ISO 13485 = ISO 9001 + Additional Medical Device Requirements
ISO 13485:2016 is the latest, and most current version of ISO 13485, (learn about the differences here). While it remains a stand-alone document, the latest version aligns with ISO 9001:2008 (Yes, 2008, not 2015). Meaning that 13485 does not follow the high level structure (Annex SL) of the latest version, ISO 9001:2015. (See ISO 9001:2015+13485:2016 QMS) There are some additional clauses as well as the removal of some requirements.
There are many different stages of medical device development from design and development to distribution and servicing, and this standard was developed to be used in organizations no matter what their role in the life-cycle.
For more information on ISO 13485 please see our tutorial: Basics of ISO 13485 which covers:
- What is ISO 13485?
- Why become ISO 13485 Registered?
- What are the requirements of the Standard?
- What are the steps to certification?
- And more…
To learn more about the Medical Device terminology, please view: ISO 13485 Definitions which covers the various classifications of medical devices across the globe.
Who is ISO 13485:2016 for?
ISO 13485:2016 is beneficial for many organizations, and can be used by suppliers and external parties that are involved with providing medical device products.
Requirements of ISO 13485:2016 are applicable to organizations regardless of their size and regardless of their type except where explicitly stated. Wherever requirements are specified as applying to medical devices, they apply equally to associated services as supplied by the organization. The requirements may vary based upon the class of medical device – from a wheelchair to a pacemaker.
The processes required by ISO 13485:2016 that are applicable to the organization, but are not performed by the organization, are the responsibility of the organization and are accounted for in the organization’s quality management system by monitoring, maintaining, and controlling the processes.
If applicable regulatory requirements permit exclusions of design and development controls, this can be used as a justification for their exclusion from the quality management system. These regulatory requirements can provide alternative approaches that are to be addressed in the quality management system. It is the responsibility of the organization to ensure that claims of conformity to ISO 13485:2016 reflect any exclusion of design and development controls.
If any requirement in Clauses 6, 7 or 8 of ISO 13485:2016 is not applicable due to the activities undertaken by the organization or the nature of the medical device for which the quality management system is applied, the organization does not need to include such a requirement in its quality management system. For any clause that is determined to be not applicable, the organization records the justification as described in 4.2.2. ISO 13485:2016 has become more harmonized internationally, and will replace the U.S.’s FDA’s regulatory requirements documentation 21 CFR 820 in 2019.
If you are ISO 13485:2016 certified, learn how to advertise your certification.
Changes from ISO 13485:2003 to ISO 13485:2016
There are several key changes between the ISO 13485:2016 requirements and ISO 13485: 2003 requirements, we will discuss the 11 key changes here, which were changed to align with the FDA.
Clause 4.1 General Requirements
The first big change is is that ISO 13485 now requires application of a risk based approach in establishing and maintaining a QMS.
4.2 General Requirements
Within 4.2, there are two major changes. First, there is a change regarding confidential health information, and second a large change is how to deal with deterioration and the loss of documents.
6.2 Human Resources
ISO 13485:2016 expands upon 2003, requiring more processes to identify that individuals are competent, that they are provided with any necessary training, and make sure that personnel, and their roles are documented.
7.2 Customer-related processes
ISO 13485:2016 adds new terms in regards to communicating with regulatory authorities relating to product information, customer feedback, and advisory notes.
7.3 Design and Development
The 2016 version of 13485 has better aligned with the FDA.
7.3.8-Design and Development Transfer
Another big change, is that this new revision has specific requirements for the transfer of products and design.
7.3.10 Design and Development Files
ISO 13485:2003 had no criteria regarding the requirements for maintaining documentation regarding design and development, in the new revision, ISO 13485:2016, these requirements are defined
There are several new requirements as it relates to purchasing. New requirements address the following:
- Monitoring and re-evaluating suppliers
- Actions to be taken when purchasing requirements are not met
- Notifying of any change in regards to purchased products
- Purchasing verification
The new standard now requires that procedures are documented as it relates to production identification and status.
8.2.2 Complaint handling
In the previous standard there was no clause addressing complaints. This has changed with the new 2016 standard.
8.2.3 Reporting to regulatory authorities
ISO 13485:2003 did not address this issue, and in the new standard there are regulations regarding ISO 13485:2016
Historic Medical Device Quality Management Systems
EN ISO 1SO 13485:2012
EN ISO 1SO 13485:2012 was a revision based off of ISO 13485:2003 established by the European Union. The EU has two standard organizations, the European Committee for Standardization (CEN) and the European Committee for Electrotechnical Standardization (CENELEC). When the CEN issues a standard based off of an ISO standard, you will see a prefix “EN” and the year will be adjusted accordingly.
The standard includes parts of ISO 9001, and was a revision of ISO 13485:2003. It was created to be compliant with CE-marking requirements. The standard’s requirements remain unchanged and the updated revision was created only for manufacturers placing devices on the market throughout Europe. ISO 13485:2003 remained the applicable standard for all other international markets, including the U.S
ISO 13485:2003/Cor 1:2009
ISO 13485:2003/Cor 1:2009 = ISO 9001:2008 + Medical Device Requirements
Technical Corrigendum 1 to ISO 13485:2003 was prepared by the ISO/TC 210 technical committee and published on January 8, 2009. It is a very brief document where the standard ISO 13485:2003 is aligned with ISO 9001:2000 and ISO 9001 is replaced with ISO 9001:2000 in pages v and vi at sub-clauses 0.3 and 0.4; in page 1 at sub-clause 1.1: and in page 25 at first paragraph of Annex B.
This document was published after the 2007 release of ISO 9001, making only minor adjustments to ISO 13485:2003. At the time, there were not enough adjustments to justify a new release of ISO 13485, but in 2016 ISO released a new revised standard ISO 13485:2016.
ISO 13485:2003 = ISO 9001:2000 + Medical Device Requirements
ISO 13485:2003 Medical Devices- Quality Management System requirements for regulatory purposes is an ISO standard, originally published in 1996. ISO 13485:2003 incorporated aspects of ISO 9001:2000 Quality Management System, but is specific to the global medical device industry.