Specific  Changes  ISO  13485:2016Section  by  section  details  of  changes

About  the  Presenter

Mark  Swanson  (CMQ/OE,  CQE,  CBA)  

is  the  President  and  lead  consultant  of  

H&M  Consulting  Group;  a  group  

focused  on  helping  small  to  mid-­‐sized  

companies  have  the  same  regulatory  

and  quality  systems  knowledge  as  the  

large  medical  device  companies.

In  addition  to  this,  Mark  is  currently  the  Director  of  the  Medical  

Technology  Quality  Graduate  program  at  St.  Cloud  State  University’s  

Twin  Cities  Graduate  Center  in  Maple  Grove,  Minnesota.  This  

innovative  program  was  started  in  2012  to  provide  quality  

professionals  with  graduate  level  learning  in  the  application  of  quality  

management  principles,  particularly  for  those  in  the  key  Minnesota  

industry  of  medical  devices.  

Mark  has  spent  close  to  4  years  being  an  active  member  of  ISO  

Technical  Committee  210  (TC210),  Working  Group  1  (WG1)  working  

on  the  revision  of  ISO  13485:2003  that  is  on  track  to  be  released  in  

February  2016  and  has  also  participated  with  ISO  TC176,  WG24  on  

ISO  9001:2015.  This  work  includes  discussions  regarding  the  impact  

of  changes  on  the  ISO  quality  management  system  standards,  the  

integration  of  different  management  standards  and  how  to  

effectively  integrate  the  different  ISO  standards  and  other  

regulations  into  a  single  quality  management  system.

Changes  to  Introduction

• Explicit  addition  of  storage  and  distribution,  final  decommissioning  and  disposal  or  

provision  of  “associated  activities”  including  that  it  ‘may’  be  used  by  suppliers  

• Clarification  of  concepts  

• Information  on  the  influences  on  the  design  of  the  quality  management  system  

• Relationship  to  ISO  9001  (both  2008  &  2015)  

• Clarification  that  it  does  not  include  environmental,  occupational,  health  &  safety,  

or  financial  management

Changes  to  Scope

• Scope  includes  organizations  that  have  a  role  in  one  or  more  stages  of  the  ‘life-­‐

cycle’  

• Identification  of  ‘outsourced’  processes  

• Maintain  exclusion  for  design  control  if  permitted  by  regulatory  requirements  with  

new  option  to  “not  apply”  requirements  of  clauses  6,  7,  and  8  (with  justification)  

depending  on  organization’s  role

Changes  in  References  &  Definitions

• Updated  to  ISO  9000:2015  

• Removed:  Supply  Chain  explanation,  Active  Implantable  Medical  Device,  Active  

Medical  Device  

• Modified:  Complaint,  Labelling,  Implantable  Medical  Device,  Medical  Device  and  

Sterile  Medical  Device  

• Added:  Authorized  Representative,  Clinical  Evaluation,  Distributor,  Importer,  Life-­‐

cycle,  Manufacturer,  Medical  Device  Family,  Performance  Evaluation,  Post  Market  

Surveillance,  Product(from  9000:2005),  Purchased  Product,  Risk,  Risk  Management,  

Sterile  Barrier  System  and  Sterile  Medical  Device

Changes  to  QMS  –  General  (Section  4/4.1)

• Re-­‐organized  this  entire  clause  

• Redefined  ‘document’  to  mean:    Establish,  implement  and  maintain  (as  well  as  documenting)  

• Must  document  organization’s  role  

• Establish  risk-­‐based  approach  within  processes—proportionate  to  the  risk  

• Maintain  control  of  outsourced  processes  

• QMS  software  validation

Changes  to  QMS  –  Documentation  (4.2)

• Reorganized  paragraphs  

• Added  new  section  to  listing  of  device  master  record  file  content  

• Security  of  documents/records—prevention  of  loss  

• Control  of  records—Changes  shall  be  identifiable  &  protection  of  confidential  

health  information

Changes  to  Management  Responsibility

• Customer  focus  includes  regulatory  requirements  

• Quality  objectives  include  meeting  appropriate  regulatory  requirements  

• Management  representative—removes  customer  requirement  and  note  on  liaison

Changes  to  Management  Review

• Management  Review  -­‐  documented  procedure  with  documented  planned  interval.  

