Comité estratégico dispositivos médicos - ISO 13485 primer ...
ISO 13485:2016 Revisions Webinar
Transcript of ISO 13485:2016 Revisions Webinar
May 2, 2023© DQS Group 1
ISO 13485:2016 – The Next Revision
Richard (Rick) BurgessMedical Program Manager30 March 2016
May 2, 2023© DQS Group 2
ISO 13485:2016 – The Next Revision
Agenda and Scope
Relationship to ISO 9001
New requirements
Transition Timing
Questions
May 2, 2023© DQS Group 3
ISO 13485:2016 - Putting the pieces together
Structure
May 2, 2023© DQS Group 4
ISO 13485:2016 - Putting the pieces together
Structure
Based on ISO 9001:2008
May 2, 2023© DQS Group 5
ISO 13485:2016 - Putting the pieces together
Structure
Based on ISO 9001:2008
Does not follow the new high level structure of ISO 9001:2015
May 2, 2023© DQS Group 6
ISO 13485:2016 - Putting the pieces together
Structure
Based on ISO 9001:2008
Does not follow the new high level structure of ISO 9001:2015
Annex B shows the corresponding sections of ISO 9001:2015
May 2, 2023© DQS Group 7
ISO 13485:2016 - Putting the pieces together
Considerations for the changes:
Regulatory requirements
May 2, 2023© DQS Group 8
ISO 13485:2016 - Putting the pieces together
Considerations for the changes:
Regulatory requirements
Risk Management
May 2, 2023© DQS Group 9
ISO 13485:2016 - Putting the pieces together
Considerations for the changes:
Regulatory requirements
Risk Management
Supplier controls
May 2, 2023© DQS Group 10
ISO 13485:2016 - Putting the pieces together
Considerations for the changes:
Regulatory requirements
Risk Management
Supplier controls
Feedback
May 2, 2023© DQS Group 11
ISO 13485:2016 - Putting the pieces together
Considerations for the changes:
Regulatory requirements
Risk Management
Supplier controls
Feedback
Verification, Validation and Design Transfer
May 2, 2023© DQS Group 12
ISO 13485:2016 - Putting the pieces together
Considerations for the changes:
Regulatory requirements
Risk Management
Supplier controls
Feedback
Verification, Validation and Design Transfer
Clarifications
May 2, 2023© DQS Group 13
ISO 13485:2003 vs ISO 13485:2016
2003•Requirements for QMS that can be used by an organization for:•design and development•production•installation and servicing of medical devices•design, development, and provision of related services.
•Can also be used by internal and external parties, including certification bodies, to assess the organization’s ability to meet customer and regulatory requirements.
2016•Requirements for QMS that can be used by an organization involved in one or more stages of the life-cycle of a medical device:•design and development•production•storage and distribution•installation•servicing•final decommissioning and disposal of medical devices•and design and development, or provision of associated activities (e.g. technical support). •Can also be used by suppliers or other external parties providing product (e.g. raw materials, components, subassemblies, medical devices, sterilization services, calibration services, distribution services, maintenance services) to such organizations. The supplier or external party can voluntarily choose to conform to the requirements of this International Standard or can be required by contract to conform.
0.1 General
May 2, 2023© DQS Group 14
ISO 13485:2003 vs ISO 13485:2016
2016•When a requirement is qualified by the phrase “as appropriate”, it is deemed to be appropriate unless the organization can justify otherwise. A requirement is considered appropriate if it is necessary for:• product to meet requirements;• compliance with applicable regulatory requirements;• the organization to carry out corrective action;• the organization to manage risks.
0.2 Clarification of concepts
May 2, 2023© DQS Group 15
ISO 13485:2003 vs ISO 13485:2016
2016•When the term “risk” is used, the application of the term within the scope of this International•Standard pertains to safety or performance requirements of the medical device or meeting applicable regulatory requirements.•— When a requirement is required to be “documented”, it is also required to be established, implemented and maintained.•— When the term “product” is used, it can also mean “service”. Product applies to output that is intended for, or required by, a customer, or any intended output resulting from a product realization process.
