Kari Miller, Regulatory and Product Management Leader, Pilgrim Quality Solutions, an IQVIA company
How much effort will it take to get your organization ready for ISO 13485:2016? The February 28, 2019 deadline is now just one year away, and many organizations need to take advantage of every minute between now and then to be compliance-ready. Busy registrar schedules, combined with your company’s certificate expiration, mean that you may have less time to prepare than you think.
Medical device manufacturers that aren’t prepared for the change will need to do some heavy lifting with regard to quality management practices and processes to stay compliant with the updated standards. Do you know the level of effort needed by your organization to get ready for the new version of ISO 13485? Here is some insight on where to start.
Step 1 — The Review: Understand the changes
Regardless of the amount of “lifting” needed, a defined starting point will help you focus on making the right changes quickly. A good place to start is to identify the differences between the old and the new versions of ISO 13485. These changes are indicated in Annex A of the new standard. Additionally, a lot has been written about these differences by well-known industry experts, and that information is readily available via the internet or through on-line courses.
Step 2 – The Check-up: Assess your current state of compliance
If you’ve been keeping pace with evolving regulatory requirements around the globe, your organization will have a much simpler path to ISO 13485:2016 compliance. It depends on whether your organization is aligned with internationally converging quality regulations and guidances, as well as the maturity of your existing quality system. Conducting a Gap Analysis will allow you to identify the gaps between your current quality processes and the processes you need to have in place to comply with the new version of the standard.
It is important to examine whether your company’s Quality Management System (QMS) has evolved since the last changes in 2003 to align with:
- The Global Harmonized Task Force “GHTF” (now IMDRF) Guidance Document’s philosophy from Risk Management to Supplier Management
- The FDA Medical Device Quality System Regulation (21 CFR Part 820)
- The European Medical Device Regulations (MDR) and In Vitro Diagnostics Regulation (IVDR)
- The Medical Device Single Audit Program (MDSAP)
If you’ve been keeping pace with the above requirements, your path to ISO 13485:2016 will be relatively simple. You will need evaluate the wording that has been added to the standard to look for areas where you will still have some “minor lifting” left to do.
However, if you have not fully embraced ISO 13485:2003 (especially the footnotes defined here) and your organization is not aligned with the international standards above, then you have some “heavy lifting” to do to be ready prior to March 1, 2019 when ISO 13485:2003 certificates will no longer be valid. Many of the updates in ISO 13485:2016 are significant changes for organizations where risk, responsibility, and regulatory requirements need to be embedded into the quality system.
Step 3 – The Action Plan: Compose your step-by-step plan
Throughout your self-assessment, document your review process, the findings of your Gap Analysis, and what your organization intends to do to close the gaps prior to next year’s mandatory ISO 13485:2016 certification deadline. Let this documentation serve as a thorough body of evidence for Step 4, the ISO Audit.
Include a prioritized checklist of required updates, including the necessary resources and expected time to complete each. It is critical to map out your internal timeline. Delays could cause you to miss the mandatory deadline and you will be prohibited from gaining entry into some of your existing, as well as new markets.
Step 4 — The Audit: The Time to Act is Now
One year may seem like a long time, but at this point (if not earlier) consider this critical step – schedule an ISO Audit. At a minimum, be sure you have an estimated audit date to work toward as you will have preparation to do beforehand.
With all the changes happening in the industry, expect that your registrar (an ISO-authorized auditor) will have a backlog of audits to conduct. The average waiting time for an ISO audit is approximately 9 months at this point. If you do the math, that only leaves your organization 3 months to get fully compliant with ISO 13485:2016.
ISO 13485:2016 Affects Many Quality Management Processes
Once you have a clear grasp of the steps you will need to take to prepare for the new standard, you will require a clearer understanding, from a Quality Management System perspective, just what processes the changes to ISO 13485:2016 will impact:
- Nonconformance Management – Evaluation of nonconformances must include a determination of the need to investigate, or a documented justification for lack of investigation.
- Corrective and Preventive Action (CAPA) – Prioritize resources for completing CAPAs based upon the risk severity the respective quality problem(s) at hand.
- Training – In the updated standard there is a note that the methodology to check that training requirements and effectiveness should be proportionate to the risk associated with the work.
- Complaint Handling – The new standard includes requirements to develop and document all complaint handling procedures, not simply for customer complaints.
- Change Control – ISO 13485:2016 specifically asks us to ensure that we are evaluating both product and process changes and their impact to regulatory requirements.
- Audits – Ensure that internal audit criteria is geared toward the new standard to aid in certification preparedness as well as ensuring best practice standards are being followed.
- Supplier Quality Management – Supplier Evaluations, analysis of supplier assessments/audits and supplier audit frequency should be tied to a definable risk assessment.
All of these changes include an increased focus on risk. Risk must now be embedded in your QMS processes and cannot be handled as a stand-alone activity.
SmartSolve® is the Right Solution for ISO 13485:2016 Compliance
In short, the main objectives of ISO 13485:2016 are to reduce risk in the industry, improve patient safety and to provide a harmonized model for QMS requirements in the worldwide marketplace.
SmartSolve, an enterprise-wide QMS from Pilgrim Quality Solutions, enables compliance with ISO 13485:2016. These capabilities include closed-loop workflows, risk-based processes, embedded regulatory checklists, supplier evaluation and management activities, and more, to allow manufacturers to meet the requirements of the standard’s latest version.
Pilgrim has strengthened risk-related workflows throughout our SmartSolve quality management solutions. SmartSolve workflows such as incoming inspection, nonconformance management, CAPA, customer complaints, and change management, all provide risk-based capabilities that enable efficient and effective compliance on a global scale.
Pilgrim is With You Every Step of the Way
As a leader in quality compliance solutions for the Medical Device industry, Pilgrim is your partner in ISO 13485:2016 compliance. We’re with you every step of the way of the transition to this new regulation. The following ISO 13485:2016 transition resources will help you develop, fine tune, and implement your transition plan.
- On-demand Webinar: ISO 13485:2016 – Will Your Transition be a Marathon or a Sprint?
- On-demand Webinar: Closing the Gaps in ISO 13485:2016 Compliance
- On-demand Webinar: Choosing the Right QMS for ISO 13485:2016 Compliance
- E-Book: Embedding Risk Within Quality Management Processes