• Inputs:  reorganized  to  match  changes  in  section  8.  Removed  ‘results’  and  ‘status’  

with  intent  to  include  more  information.  

• Output:  Documentation  of  review  must  include  the  input  reviewed  and  changes  

needed  to  respond  to  new/revised  regulatory  requirements  in  addition  to  any  

other  action

Changes  to  Resource  Management

• Document  processes  for    • Establishing  competence  

• Providing  needed  training  or  other  actions  to  ‘maintain’  competency  

• Ensuring  awareness  for  personnel  

• Methodology  for  checking  effectiveness  of  training  or  other  actions  is  

proportionate  to  the  risk  of  associated  work  (in  note)

Changes  to  Resource  Management  (cont.)

Infrastructure  

• Document  requirements  when  needed  to  achieve  product  requirements,  prevent  

mix-­‐up  and  ensure  orderly  handling  of  product    

• Specified  requirement  for  documenting  maintenance  of  equipment  used:  • in  production  

• for  the  control  of  the  work  environment  

• monitoring  and  measurement

Changes  to  Resource  Management  (cont.)

Work  Environment  and  contamination  control  

• Health,  Cleanliness  and  clothing  of  personnel  (Ref.  to  14644  &  14698)  

• Added  “contamination  control”  to  this  as  a  new  sub-­‐clause  • Provide  arrangements  to  prevent  cross-­‐contamination  

• Sterile  devices—document  requirements  to  prevent  contamination  and  maintain  

cleanliness  including  microorganisms  during  assembly  and  packaging

Changes  to  Product  Realization  -­‐  Planning

• Paragraph  on  risk  management  moved  up  (Ref.  to  14971  in  note)  

• Added  infrastructure  and  work  environment  to  item  on  planning  of  provided  

resources  

• Added  determination  of  requirements  related  to  measurement,  handling,  storage,  

distribution  and  traceability  to  the  required  items

Changes  to  Product  Realization  -­‐  Customer  Related  Processes

• Applicable  regulatory  requirements  are  met.  

• User  training  needed  to  ensure  performance  and  safety  of  the  device.  

• Paragraph  added  on  communication  to  regulatory  authorities  (planned  and  

documented)  

• Note  on  inability  to  do  formal  review  removed.

Changes  to  Product  Realization  -­‐  Design  &  Development  Document  procedures  for  design  and  development  

Planning  • Maintain  (update)  planning  documents  

• Reviews  separated  from  verification/validation  

• Add  method  to  assure  traceability  (inputs/outputs)  and  resource  planning  (including  

competencies)  

Changes  to  Product  Realization  -­‐  Design  &  Development  (cont.)

Inputs  

• Add  usability  (ref.  to  IEC  62366)  

• Add  ‘standards’  as  an  input  

• Risk  management  moved  up  in  list  

• Added  processes  to  other  requirements  

• Added  ‘able  to  be  verified  or  validated’

Changes  to  Product  Realization  -­‐  Design  &  Development  (cont.)

Outputs  • In  a  form  suitable  for  verification  against  design  &  development  input  

• Approved  prior  to  product  release  

Design  and  development  review  • Additional  detail  of  information  required  in  the  records

Verification  • Planned  &  documented  arrangements  • Plan  includes:  Method,  acceptance  criteria  and  statistical  technique  with  rationale  for  

sample  size  • Connection  to  other  devices  • Report  includes:  Results  (same)  and  conclusions  (new)  

Validation  • See  above  

• Clinical/performance  evaluation  not  released  for  use  (from  notes  in  the  2003  version).  

• Use  of  production  units  (representative  product)/document  equivalency  (rationale  for  

choice  of  product)  

• Clinical  evaluation  or  performance  evaluation  in  accordance  with  regulatory  

requirements.

Changes  to  Product  Realization  -­‐  Design  &  Development  (cont.)

