More Related Content Similar to ISO 13485:2016 Revisions Webinar (20) ISO 13485:2016 Revisions Webinar1. ISO 13485:2016 –
The Next Revision
Richard (Rick) Burgess
Medical Program Manager
30 March 2016
© DQS Group 1April 6, 2016
2. ISO 13485:2016 – The Next Revision
April 6, 2016© DQS Group 2
Agenda and Scope
Relationship to ISO 9001
New requirements
Transition Timing
Questions
3. ISO 13485:2016 - Putting the pieces together
April 6, 2016© DQS Group 3
Structure
4. ISO 13485:2016 - Putting the pieces together
April 6, 2016© DQS Group 4
Structure
Based on ISO 9001:2008
5. ISO 13485:2016 - Putting the pieces together
April 6, 2016© DQS Group 5
Structure
Based on ISO 9001:2008
Does not follow the new high level
structure of ISO 9001:2015
6. ISO 13485:2016 - Putting the pieces together
April 6, 2016© DQS Group 6
Structure
Based on ISO 9001:2008
Does not follow the new high level
structure of ISO 9001:2015
Annex B shows the corresponding sections
of ISO 9001:2015
7. ISO 13485:2016 - Putting the pieces together
April 6, 2016© DQS Group 7
Considerations for the changes:
Regulatory requirements
8. ISO 13485:2016 - Putting the pieces together
April 6, 2016© DQS Group 8
Considerations for the changes:
Regulatory requirements
Risk Management
9. ISO 13485:2016 - Putting the pieces together
April 6, 2016© DQS Group 9
Considerations for the changes:
Regulatory requirements
Risk Management
Supplier controls
10. ISO 13485:2016 - Putting the pieces together
April 6, 2016© DQS Group 10
Considerations for the changes:
Regulatory requirements
Risk Management
Supplier controls
Feedback
11. ISO 13485:2016 - Putting the pieces together
April 6, 2016© DQS Group 11
Considerations for the changes:
Regulatory requirements
Risk Management
Supplier controls
Feedback
Verification, Validation and Design Transfer
12. ISO 13485:2016 - Putting the pieces together
April 6, 2016© DQS Group 12
Considerations for the changes:
Regulatory requirements
Risk Management
Supplier controls
Feedback
Verification, Validation and Design Transfer
Clarifications
13. ISO 13485:2003 vs ISO 13485:2016
2003
• Requirements for QMS that can be used by an
organization for:
• design and development
• production
• installation and servicing of medical devices
• design, development, and provision of related services.
• Can also be used by internal and external parties,
including certification bodies, to assess the organization’s
ability to meet customer and regulatory requirements.
2016
• Requirements for QMS that can be used by an
organization involved in one or more stages of the life-
cycle of a medical device:
• design and development
• production
• storage and distribution
• installation
• servicing
• final decommissioning and disposal of medical devices
• and design and development, or provision of associated
activities (e.g. technical support).
• Can also be used by suppliers or other external parties
providing product (e.g. raw materials, components,
subassemblies, medical devices, sterilization services,
calibration services, distribution services, maintenance
services) to such organizations. The supplier or external
party can voluntarily choose to conform to the
requirements of this International Standard or can be
required by contract to conform.
April 6, 2016© DQS Group 13
0.1 General
14. ISO 13485:2003 vs ISO 13485:2016
2016
• When a requirement is qualified by the phrase
“as appropriate”, it is deemed to be
appropriate unless the organization can justify
otherwise. A requirement is considered
appropriate if it is necessary for:
• product to meet requirements;
• compliance with applicable regulatory
requirements;
• the organization to carry out corrective
action;
• the organization to manage risks.
April 6, 2016© DQS Group 14
0.2 Clarification of concepts
15. ISO 13485:2003 vs ISO 13485:2016
2016
• When the term “risk” is used, the application of the
term within the scope of this International
• Standard pertains to safety or performance
requirements of the medical device or meeting
applicable regulatory requirements.
• — When a requirement is required to be
“documented”, it is also required to be established,
implemented and maintained.
• — When the term “product” is used, it can also
mean “service”. Product applies to output that is
intended for, or required by, a customer, or any
intended output resulting from a product
realization process.