0.2 Clarification of concepts
May 2, 2023© DQS Group 16
ISO 13485:2003 vs ISO 13485:2016
2016
• In this International Standard, the following verbal forms are used:• “shall” indicates a requirement;• “should” indicates a recommendation;• “may” indicates a permission;• “can” indicates a possibility or a capability.
• “Regulatory requirements” encompasses requirements contained laws applicable to the user of this standard. The application of “regulatory requirements” is limited to requirements for the QMS and the safety or performance of the medical device.
0.2 Clarification of concepts
May 2, 2023© DQS Group 17
ISO 13485:2003 vs ISO 13485:2016
2016
• a) understanding and meeting requirements;• b) considering processes in terms of added value;• c) obtaining results of process performance and
effectiveness;• d) improving processes based on objective
measurement.
0.3 Process Approach
May 2, 2023© DQS Group 18
ISO 13485:2003 vs ISO 13485:2016
2016
• Applicability to organizations that are involved in one or more stages of the life-cycle of a medical device.
• Use by suppliers or external parties that provide product, including quality management system-related services to medical device organizations.
• Identifies responsibilities for monitoring, maintaining, and controlling outsourced processes.
• Allows for clauses 6, 7 and 8 to be not applicable.• Clarifies that the term “regulatory requirements”
1 Scope
May 2, 2023© DQS Group 19
ISO 13485:2003 vs ISO 13485:2016
Several new definitions added and some existing definitions refined
• Customer complaint - complaint• Distributor• Importer• Labeling – redefined• Life-cycle• Manufacturer• Medical Device Family• Performance Evaluation• Post-market surveillance• Product• Purchased Product• Risk• Risk management• Sterile Barrier System
3 Terms and Definitions
May 2, 2023© DQS Group 20
ISO 13485:2003 vs ISO 13485:2016
• Requirements to document the role(s) of the organization based on applicable regulatory requirements
• Determine the processes needed and application of those processes – taking into account the roles of the organization
• Apply risk based approach to control of appropriate processes needed for QMS
• Processes changes to be evaluated for impact on QMS and products produced
• Validation of computer software utilized in the QMS
4.1 General Requirements
May 2, 2023© DQS Group 21
ISO 13485:2003 vs ISO 13485:2016
• Defines contents of medical device file• Description, purpose, labeling, IFU• Product specifications• Manufacturing procedures• Monitoring and measuring procedures• Requirements/Procedures for installation and
servicing as applicable• Requirements for the protection of confidential
health information• Prevention of deterioration or loss of documents
4.2 Documentation Requirements
May 2, 2023© DQS Group 22
ISO 13485:2003 vs ISO 13485:2016
• No significant changes to sections:• 5.1 Management Commitment• 5.2 Customer Focus
• applicable regulatory requirements• 5.3 Quality Policy• 5.4.1 Quality Objectives
• applicable regulatory requirements• 5.4.2 Quality Management System Planning• 5.5.1 Responsibility and authority• 5.5.2 Management Representative
• applicable regulatory requirements• 5.5.3 Internal Communication
5 Management Responsibility
May 2, 2023© DQS Group 23
ISO 13485:2003 vs ISO 13485:2016
• Documented procedure required• Inputs expanded
• Complaint Handling• Reporting to regulatory authorities• Monitoring and measurement of processes• Monitoring and measurement of product• Corrective action• Preventive action• Applicable new or revised regulatory requirements
• Outputs to be recorded and include the input reviewed and decisions/actions related to:• Improvement needed for QMS and processes• Improvement of product related to customr reqs• Changes needed to response to regulatory requirements• Resource needs
5.6 Management Review
May 2, 2023© DQS Group 24
ISO 13485:2003 vs ISO 13485:2016
• Requirements for documented processes for establishing competence, providing needed training and ensuring awareness of personnel
• Application of risk based approach for determining the methodology used to check effectiveness of training
6.2 Human Resources
May 2, 2023© DQS Group 25
ISO 13485:2003 vs ISO 13485:2016
• Documented requirements for infrastructure needs to achieve:• Product conformity• Prevent product mix-up• Ensure orderly handling of product
• Maintenance activities to apply (as appropriate) to equipment used in:• Production• Control of work environment• Monitoring and measurement
6.3 Infrastucture
May 2, 2023© DQS Group 26
ISO 13485:2003 vs ISO 13485:2016
• 6.4.1 Work Environment• Must document requirements for work
environments needed to meet product conformity• 6.4.2 Contamination Control