Design  and  Development  Transfer  -­‐  New  section  • Document  procedures  • Verify  design  outputs  are  suitable  for  manufacturing  • Verify  production  specifications  can  meet  product  requirements  

Change  Control  • Document  procedures  

• Determine  significance  of  change  to  function,  performance,  usability,  safety  &  

regulatory  requirements  

Design  and  Development  file  -­‐  New  section

Changes  to  Product  Realization  -­‐  Design  &  Development  (cont.)

Purchasing  (expanded)  

• Purchasing  process  controls—risk  based  • Supplier  evaluation  &  selection  • Supplier  monitoring  &  re-­‐evaluation  • Supplier  documentation  • Communication  

• Purchasing  information  • Addition  of  “requirements  for  qualification  of  supplier  personnel”  • Notification  of  changes  (written  agreement)  

• Verification  of  purchased  product—risk  based

Changes  to  Product  Realization  -­‐  Design  &  Development  (cont.)

Production  &  Service  

• Reworded  general  requirements  and  separated/  elevated  sections  to  provide  for  clarity  and  structure  for  auditing  (MDSAP).  

• Requirements  for  cleanliness  and  contamination  control  (separate  section)—added  to  list  if  the  product  cannot  be  cleaned.

Changes  to  Product  Realization  -­‐  Design  &  Development  (cont.)

Production  &  Service  (cont.)  

• Installation  • Documented  requirements  for  installation  and  verification  of  installation  

• Servicing  activities  • Providing  documented  procedures,  materials  and  required  measurement/

equipment  for  servicing  • Analysis  of  records—complaint  determination  and  source  for  improvement

Changes  to  Product  Realization  -­‐  Design  &  Development  (cont.)

Production  &  Service  (cont.)  

• Sterilization—batch  records  

• Validation  • Both  production  and  service  • Proportionate  to  risk  

• Sterile  barrier  systems/sterilization  validation  (ref.  to  11607  

• Identification  • Status  throughout  product  realization  • If  regulatory  requirements  require  unique  device  ID  

• Traceability—reference  to  regulatory  requirements

Changes  to  Product  Realization  -­‐  Design  &  Development  (cont.)

Production  &  Service  (cont.)  

• Customer  Property—removed  note  on  confidential  health  information  (added  to  control  of  records)  

• Preservation  of  product—packaging  validation,  record  of  conditions  if  it  impacts  product,  can  include  raw  component  or  other  assemblies.

Changes  to  Product  Realization  -­‐  Design  &  Development  (cont.)

Monitoring  &  Measurement  Equipment  

• Reference  to  10012  

• Record  adjustments  

• Calibration  performed  in  accordance  with  planned  arrangements  and  documented  procedures.  

• Validation  of  software—proportionate  to  risk

Changes  to  Product  Realization  -­‐  Design  &  Development  (cont.)

Changes  to  Measurement,  Analysis  &  Improvement

Feedback  

• Production  &  Post-­‐production  

• Input  to  risk  management  with  application  of  statistical  methodology  

• New  section  on  complaint  handling  • Procedure  required  for  requirements  and  responsibilities  • Maintain  complaint  records  • Information  exchange  to  external  party  

• New  section  on  reporting  to  regulatory  authorities

Changes  to  Measurement,  Analysis  &  Improvement  (cont.)

• Audit—calls  out  correction  and  corrective  action  and  still  includes  reference  to  19011  

• Control  of  Nonconforming  Product  • Determine  need  for  investigation  • Actions  if  Discovered  Before  Delivery  • Actions  if  Discovered  After  Delivery  

• Rework  • Separate  section  • Procedure  required

Changes  to  Measurement,  Analysis  &  Improvement  (cont.)

• Analysis  of  Data  • Added  audits  and  service  reports  as  input  • Statistical  techniques—applicable  methods  

• Improvement  • General—Evaluate  product  safety  and  effectiveness  and  use  of  post  market  

surveillance  added  • Corrective  Action  

• ”without  undue  delay”  • Update  of  documentation  • Verify  ability  to  meet  requirements  is  not  adversely  affected  

• Preventive  Action—match  with  corrective  action  with  add  of  “potential”  (except  no  review  of  nonconformity  or  ‘undue  delay’)