April 6, 2016© DQS Group 15
0.2 Clarification of concepts
16. ISO 13485:2003 vs ISO 13485:2016
2016
• In this International Standard, the following verbal
forms are used:
• “shall” indicates a requirement;
• “should” indicates a recommendation;
• “may” indicates a permission;
• “can” indicates a possibility or a capability.
• “Regulatory requirements” encompasses
requirements contained laws applicable to the user
of this standard. The application of “regulatory
requirements” is limited to requirements for the
QMS and the safety or performance of the medical
device.
April 6, 2016© DQS Group 16
0.2 Clarification of concepts
17. ISO 13485:2003 vs ISO 13485:2016
2016
• a) understanding and meeting requirements;
• b) considering processes in terms of added value;
• c) obtaining results of process performance and
effectiveness;
• d) improving processes based on objective
measurement.
April 6, 2016© DQS Group 17
0.3 Process Approach
18. ISO 13485:2003 vs ISO 13485:2016
2016
• Applicability to organizations that are involved in
one or more stages of the life-cycle of a medical
device.
• Use by suppliers or external parties that provide
product, including quality management system-
related services to medical device organizations.
• Identifies responsibilities for monitoring,
maintaining, and controlling outsourced processes.
• Allows for clauses 6, 7 and 8 to be not applicable.
• Clarifies that the term “regulatory requirements”
April 6, 2016© DQS Group 18
1 Scope
19. ISO 13485:2003 vs ISO 13485:2016
Several new definitions added and some existing
definitions refined
• Customer complaint - complaint
• Distributor
• Importer
• Labeling – redefined
• Life-cycle
• Manufacturer
• Medical Device Family
• Performance Evaluation
• Post-market surveillance
• Product
• Purchased Product
• Risk
• Risk management
• Sterile Barrier System
April 6, 2016© DQS Group 19
3 Terms and Definitions
20. ISO 13485:2003 vs ISO 13485:2016
• Requirements to document the role(s) of the
organization based on applicable regulatory
requirements
• Determine the processes needed and application of
those processes – taking into account the roles of
the organization
• Apply risk based approach to control of appropriate
processes needed for QMS
• Processes changes to be evaluated for impact on
QMS and products produced
• Validation of computer software utilized in the QMS
April 6, 2016© DQS Group 20
4.1 General Requirements
21. ISO 13485:2003 vs ISO 13485:2016
• Defines contents of medical device file
• Description, purpose, labeling, IFU
• Product specifications
• Manufacturing procedures
• Monitoring and measuring procedures
• Requirements/Procedures for installation and
servicing as applicable
• Requirements for the protection of confidential
health information
• Prevention of deterioration or loss of documents
April 6, 2016© DQS Group 21
4.2 Documentation Requirements
22. ISO 13485:2003 vs ISO 13485:2016
• No significant changes to sections:
• 5.1 Management Commitment
• 5.2 Customer Focus
• applicable regulatory requirements
• 5.3 Quality Policy
• 5.4.1 Quality Objectives
• applicable regulatory requirements
• 5.4.2 Quality Management System Planning
• 5.5.1 Responsibility and authority
• 5.5.2 Management Representative
• applicable regulatory requirements
• 5.5.3 Internal Communication
April 6, 2016© DQS Group 22
5 Management Responsibility
23. ISO 13485:2003 vs ISO 13485:2016
• Documented procedure required
• Inputs expanded
• Complaint Handling
• Reporting to regulatory authorities
• Monitoring and measurement of processes
• Monitoring and measurement of product
• Corrective action
• Preventive action
• Applicable new or revised regulatory requirements
• Outputs to be recorded and include the input
reviewed and decisions/actions related to:
• Improvement needed for QMS and processes
• Improvement of product related to customr reqs
• Changes needed to response to regulatory requirements
• Resource needs
April 6, 2016© DQS Group 23
5.6 Management Review
24. ISO 13485:2003 vs ISO 13485:2016
• Requirements for documented processes for
establishing competence, providing needed training
and ensuring awareness of personnel
• Application of risk based approach for determining
the methodology used to check effectiveness of
training
April 6, 2016© DQS Group 24
6.2 Human Resources
25. ISO 13485:2003 vs ISO 13485:2016
• Documented requirements for infrastructure needs to
achieve:
• Product conformity
• Prevent product mix-up
• Ensure orderly handling of product
• Maintenance activities to apply (as appropriate) to
equipment used in:
• Production
• Control of work environment
• Monitoring and measurement
April 6, 2016© DQS Group 25
6.3 Infrastucture
26. ISO 13485:2003 vs ISO 13485:2016
• 6.4.1 Work Environment
• Must document requirements for work
environments needed to meet product conformity
• 6.4.2 Contamination Control
• Sterile medical devices -
