Search results

Differences between ISO 13485:2003 and ISO 13485:2016

1. What are the exact differences between ISO 13485:2003, ISO 13485:2016?

The European standard, EN ISO 13485:2012 Medical Devices - Quality Management Systems - Requirements for Regulatory Purposes, has been published, after approval by CEN on January 24, 2012. This replaces EN ISO 13485: 2003, although the text of the global standard ISO 13485:2003 is unchanged, only the foreword and annexes in the European version have been revised. Therefore, there are no different requirements in ISO 13485:2012 compared to ISO 13485:2003. 

To identify new requirements of ISO 13485:2016 vs 13485:2003, at the end of the new ISO 13485:2016, in Annex A there is a table - Comparison of content between ISO 13485:2003 and ISO 13485:2016, where you can see all new requirements and differentiation between these two versions.  

On the following link, there is an article with the list of mandatory documents required by ISO 13485:2016: https://advisera.com/13485academy/blog/2017/01/18/list-of-mandatory-documents-required-by-iso-134852016/ 

On the following link you can download free matrix ISO 13485:2016 vs. ISO 13485:2003: https://info.advisera.com/13485academy/free-download/iso-13485-2016-vs-iso-13485-2003-matrix

Also, you can find on Advisera 13485 blog a lot of articles considering certain requirements from ISO 13485: 2016 and how you can fulfill them: ISO 13485 Blog https://advisera.com/13485academy/blog/

2. What portions of FDA cGMPS, are being revised to comply with ISO 13485:2016?

While adherence to ISO 13485 is not explicitly required, FDA 21 CFR Part 820 Quality System Regulations is the law for medical device companies manufacturing and selling products for the U.S. market. there are some differences between FDA 21 CFR Part 820 and ISO 13485. Yet prior to the publishing of ISO 13485:2016, it has been a very common practice for medical device companies to establish a QMS to address both FDA 21 CFR Part 820 and ISO 13485:2003.

For more information about differences and similarities between FDA 21 CFR Part 820 and ISO 13485, please see the following link:

• Differences and similarities between FDA 21 CFR Part 820 and ISO 13485 https://advisera.com/13485academy/blog/2017/10/05/differences-and-similarities-between-fda-21-cfr-part-820-and-iso-13485/

• SAR

  Employees, like other data subjects, have the right to access their personal data. When you receive a SAR (Subject Access Request) you need to reply without undue delay (usually one month) and you can extend such a period to another month for complex requests.

  You need to give access to the employee to data stored excluded for documents subjects to legal privilege (i.e. legal advice on the employee), data concerning third parties, disproportionate request.

  You should also inform the employee about the categories and the purposes of data processing, how data have been processed, the legal ground of processing, the source of data (if data were not communicated by the employee), data retention periods, other data subjects rights, if data had been transferred to third parties, security measures if any automated processing method applies. Usually, all this information is included in the employee privacy policy.

  Please consider that if the SAR is too generic you can ask for clarification to the employee, if the employee is not legitimate to access, you can reply with a denial, but do not ignore the request otherwise the employee can lodge a complaint to the Data Protection Authority of your country.

  Here you can find more information:

  • Data subject rights according to GDPR https://advisera.com/eugdpracademy/knowledgebase/8-data-subject-rights-according-to-gdpr//
  • Four main questions for obtaining and managing data subjects’ consent under GDPR https://advisera.com/eugdpracademy/knowledgebase/four-main-questions-for-obtaining-and-managing-data-subjects-consent-under-gdpr/
  • How the GDPR could impact your HR department https://advisera.com/eugdpracademy/blog/2018/02/22/how-the-gdpr-could-impact-your-hr-department/ 

  If you want to know more about GDPR compliance you can consider enrolling in this EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

• 15223-1 and 13485 certification question

  Do i need to purchase iso 15223-1 in order to comply with a medical device app?

  Yes, you need to purchase this standard. But please be careful because the new revision of this standard is currently under development: ISO/DIS 15223-1 Medical devices — Symbols to be used with medical device labels, labeling, and information to be supplied — Part 1: General requirements.

  There are some new symbols that are applicable to all medical devices, regarding the type of medical device.   

  Furthermore, can the iso 13485 certification and the CE certification be done by the same organization?

  Yes, both certifications can be done by the same Notify body, moreover, it is recommended and expected. 

  The following article regarding compliance with the MDR requirements for medical device labels can be helpful:

  • How to comply with the MDR requirements for medical device labels https://advisera.com/13485academy/blog/2020/09/20/how-to-create-medical-device-labels-compliant-with-mdr/

  • What do I need to become a NRTL?

