Hello,
I'm preparing to get ISO13485 certified as Importer.
We are importing medical devices (class I) in Europe, implement warranty service and sell to EMEA/CIS area.
I know it's not a requirement to get ISO13485 as Importer but we should get it by main customer's request.
In this case, There are several questions I would like to ask.
1. How should I set the scope of ISO 13485 certificate? Development & Manufacturing will be excluded as we only implement procurement, sales, warranty service and storage.
2. How far should I create procedures? I don't think we need to conduct all the activities what ISO13485 requires.
3. For example to be more specific, how do we manage risk management?
Our headquarter(Legal Manufacturer) already conduct risk management activities and have relavent risk management files.
Do we have to make risk management procedure? can we just monitor those risk management files implemented by our HQ?
or do we have to do process risk assessment? (e.g. risk assessment for each procedure)
Your feedback would be very appreciated.
Assign topic to the user
ISO 13485 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 13485 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 13485 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
1. How should I set the scope of ISO 13485 certificate? Development & Manufacturing will be excluded as we only implement procurement, sales, warranty service and storage.
Yes of course. Your scope can be Storage and distribution of medical devices type X. This is only a suggestion of wording.
2. How far should I create procedures? I don't think we need to conduct all the activities what ISO13485 requires.
Of course, you do not need all procedures. Definitively, the following procedures are not applicable to your company:
- 6.4 Contamination control procedure
- 7.5.3 Installation procedure
- 7.5.4 Service procedure
- 7.5.7 Sterilization procedure
- 7.5.9.2Sterilization validation procedure
Consider the procedure for production (7.5) as the procedure for service. Take into account that everywhere in the standard where "production" is written, you should read it as "service", because your core business is the provision of distribution and storage services (if).
All other procedures are necessary, but it is adaptable to your business.
3. For example to be more specific, how do we manage risk management? Our headquarter(Legal Manufacturer) already conduct risk management activities and have relavent risk management files.
Do we have to make risk management procedure? can we just monitor those risk management files implemented by our HQ? Or do we have to do process risk assessment? (e.g. risk assessment for each procedure)
Yes, you need to have a risk management procedure and have to make the risk assessment. Of course, within your risk assessment, you will cover only risks that can occur on the device during storage and distribution. Please note that we are only talking about risks that can affect the safe use of the medical product. So, risks that you can have risks within storage (wrong temperature, damage to the packaging) and during transport.
Thank you very much for your answer.
I would like to ask additional following questions.
1. Why do we need any procedures related to 7.3 Design and development? as we do not implement any design & development activities.
2. Regarding risk management, you are more focusing on the "Product". I thought this concept of risk managment activities shall be done within design & development process before production. Like... this /IFUfunction can lead misuse of the device.
Isn't there difference between "risk management for product" and "risk management for process"?
Should I manage only one risk management procedure and make risk assessment for applicable process? (e.g. Sales, procurement, logistic(storage, distribution), warranty Service)
1. Why do we need any procedures related to 7.3 Design and development? as we do not implement any design & development activities.
Sorry, you are right, you do not need Design and development.
2. Regarding risk management, you are more focusing on the "Product". I thought this concept of risk managment activities shall be done within design & development process before production. Like... this /IFUfunction can lead misuse of the device.
Isn't there difference between "risk management for product" and "risk management for process"?
Should I manage only one risk management procedure and make risk assessment for applicable process? (e.g. Sales, procurement, logistic(storage, distribution), warranty Service)
ISO 14971:2019 which is the standard for risk management for manufacturers of medical devices, looks only for risks from the medical device point of view. Of course, you will analyze it according to the processes, but from the medical device aspect. This means that in your risk analysis, you will not analyze the risks of, for example, weak sales, financial results, risks related to the construction increase of the warehouse, or the financial risks of purchasing new vehicles for transport. The risk analysis for medical products according to ISO 14971:2019, deals only with those risks that can affect the correctness and safety of the product. These are, first of all, storage and transport conditions, manipulation in storage and transport so as not to damage the product, and the necessary paperwork that must go with the product, which contains information essential for the use of the product itself (such as valid product certificates, instructions for use, installation instructions (if applicable)).
Thank you very much, Kristina.
So the main purpose of risk analysis no matter its device and procedure, is for compliance to regulations and safety.
Best regards,
Comment as guest or Sign in
Jul 04, 2023