• Documented requirements for control of
microorganisms or particulate matter
• Maintain cleanliness during assembly or
packaging process
April 6, 2016© DQS Group 26
6.4 Work Environment and contamination control
27. ISO 13485:2003 vs ISO 13485:2016
• Added to requirements to product realization list:
• Inclusion of infrastructure and work environment
considerations
• required verification, validation, monitoring,
measurement, inspection and test, handling,
storage, distribution and traceability activities
specific to the product together with the criteria for
product acceptance;
April 6, 2016© DQS Group 27
7.1 Planning of Product Realization
28. ISO 13485:2003 vs ISO 13485:2016
• 7.2.1 Determination of requirements related to product
• Determining if any user training is needed to ensure
performance and safe use of medical device
• 7.2.2 Review of requirements related to product
• Applicable regulatory requirements are met
• any user training identified is available or planned
• 7.2.3 Communication
• Communication with customers shall be planned and
documented
• Shall communicate with regulatory agencies
April 6, 2016© DQS Group 28
7.2 Customer Related Processes
29. ISO 13485:2003 vs ISO 13485:2016
• 7.3.1 General – new/unchanged
• 7.3.2 Design and Development Planning
• D&D planning documents shall be maintained and
updated
• Shall document:
• Reviews needed at each D&D stage
• Methods to ensure traceability of outputs to inputs
• Resources needed
April 6, 2016© DQS Group 29
7.3 Design and Development
30. ISO 13485:2003 vs ISO 13485:2016
• 7.3.3 Design and Development Inputs
• Addition of “usability and safety requirements”
• 7.3.4 Design and Development Outputs
• No significant changes
• 7.3.5 Design and Development Review
• No significant changes
April 6, 2016© DQS Group 30
7.3 Design and Development
31. ISO 13485:2003 vs ISO 13485:2016
• 7.3.6 Design and Development Verification
• Documented verification plans
• Methods
• acceptance criteria
• As appropriate
• Statistical techniques
• Sample size rationale
• Connection or interface to other medical devices
• Confirm Outputs meet inputs when connected
April 6, 2016© DQS Group 31
7.3 Design and Development
32. ISO 13485:2003 vs ISO 13485:2016
• 7.3.7 Design and Development Validation
• Documented validation plans
• Methods
• Acceptance criteria
• As appropriate
• Statistical techniques
• Sample size rationale
• Conducted with representative product
• Rationale for choice documented
• Connection or interface to other medical devices
• Confirm requirements met when connected
April 6, 2016© DQS Group 32
7.3 Design and Development
33. ISO 13485:2003 vs ISO 13485:2016
• 7.3.8 Design and Development Transfer
• New section
• Documented procedures for transfer to manufacturing
• Verify:
• Outputs suitable for manufacturing
• Production capability can meet requirements
• Record of results of conclusions of transfer
April 6, 2016© DQS Group 33
7.3 Design and Development
34. ISO 13485:2003 vs ISO 13485:2016
• 7.3.9 Control Design and Development Changes
• Determine significance of change to:
• Function
• Performance
• Usability
• Safety
• Applicable regulatory requirements
April 6, 2016© DQS Group 34
7.3 Design and Development
35. ISO 13485:2003 vs ISO 13485:2016
• 7.3.10 Design and Development Files
• New section
• File shall be maintained for each device or device family
• Shall include:
• Records of conformity to D&D requirements
• Records for D&D changes
April 6, 2016© DQS Group 35
7.3 Design and Development
36. ISO 13485:2003 vs ISO 13485:2016
• 7.4.1 Purchasing Process
• Establishment of criteria for evaluation and selection of
suppliers
• Supplier’s ability to provide product that meets reqs
• Performance
• Effect of purchased product on quality of device
• Risk associated with device
• Monitoring and re-evaluation of suppliers
• Non-fulfillment addressed based on:
• Risk associated with purchased product
• Compliance with applicable regulatory requirements
April 6, 2016© DQS Group 36
7.4 Purchasing
37. ISO 13485:2003 vs ISO 13485:2016
• 7.4.2 Purchasing Information
• Shall describe or reference product to be purchased
• Product specifications
• Written agreements (as applicable)
• Notification of changes prior to implementation
• Changes that affect ability to meet specified
requirements
April 6, 2016© DQS Group 37
7.4 Purchasing
38. ISO 13485:2003 vs ISO 13485:2016
• 7.4.3 Verification of Purchased Product
• Based on:
• Supplier evaluation results
• Risks associated with purchased product
• Notification of changes:
• Determine if changes affect product realization or
device
April 6, 2016© DQS Group 38
7.4 Purchasing
39. ISO 13485:2003 vs ISO 13485:2016
• 7.5.1 Control of Production and Service provision
• Minor changes
• Production and service provision shall be planned, carried
out, monitored and controlled to ensure that product
conforms to specification.