• Sterile medical devices -• Documented requirements for control of
microorganisms or particulate matter• Maintain cleanliness during assembly or
packaging process
6.4 Work Environment and contamination control
May 2, 2023© DQS Group 27
ISO 13485:2003 vs ISO 13485:2016
• Added to requirements to product realization list:• Inclusion of infrastructure and work environment
considerations• required verification, validation, monitoring,
measurement, inspection and test, handling, storage, distribution and traceability activities specific to the product together with the criteria for product acceptance;
7.1 Planning of Product Realization
May 2, 2023© DQS Group 28
ISO 13485:2003 vs ISO 13485:2016
• 7.2.1 Determination of requirements related to product• Determining if any user training is needed to ensure
performance and safe use of medical device• 7.2.2 Review of requirements related to product
• Applicable regulatory requirements are met• any user training identified is available or planned
• 7.2.3 Communication• Communication with customers shall be planned and
documented• Shall communicate with regulatory agencies
7.2 Customer Related Processes
May 2, 2023© DQS Group 29
ISO 13485:2003 vs ISO 13485:2016
• 7.3.1 General – new/unchanged• 7.3.2 Design and Development Planning
• D&D planning documents shall be maintained and updated
• Shall document:• Reviews needed at each D&D stage• Methods to ensure traceability of outputs to inputs• Resources needed
7.3 Design and Development
May 2, 2023© DQS Group 30
ISO 13485:2003 vs ISO 13485:2016
• 7.3.3 Design and Development Inputs• Addition of “usability and safety requirements”
• 7.3.4 Design and Development Outputs• No significant changes
• 7.3.5 Design and Development Review• No significant changes
7.3 Design and Development
May 2, 2023© DQS Group 31
ISO 13485:2003 vs ISO 13485:2016
• 7.3.6 Design and Development Verification• Documented verification plans
• Methods• acceptance criteria• As appropriate
• Statistical techniques• Sample size rationale
• Connection or interface to other medical devices• Confirm Outputs meet inputs when connected
7.3 Design and Development
May 2, 2023© DQS Group 32
ISO 13485:2003 vs ISO 13485:2016
• 7.3.7 Design and Development Validation• Documented validation plans
• Methods• Acceptance criteria• As appropriate
• Statistical techniques• Sample size rationale
• Conducted with representative product• Rationale for choice documented
• Connection or interface to other medical devices• Confirm requirements met when connected
7.3 Design and Development
May 2, 2023© DQS Group 33
ISO 13485:2003 vs ISO 13485:2016
• 7.3.8 Design and Development Transfer• New section• Documented procedures for transfer to manufacturing• Verify:
• Outputs suitable for manufacturing• Production capability can meet requirements
• Record of results of conclusions of transfer
7.3 Design and Development
May 2, 2023© DQS Group 34
ISO 13485:2003 vs ISO 13485:2016
• 7.3.9 Control Design and Development Changes• Determine significance of change to:
• Function• Performance• Usability• Safety• Applicable regulatory requirements
7.3 Design and Development
May 2, 2023© DQS Group 35
ISO 13485:2003 vs ISO 13485:2016
• 7.3.10 Design and Development Files• New section• File shall be maintained for each device or device family• Shall include:
• Records of conformity to D&D requirements• Records for D&D changes
7.3 Design and Development
May 2, 2023© DQS Group 36
ISO 13485:2003 vs ISO 13485:2016
• 7.4.1 Purchasing Process• Establishment of criteria for evaluation and selection of
suppliers• Supplier’s ability to provide product that meets reqs• Performance• Effect of purchased product on quality of device• Risk associated with device
• Monitoring and re-evaluation of suppliers• Non-fulfillment addressed based on:
• Risk associated with purchased product• Compliance with applicable regulatory requirements
7.4 Purchasing
May 2, 2023© DQS Group 37
ISO 13485:2003 vs ISO 13485:2016
• 7.4.2 Purchasing Information• Shall describe or reference product to be purchased
• Product specifications• Written agreements (as applicable)
• Notification of changes prior to implementation• Changes that affect ability to meet specified
requirements
7.4 Purchasing
May 2, 2023© DQS Group 38
ISO 13485:2003 vs ISO 13485:2016
• 7.4.3 Verification of Purchased Product• Based on:
• Supplier evaluation results• Risks associated with purchased product
• Notification of changes:• Determine if changes affect product realization or
device
7.4 Purchasing
May 2, 2023© DQS Group 39
ISO 13485:2003 vs ISO 13485:2016
• 7.5.1 Control of Production and Service provision• Minor changes• Production and service provision shall be planned, carried
out, monitored and controlled to ensure that product conforms to specification.
