ISO 13485 2003

INTRODUCTION

 ISO 13485 is a Quality Management Standard for Medical Devices

NEW STANDARD EFFECTIVE JULY 15, 2003

ISO 13485:2003

ISO published the new ISO 13485: 2003 standard on July 15, 2003.
It replaces the old ISO 13485:1996 and ISO 13488:1996 standards.

You have until July 15, 2006 to make the transition to the new standard.
On that date the old standards will expire. So if you're now ISO 13485:1996
or ISO 13488:1996 certified, you're going to have to update your quality
management system in order to meet the new ISO 13485 2003 requirements.

INTRODUCTION TO ISO 13485

Use ISO 13485 2003:

• To establish a quality management system that is oriented towards the design, development, production, and installation of medical devices and related services.

• To demonstrate your ability to supply medical devices and related services that meet customer expectations and comply with regulatory requirements.

• To evaluate how well your organization is able to meet customer expectations and comply with regulatory requirements.

• To become certified or registered.

ISO 13485 is not a product standard. It's a process standard. Therefore, it's not enough to establish a quality management system that complies with the ISO 13485 standard, you also need to comply with all relevant product and service oriented technical standards and regulations.

ISO 13485 VERSUS ISO 9001

ISO 13485:2003 is based on the ISO 9001:2000 quality management standard. Both standards are organized in the same way and use basically the same numbering system. In addition, most of the ISO 13485 requirements are taken directly from ISO 9001 without modification.

However, some ISO 9001 requirements were modified and others were excluded. Of course, ISO 13485 also includes a special set of requirements specifically related to the supply of medical devices and related services. In general, ISO 13485 is made up of two kinds of requirements: old ISO 9001 requirements and new requirements that are specifically related to medical devices and associated services.

ISO 13485 excludes ISO 9001 requirements related to continual improvement and customer satisfaction. Continual improvement is excluded because most medical device regulations require organizations to maintain their quality management systems, not to improve them. And customer satisfaction is excluded because committee members thought it was too subjective.

When ISO 9001 wants you to document a procedure, it also wants you to implement and maintain it. Section 4.2.1 of ISO 13485 expands on this idea by including requirements, activities, and special arrangements. More precisely:

• When ISO 13485 wants you to document a procedure, the standard also wants you to implement and maintain it.
• When ISO 13485 wants you to document a requirement, the standard also wants you to implement and maintain it.
• When ISO 13485 wants you to document an activity, the standard also wants you to implement and maintain it.
• When ISO 13485 wants you to document an arrangement, the standard also wants you to implement and maintain it.

But you don't have to remember this rule. Our plain English publication (Title 45) makes this expectation explicit whenever a procedure, requirement, activity, or special arrangement must be documented. It does so by explicitly asking you not only to document it but also to implement and maintain it.

ISO 13485 also places a greater emphasis on the use of procedures to regulate and control how activities and processes should be performed. In this sense, ISO 13485 is somewhat more prescriptive than ISO 9001. ISO 9001 often leaves it up to you to decide how work should be controlled, whereas ISO 13485 seems to have removed some of this flexibility by insisting on the use of formal procedures.

Since ISO 13485 is all about medical devices and related services, it of course adds many new requirements to address the specific needs of this industry. Our plain English publication (Title 45) highlights these new requirements by using blue text and a different font.

POSSIBLE EXCLUSIONS

ISO 9001 2000 says that you may exclude or ignore some requirements if you can justify doing so. You can exclude section 7 product realization requirements if you cannot apply them because of the nature of your organization and its products. Similarly, ISO 13485 2003 says that you can exclude section 7 requirements if they are not applicable in your situation because of the nature of your organization's medical devices.

You may also exclude section 7.3 design and development if official regulations allow you to do so and if you have made alternative arrangements that comply with these regulations.

Occasionally ISO 13485 uses the phrase “if appropriate” or “where appropriate”. When a requirement uses this phrase, you may ignore or exclude it if you can justify doing so.

Whenever you decide to exclude or  ignore an ISO 13485 requirement make sure that you've got a good reason. Make sure you can justify and explain why, and make sure this explanation is documented in your quality manual.

POSSIBLE EXCLUSIONS

ISO 9001 2000 says that you may exclude or ignore some requirements if you can justify doing so. You can exclude section 7 product realization requirements if you cannot apply them because of the nature of your organization and its products. Similarly, ISO 13485 2003 says that you can exclude section 7 requirements if they are not applicable in your situation because of the nature of your organization's medical devices.

You may also exclude section 7.3 design and development if official regulations allow you to do so and if you have made alternative arrangements that comply with these regulations.

Occasionally ISO 13485 uses the phrase “if appropriate” or “where appropriate”. When a requirement uses this phrase, you may ignore or exclude it if you can justify doing so.

Whenever you decide to exclude or  ignore an ISO 13485 requirement make sure that you've got a good reason. Make sure you can justify and explain why, and make sure this explanation is documented in your quality manual.

HOW TO DEVELOP A QMS

In order to become certified, you need to develop a Quality Management System (QMS) that complies with the ISO 13485 2003 standard. But how do you do that?

One common approach is to carry out a Gap Analysis. Such an analysis will identify the gaps that exist between the new standard and your organization's processes. Once you know exactly what and where your gaps are, you can take steps to fill them. And once all of your gaps are filled, your Quality Management System will be ISO 13485 2003 compliant. By using this approach, you will not only meet the new ISO 13485 standard, but you will also improve the overall effectiveness of your Quality Management System.

If you need to develop a Quality Management System that meets the new ISO 13485 2003 standard, we suggest that you use our Gap Analysis Tool (Title 46).

Once you've completed your Gap Analysis and filled all of the gaps, you're ready to ask a Registrar to audit the effectiveness of your quality management system. If your auditors like what they see, they will certify that your quality system has met ISO's requirements. They will then issue an official certificate to you and record your achievement in their registry.