    Yes, ISO 17025 is the international Standard that is applicable to testing and calibration laboratories, providing general requirements for the competence, impartiality and consistent operation of laboratories. The first step to establishing your Quality Management system is to purchase a copy of ISO 17025:2017. I then recommend some training to assist you understand the purpose, scope and intent of the standard. Thereafter do a project plan to make sure everyone involved understand what it will take to implement the mandatory policies, processes, document the mandatory procedures, perform risk assessments and implement the record keeping and technical requirements. Once you have implemented all the activities, and have some evidence of successful implementation, for example an audit programme and corrective action procedure, the next step will be to contact your accreditation body to obtain a quote for you initial assessment. Ensure you have completed a full gap audit before the assessment, allowing enough time to close the gaps.

    Have a look at how the ISO/IEC 17025:2017 Documentation Toolkit may assist you, available at https://advisera.com/17025academy/iso-17025-documentation-toolkit/

    and download some free tools at https://advisera.com/17025academy/free-downloads/

    • Project Plan for ISO/IEC 17025 implementation
    • Diagram of ISO 17025 Implementation Process

    For some more information here are some useful resources, Download the complimentary white papers:

    • Clause-by-clause explanation of ISO 17025:2017 at https://info.advisera.com/17025academy/free-download/clause-by-clause-explanation-of-iso-17025/
    • Checklist of mandatory documents required by ISO 17025:2017 at https://info.advisera.com/17025academy/free-download/checklist-of-mandatory-documents-required-by-iso-17025
      and watch the Free webinar – What are the steps in the ISO 17025 accreditation process? https://advisera.com/17025academy/webinar/what-are-the-steps-in-the-iso-17025-accreditation-process-free-webinar-on-demand/

  • Lot number coding

    No, there is no template for coding lot/batch number since it is very specific for each company and the medical device itself. We have section 3.3.7 Identification and traceability in the 11_Procedure_for_Production_and_Service_Provision where we describe what has to be done and what responsibilities there are.

    There is no regulations for medical devices which elements LOT number must have, so you can define it in any way that you find the most appropriate. Usually, it contains information about the location where the product is manufactured (in case when the company has several locations), date of the production, year of the production; sometimes it can have a production line on it and so on. 

    However, be careful that from May 2021. You will need a UDI number. Which elements are necessary to be part of UDI number you can find in the following articles from Medical device regulative 2017/745:

    • EU MDR Article 27 – Unique Device Identification system - https://advisera.com/13485academy/mdr/unique-device-identification-system/
    • EU MDR Annex 6 – Information to be submitted upon the registration of devices and economic operators in accordance with Articles 29(4) and 31; core data elements to be provided to the UDI database together with the UDI-DI in accordance with Articles 28 and 29; and the UDI system - https://advisera.com/13485academy/mdr/information-to-be-submitted-upon-the-registration-of-devices-and-economic-operators-in-accordance-with-articles-294-and-31-core-data-elements-to-be-provided-to-the-udi-database-together-with-the-ud/

    For more information please see the following article:

    • How to comply with the MDR requirements for medical device labels - https://advisera.com/13485academy/blog/2020/09/20/how-to-create-medical-device-labels-compliant-with-mdr/

    • Risk and opportunities

      Think about what your organization expects as desired results from each of these departments. Think also about the undesired results that you want to avoid.
      So, for example, what can be expected from each department:

      • Increase brand notoriety (Marketing)
      • Reduce delivery delays (Production)
      • Reduce defects that are received by customers (Quality Control)
      • Keep talented people (Human Resources)
      • Good decisions about the whole organization (Management)
      • Reduce transportation costs (Logistics)
      • Reduce defects imported from suppliers (Purchasing)
      • Increase time between equipment failure (Maintenance)

      Then, start thinking about events that can introduce uncertainty and deviate from meeting the desired results. For example, concerning Production:

      • Delays from suppliers
      • Equipment breakdowns
      • Wrong planning
      • Lack of workers
      • Defective raw materials
      • Workers lacking the necessary skills

      You can also think about events that can introduce positive uncertainty and help meet or surpass the desired results. For example, concerning Maintenance:

      • Old equipment that is more likely to break down replaced by newer, more reliable equipment
      • Use of more reliable parts suppliers
      • Better preventive maintenance

      You can find more information below.