• Production controls to also include:• Qualification of infrastructure
7.5 Production and Service Provision
May 2, 2023© DQS Group 40
ISO 13485:2003 vs ISO 13485:2016
• 7.5.2 Cleanliness of Product• Minor changes• Additional requirement for cleanliness/contamination
control:• c) product cannot be cleaned prior to sterilization or its
use, and its cleanliness is of significance in use
7.5 Production and Service Provision
May 2, 2023© DQS Group 41
ISO 13485:2003 vs ISO 13485:2016
• 7.5.3 Installation Activities• No changes
• 7.5.4 Servicing Activities• Service records to be analyzed by organization or
supplier:• a) To determine if the information is to be handled as a
complaint• b) As appropriate, for input to the improvement
process• 7.5.5 Particular Requirements for sterile medical devices
• No change
7.5 Production and Service Provision
May 2, 2023© DQS Group 42
ISO 13485:2003 vs ISO 13485:2016
• 7.5.6 Validation of processes for production and service• Documented procedure to include:
• Approval of changes to the processes• Software validations
• Approach proportionate to risk in use of software• Effect on product conformity to specifications
• Validation records to include:• Results• Conclusions of validation• Necessary actions
7.5 Production and Service Provision
May 2, 2023© DQS Group 43
ISO 13485:2003 vs ISO 13485:2016
• 7.5.7 Particular Requirements for validation of processes for sterilization and sterile barrier systems• Addition of sterile barrier system validations• Validation records to include:
• Results• Conclusions of validation• Necessary actions
7.5 Production and Service Provision
May 2, 2023© DQS Group 44
ISO 13485:2003 vs ISO 13485:2016
• 7.5.8 Identification• Requires documented procedure
• Requirement that was in 7.5.3.3 of 2003 version• Unique Device Identification (UDI)
• As applicable by regulatory requirements• Shall be a documented system
7.5 Production and Service Provision
May 2, 2023© DQS Group 45
ISO 13485:2003 vs ISO 13485:2016
• 7.5.9 Traceability• No changes
• 7.5.10 Customer Property• No changes
• 7.5.11 Preservation of product• Additional requirements on protection from expected
conditions and hazards:• Design and construct of packaging and shipping
containers• Documentation of special conditions if packaging is not
enough
7.5 Production and Service Provision
May 2, 2023© DQS Group 46
ISO 13485:2003 vs ISO 13485:2016
• 7.6 Control of monitoring and measuring equipment• No changes
• 8 Measurement, analysis and improvement• 8.1 General
• No changes
May 2, 2023© DQS Group 47
ISO 13485:2003 vs ISO 13485:2016
• 8.2 Monitoring and Measurement• 8.2.1 Feedback
• Emphasis on feedback coming from both production and post-production activities
• Utilization of feedback as input to risk management for monitoring and maintaining product requirements
8 Measurement, analysis and improvement
May 2, 2023© DQS Group 48
ISO 13485:2003 vs ISO 13485:2016
• 8.2.2 Complaint Handling• New section• Requirements for procedure and timely handling of
complaints• Procedure to include:
• Receiving and recording information• Evaluating information to determine if the feedback
constitutes a complaint;• Investigating complaints;• Determining the need to report the information to the
appropriate regulatory authorities;• Handling of complaint-related product;• Determining the need to initiate corrections or
corrective actions
8 Measurement, analysis and improvement
May 2, 2023© DQS Group 49
ISO 13485:2003 vs ISO 13485:2016
• 8.2.3 Reporting to Regulatory Authorities• New section• Procedure required if applicable by regulatory
requirements• Complaints that result in need for:
• Adverse event reporting• Advisory Notices
• Records of reporting required
8 Measurement, analysis and improvement
May 2, 2023© DQS Group 50
ISO 13485:2003 vs ISO 13485:2016