• Production controls to also include:
• Qualification of infrastructure
April 6, 2016© DQS Group 39
7.5 Production and Service Provision
40. ISO 13485:2003 vs ISO 13485:2016
• 7.5.2 Cleanliness of Product
• Minor changes
• Additional requirement for cleanliness/contamination
control:
• c) product cannot be cleaned prior to sterilization or its
use, and its cleanliness is of significance in use
April 6, 2016© DQS Group 40
7.5 Production and Service Provision
41. ISO 13485:2003 vs ISO 13485:2016
• 7.5.3 Installation Activities
• No changes
• 7.5.4 Servicing Activities
• Service records to be analyzed by organization or supplier:
• a) To determine if the information is to be handled as a
complaint
• b) As appropriate, for input to the improvement process
• 7.5.5 Particular Requirements for sterile medical devices
• No change
April 6, 2016© DQS Group 41
7.5 Production and Service Provision
42. ISO 13485:2003 vs ISO 13485:2016
• 7.5.6 Validation of processes for production and service
• Documented procedure to include:
• Approval of changes to the processes
• Software validations
• Approach proportionate to risk in use of software
• Effect on product conformity to specifications
• Validation records to include:
• Results
• Conclusions of validation
• Necessary actions
April 6, 2016© DQS Group 42
7.5 Production and Service Provision
43. ISO 13485:2003 vs ISO 13485:2016
• 7.5.7 Particular Requirements for validation of processes for
sterilization and sterile barrier systems
• Addition of sterile barrier system validations
• Validation records to include:
• Results
• Conclusions of validation
• Necessary actions
April 6, 2016© DQS Group 43
7.5 Production and Service Provision
44. ISO 13485:2003 vs ISO 13485:2016
• 7.5.8 Identification
• Requires documented procedure
• Requirement that was in 7.5.3.3 of 2003 version
• Unique Device Identification (UDI)
• As applicable by regulatory requirements
• Shall be a documented system
April 6, 2016© DQS Group 44
7.5 Production and Service Provision
45. ISO 13485:2003 vs ISO 13485:2016
• 7.5.9 Traceability
• No changes
• 7.5.10 Customer Property
• No changes
• 7.5.11 Preservation of product
• Additional requirements on protection from expected
conditions and hazards:
• Design and construct of packaging and shipping
containers
• Documentation of special conditions if packaging is not
enough
April 6, 2016© DQS Group 45
7.5 Production and Service Provision
46. ISO 13485:2003 vs ISO 13485:2016
• 7.6 Control of monitoring and measuring equipment
• No changes
• 8 Measurement, analysis and improvement
• 8.1 General
• No changes
April 6, 2016© DQS Group 46
47. ISO 13485:2003 vs ISO 13485:2016
• 8.2 Monitoring and Measurement
• 8.2.1 Feedback
• Emphasis on feedback coming from both production and
post-production activities
• Utilization of feedback as input to risk management for
monitoring and maintaining product requirements
April 6, 2016© DQS Group 47
8 Measurement, analysis and improvement
48. ISO 13485:2003 vs ISO 13485:2016
• 8.2.2 Complaint Handling
• New section
• Requirements for procedure and timely handling of
complaints
• Procedure to include:
• Receiving and recording information
• Evaluating information to determine if the feedback
constitutes a complaint;
• Investigating complaints;
• Determining the need to report the information to the
appropriate regulatory authorities;
• Handling of complaint-related product;
• Determining the need to initiate corrections or
corrective actions
April 6, 2016© DQS Group 48
8 Measurement, analysis and improvement
49. ISO 13485:2003 vs ISO 13485:2016
• 8.2.3 Reporting to Regulatory Authorities
• New section
