Kari Miller, Regulatory and Product Management Leader, Pilgrim Quality Solutions, an IQVIA company
We’ve been talking about getting ready to meet the ISO 13485:2016 deadline for a while now, urging organizations to perform regulatory gap assessments, get a compliance update plan in place, and execute. In fact, I just reminded everyone again a few days ago in my blog about the steps to take to get compliant prior to March 1, 2019. So do we really need to address it again? Well, yes, because it is that urgent!
If your organization is currently certified to the ISO 13485:2003 standard, then it is important for you to know that before March 1, 2019, re-certification to ISO 13485:2016 will be required for your organization. You’re probably thinking that’s over a year away, we’ve got time! But consider this — from personal knowledge I can tell you that you are definitely not alone in the need to get this done within the next 12 months, and the queue for ISO 13485:2016 certification is long! Therefore, if you’re not done yet, or you haven’t even started, get some help to expedite the process.
Consequence of Inaction
ISO 13485: 2016 is the de-facto standard for Medical Devices and Medical Device Suppliers. The FDA’s sharp focus on Supplier Management and Purchasing Controls over the past few years underscores the importance of the fact that the ISO 13485 changes really close the current gaps between Purchasing and Supplier regulatory and compliance requirements. What does that mean for you? Not being certified to the new standard has bottom line impact via lost revenue, if your organization is no longer allowed to supply product, finished goods, sub-assembly’s, components, purchased parts, or raw materials.
Benefits of Compliance and Certification
Let’s take the consequence of inaction and flip it. ISO 13485: 2016 certification and compliance can be a competitive differentiator for your organization. Being certified to the industries de-facto standard will increase the likelihood that your organization will make it through your prospects and customers’ supplier evaluation and re-evaluation processes.
ISO 13485:2016 certification will aid your organization’s compliance with Medical Device Single Audit Program (MDSAP) compliance. Health Canada will be moving solely to MDSAP audits in the future, and the FDA, Australia, Japan, and Brazil are also accepting MDSAP Audit. Once your organization is over the initial increased audit scope, the savings in fewer audits will be noticeable. Finally, for those doing business in Europe, the three-year transition to EU Medical Device Regulations (MDR) has begun. ISO 13485:2016 and MDR are closely linked.
Bringing it Back to Business Terms
The primary reason for achieving ISO 13485:2016 compliance is patient safety, improved product compliance, and quality. After all, those are the drivers behind the standard. This in turn, means reduced product returns, reduced warranty costs, and increased customer satisfaction. These benefits then improve revenue and improve margins (profitability), and reduce the cost of quality, which reduces Cost of Goods Sold (COGS).
With these types of business benefits, one would think it would be easy to secure the funding needed to undergo ISO 13485:2016 certification. Unfortunately, just as we, the Quality insiders, know that a QMS system contributes greatly to the metrics of the business, the overall Business doesn’t know that unless Quality organization speaks to them in their terms.
Once again, we urge quality organizations to stop focusing the organization on the compliance stick and get them to see the carrot(s) at the end of the stick. When Quality organizations are able to do this, not only are they typically granted the funding needed to accomplish ISO 13485:2016 compliance, but the entire organization will rally around the certification effort once they understand the positive impact it will have on the bottom line. Certification will become a Company effort, not just a Quality effort.
So if you’re feeling a bit behind, make the ISO 13485:2016 certification case a business case. Rally the organization around the effort to ensure positive results for the patients you serve … as well as the organization (your organization) serving them.
Embedding Risk Within Quality Management Processes
Focus on specific quality management processes and take a closer look at how you can build risk-based thinking.