• 8.2.4 Internal Audit• No changes
• 8.2.5 Monitoring and measurement of processes• No changes
• 8.2.6 Monitoring and measurement of product• Minor change• Records to identify test equipment used
8 Measurement, analysis and improvement
May 2, 2023© DQS Group 51
ISO 13485:2003 vs ISO 13485:2016
• 8.3 Control of Nonconforming Product• 8.3.1 General
• New section• Clarification of procedure requirements to define controls
and related responsibilities and authorities• Identification• Documentation• Segregation• Evaluation• Disposition
• Inclusion of determination for investigation and notification of any external party
8 Measurement, analysis and improvement
May 2, 2023© DQS Group 52
ISO 13485:2003 vs ISO 13485:2016
• 8.3 Control of Nonconforming Product• 8.3.2 Actions in Response to nonconforming product
detected before delivery• Acceptance by concession only if:
• Justification provided• Approval is obtained• Applicable regulatory requirements met
8 Measurement, analysis and improvement
May 2, 2023© DQS Group 53
ISO 13485:2003 vs ISO 13485:2016
• 8.3 Control of Nonconforming Product• 8.3.3 Actions in Response to nonconforming product
detected after delivery• Minor change• Expanded section on 2003 requirements• Addition of records requirement for Advisory Notices
• 8.3.4 Rework• No changes
8 Measurement, analysis and improvement
May 2, 2023© DQS Group 54
ISO 13485:2003 vs ISO 13485:2016
• 8.4 Analysis of Data• New requirements for:
• Determination of appropriate methods• To include statistical techniques and use
• Data to now include:• Audits• Service reports (as applicable)
• If analysis shows QMS is not sutiable, adequate or effective, analysis is to be used as input for improvements.
8 Measurement, analysis and improvement
May 2, 2023© DQS Group 55
ISO 13485:2003 vs ISO 13485:2016
• 8.5 Improvement• 8.5.1 General
• No changes• 8.5.2 Corrective Action
• Minor change• CA’s to be taken without undue delay• Verify CA has no adverse affect
• 8.5.3 Preventive Action• Minor change• Verify PA has no adverse affect
8 Measurement, analysis and improvement
May 2, 2023© DQS Group 56
ISO 13485:2016 Transition
When do we have to make the change?
May 2, 2023© DQS Group 57
ISO 13485:2016 Transition
When do we have to make the change?
Depends on your organization.
May 2, 2023© DQS Group 58
ISO 13485:2016 Transition
When do we have to make the change?
Depends on your organization.
Depends on other standards that your organization is registered to.
May 2, 2023© DQS Group 59
ISO 13485:2016 Transition
TC Recommendation
ISO TC 210 has recommended a co-existence period of 3 years
May 2, 2023© DQS Group 60
ISO 13485:2016 Transition
TC Recommendation
ISO TC 210 has recommended a co-existence period of 3 years
Recommending that: 2 years after publication (1 March 2018), all
accredited certificates be to ISO 13485:2016
May 2, 2023© DQS Group 61
ISO 13485:2016 Transition
TC Recommendation
ISO TC 210 has recommended a co-existence period of 3 years
Recommending that: 2 years after publication (1 March 2018), all
accredited certificates be to ISO 13485:2016
3 years after publication (1 March 2019), all ISO 13485:2003 certificates will not be valid
May 2, 2023© DQS Group 62
ISO 13485:2016 Transition
What if I have ISO 9001 as well?
May 2, 2023© DQS Group 63
ISO 13485:2016 Transition
What if I have ISO 9001 as well?
All ISO 9001:2008 certificates will expire September 2018
May 2, 2023© DQS Group 64
ISO 13485:2016 Transition
What if I have ISO 9001 as well?
All ISO 9001:2008 certificates will expire September 2018
Upgrade audits for ISO 9001:2015 must occur by 1 July 2018
May 2, 2023© DQS Group 65
ISO 13485:2016 – The Next Revision
May 2, 2023© DQS Group 66
DQS Inc Contact Information
DQS Inc [email protected]
Medical ProgramRick BurgessMedical Program [email protected]