      • How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
      • Does ISO 9001 require a procedure for addressing risks and opportunities?: https://advisera.com/9001academy/blog/2017/10/10/does-iso-9001-require-a-procedure-for-addressing-risks-and-opportunities/
      • For a free preview of an example of the Registry of Key Risks and Opportunities - https://advisera.com/9001academy/documentation/registry-of-key-risks-and-opportunities/
      • Free webinar on demand - How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/
      • Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
      • Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

    • ISO 9001: 2008 vs ISO 9001: 2015

      Algunos de los cambios más importantes en ISO 9001:2015 con respecto a ISO 9001:2008 son los siguientes:

      - un esquema común en las normas que forma parte de la estructura de alto nivel que hace que la integración sea más sencilla

      - eliminación del manual de calidad y del representante de la dirección

      - inclusión de la determinación del contexto de la organización así como de las partes interesadas

      - control de proveedores externos 

      - Introducción del pensamiento basado en riesgos y la eliminación de la acción preventiva

      - Los registros y documentos pasan a llamarse información documentada

      - Refuerzo del enfoque basado en procesos

       

      Para mas información sobre las diferencias entre ISO 9001:2008 e ISO 9001:2015 vea los siguientes materiales:

      - Infografía ISO 9001:2015 vs revisión del 2008: qué ha cambiado: https://advisera.com/9001academy/pt-br/kit-de-documentacao-da-iso-9001/nowledgebase/infografia-iso-90012015-vs-revision-del-2008-que-ha-cambiado/

      - Curso gratuito en línea - Fundamentos de la norma ISo 9001:2015:  https://advisera.com/es/formacion/curso-fundamentos-iso-9001/

      - Libro - ISO 9001:2015 through practical examples:  https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

    • Environment microbial limits

      You should be guided by you sector and any regulations, standards or specifications applicable to your scope of work and tests being performed. For example, the requirements for Food and Agriculture differ from Health and medicine. The intention is that conditions should not adversely affect the validity of your results. Look to guidance documents for your specific sector, e.g. from the FDA, USP or EU on microbial controls. There are also a number of ISO Standards, for Example ISO 14160:2020 Sterilization of health care products — Liquid chemical sterilizing agents for single-use medical devices utilizing animal tissues and their derivatives — Requirements for characterization, development, validation and routine control of a sterilization process for medical devices.

      There is a clear need to perform a risk assessment for each test or calibration method and associated activities in the laboratory’s scope of work. Then you can determine what facilities and environmental conditions are suitable and what controls (measures) are required to provide the consistent conditions.

      For more information, see the ISO 17025 toolkit Facilities and Environmental Condition Procedure at https://advisera.com/17025academy/documentation/facilities-and-environmental-condition-procedure/

      The following articles may assist further:

      What does ISO 17025:2017 require for laboratory measurement equipment and related procedures? at https://advisera.com/17025academy/blog/2019/07/25/iso-17025-measurement-requirements-of-the-standard/

      Five-step laboratory risk management according to ISO 17025:2017 at https://advisera.com/17025academy/blog/2019/12/05/iso-17025-risk-management-in-five-steps and the webinar How to manage risks in laboratories according to ISO 17025 at https://advisera.com/17025academy/webinar/iso-17025-risk-management-how-to-manage-it-free-webinar-on-demand/

    • Is it necessary having third party come to certify accuracy of my equipment periodically

      You asked

      do I have to have a third party come in a certify the accuracy of my equipment periodically?  

      The requirement is to ensure the correct capability and performance of you equipment and to document the calibrations for all equipment that contribute to the overall measurement uncertainty of test or calibration results .This means having a linked unbroken calibration chain and known measurement uncertainty (MU). Then on an ongoing basis maintain confidence  (clause 6.4.10) by either performing your own intermediate checks or perhaps own calibrations. Whether you can do you own calibrations all depends on the type of equipment, knowledge of standards and specifications required, and the purpose. If you require measurement uncertainty (MU) values to use in you uncertainty calculation then an external ISO 17025 accredited laboratory can provide that, giving you the required metrological traceability, the MU and a suitable ISO 17025 calibration report. Also consider requirements from your accreditation body as they will typically have a policy on the options or approach required. 

      You also asked

      If so how often?"

      The calibration period must be determined by you, based on accreditation body requirements, risk or best practices. Refer to ILAC (international organisation for accreditation bodies) for policies and guidelines.

      Consider, for example, that the annual calibration of a weight set that is used for routine analytical balance verification may be excessive, if the personnel are trained to handle the weights properly, and they suitably stored. For your sensors and gauges, you should refer to recommendations from suppliers and best practices.

      The article: What does ISO 17025:2017 require for laboratory measurement equipment and related procedures? at https://advisera.com/17025academy/blog/2019/07/25/iso-17025-measurement-requirements-of-the-standard/

      The ISO 17025 toolkit document template: Equipment and Calibration Procedure at https://advisera.com/17025academy/documentation/equipment-and-calibration-procedure/

      Also refer to  ILAC P10:07/2020 ILAC Policy on Metrological Traceability of Measurement Results and ILAC G24:2007 Guidelines for the determination of calibration intervals of measuring instruments, available from https://ilac.org/publications-and-resources/