• Procedure required if applicable by regulatory
requirements
• Complaints that result in need for:
• Adverse event reporting
• Advisory Notices
• Records of reporting required
April 6, 2016© DQS Group 49
8 Measurement, analysis and improvement
50. ISO 13485:2003 vs ISO 13485:2016
• 8.2.4 Internal Audit
• No changes
• 8.2.5 Monitoring and measurement of processes
• No changes
• 8.2.6 Monitoring and measurement of product
• Minor change
• Records to identify test equipment used
April 6, 2016© DQS Group 50
8 Measurement, analysis and improvement
51. ISO 13485:2003 vs ISO 13485:2016
• 8.3 Control of Nonconforming Product
• 8.3.1 General
• New section
• Clarification of procedure requirements to define controls
and related responsibilities and authorities
• Identification
• Documentation
• Segregation
• Evaluation
• Disposition
• Inclusion of determination for investigation and
notification of any external party
April 6, 2016© DQS Group 51
8 Measurement, analysis and improvement
52. ISO 13485:2003 vs ISO 13485:2016
• 8.3 Control of Nonconforming Product
• 8.3.2 Actions in Response to nonconforming product
detected before delivery
• Acceptance by concession only if:
• Justification provided
• Approval is obtained
• Applicable regulatory requirements met
April 6, 2016© DQS Group 52
8 Measurement, analysis and improvement
53. ISO 13485:2003 vs ISO 13485:2016
• 8.3 Control of Nonconforming Product
• 8.3.3 Actions in Response to nonconforming product
detected after delivery
• Minor change
• Expanded section on 2003 requirements
• Addition of records requirement for Advisory Notices
• 8.3.4 Rework
• No changes
April 6, 2016© DQS Group 53
8 Measurement, analysis and improvement
54. ISO 13485:2003 vs ISO 13485:2016
• 8.4 Analysis of Data
• New requirements for:
• Determination of appropriate methods
• To include statistical techniques and use
• Data to now include:
• Audits
• Service reports (as applicable)
• If analysis shows QMS is not sutiable, adequate or
effective, analysis is to be used as input for improvements.
April 6, 2016© DQS Group 54
8 Measurement, analysis and improvement
55. ISO 13485:2003 vs ISO 13485:2016
• 8.5 Improvement
• 8.5.1 General
• No changes
• 8.5.2 Corrective Action
• Minor change
• CA’s to be taken without undue delay
• Verify CA has no adverse affect
• 8.5.3 Preventive Action
• Minor change
• Verify PA has no adverse affect
April 6, 2016© DQS Group 55
8 Measurement, analysis and improvement
58. ISO 13485:2016 Transition
April 6, 2016© DQS Group 58
When do we have to make the change?
Depends on your organization.
Depends on other standards that your
organization is registered to.
60. ISO 13485:2016 Transition
April 6, 2016© DQS Group 60
TC Recommendation
ISO TC 210 has recommended a co-
existence period of 3 years
Recommending that:
2 years after publication (1 March 2018), all
accredited certificates be to ISO 13485:2016
61. ISO 13485:2016 Transition
April 6, 2016© DQS Group 61
TC Recommendation
ISO TC 210 has recommended a co-
existence period of 3 years
Recommending that:
2 years after publication (1 March 2018), all
accredited certificates be to ISO 13485:2016
3 years after publication (1 March 2019), all
ISO 13485:2003 certificates will not be valid
64. ISO 13485:2016 Transition
April 6, 2016© DQS Group 64
What if I have ISO 9001 as well?
All ISO 9001:2008 certificates will expire September 2018
Upgrade audits for ISO 9001:2015 must occur by 1 July
2018
66. DQS Inc Contact Information
April 6, 2016© DQS Group 66
DQS Inc
1-800-285-4476
customerservice@dqsus.com
www.dqsus.com
Medical Program
Rick Burgess
Medical Program Manager
Richard.Burgess@dqsus.com
763-229-9833