ISO 13485Medical devices -- Quality management systems -- Requirements for regulatory purposes is a voluntary standard, [1] published by International Organization for Standardization (ISO) for the first time in 1996, and contains a comprehensive quality management system for the design and manufacture of medical devices. The latest version of this standard supersedes earlier documents such as EN 46001 (1993 and 1996) and EN 46002 (1996), the previously published ISO 13485 (1996 and 2003), and ISO 13488 (also 1996).
The current ISO 13485 edition was published on 1 March 2016. [2]
Though it is tailored to the industry's quality system expectations and regulatory requirements, an organization does not need to be actively manufacturing medical devices or their components to seek certification to this standard, in contrast to the automotive sector's ISO/TS 16949, where only firms with an active request for quotation, or on the bid list, of an International Automotive Task Force supply chain manufacturer can seek registration. [3]
While it remains a stand-alone document, ISO 13485 is generally harmonized with ISO 9001. A principal difference, however, is that ISO 9001 requires the organization to demonstrate continual improvement, whereas ISO 13485 requires only that the certified organization demonstrate the quality system is effectively implemented and maintained. Additionally, the ISO 9001 requirements regarding customer satisfaction are absent from the medical device standard. [4]
ISO 13485 places specific emphasis on resource and environment management, tailored to the medical device and software sectors. For example, the standard requires organizations to ensure that their personnel are not only qualified but also adequately trained to understand and implement regulatory requirements. Moreover, the infrastructure and work environment must support compliance and safety. In software engineering for medical devices, this extends to maintaining cybersecurity measures and ensuring a development environment free from potential risks to data integrity or software reliability. [5]
Other specific differences include:
Compliance with ISO 13485 is often viewed as the initial step in ensuring adherence to European regulatory requirements. This is particularly significant when it comes to assessing the conformity of Medical Devices and In-vitro Diagnostic Medical Devices in accordance with European Union Directives 93/42/EEC, 90/385/EEC, and 98/79/EEC before allowing their sale. A fundamental aspect of proving conformity lies in the establishment and implementation of a Quality Management System compliant with ISO 9001, ISO 13485, and ISO 14971. While it's important to note that the European Union Directives don't explicitly mandate certification to ISO 9001 and/or ISO 13485, it is the preferred approach for demonstrating compliance to these standards, and this certification is issued by specialized organizations referred to as "Registrars."
Furthermore, some of these registrars also serve as Notified Bodies, which play a pivotal role in the pre-market assessment of certain medical devices. When a Notified Body conducts a thorough evaluation and issues a positive assessment, it results in the coveted certificate of conformity, granting the CE mark and the authorization to market the medical device within the European Union. It's important to underline that the Notified Body's assessment scrutinizes the company's Quality Management System in great detail, along with a meticulous review of the requisite Technical Documentation. This comprehensive evaluation is a crucial element that the Notified Body takes into account when granting the certificate of conformity for the company's product or products.
In summary, the journey to compliance with European regulatory requirements for medical devices entails a multi-faceted approach, with ISO 13485 serving as a cornerstone and the involvement of Notified Bodies as a key step to gain the necessary certifications and permissions for market access in the European Union.
This standard adopted by CEN as EN ISO 13485:2003/AC:2007 is harmonized with respect to the European medical device directives 93/42/EEC, 90/385/EEC and 98/79/EC. [6]
ISO 13485 is now considered to be inline standard and requirement for medical devices even with "Global Harmonization Task Force Guidelines" (GHTF). [7] The GHTF guidelines are slowly becoming universal standards for design, manufacture, export and sales of various medical devices. The GHTF has been replaced in the last few years by the International Medical Device Regulators Forum (IMDRF) [8] and is structured differently from the GHTF as only the regulators, that are primary members of the group, get to make many of the decisions. The IMDRF main membership (the regulators) do want to have non-regulators involved without voting rights and in this way they are hoping to get the process and documents completed quicker than under the GHTF system (regulators & non-regulators were equal in voting rights) that worked reasonably well, but somewhat slow.
This standard adopted by CEN as EN ISO 13485:2012 is harmonized with respect to the European Medical Devices Directive 93/42/EEC. [9]
Mexico published on October 11, 2012, a national standard as a Norma Oficial Mexicana (NOM) to control manufacture of medical devices inside the country. NOM-241-SSA1-2012, Buenas Practicas de Fabricación para Establecimientos dedicados a la Fabricación de Dispositivos Médicos. [10] The scope of application is mandatory in the national territory, for all establishments dedicated to the process of medical devices marketed in the country. The Cofepris is the body assigned to its control, verification and to grant the records of compliance to the companies that implement this Standard of Good Manufacturing Practices. This standard is partially in line with ISO 13485: 2003 and ISO 9001: 2008.
In 2017, The Farmacopea de los Estados Unidos Mexicanos (United Mexican States Pharmacopoeia), medical industrial sectors and Cofepris are working together for updating NOM-241 Standard, putting special attention on managing risks during manufacture and regulating by manufacturing lines some of the most important medical devices manufacturing processes. This standard will be published in August 2018, and 180 days after publication it will become mandatory for the industry.
In Spain, medical devices are named in ISO-13485 as "Sanitary Products" as Castellano-language translation of ISO-13485, but in Mexico they are known as "Medical Devices" and correspond to those used in medical practice and that meet the definition established by NOM-241 as: Medical device, to the substance, mixture of substances, material, apparatus or instrument (including the computer program necessary for its proper use or application), used alone or in combination in the diagnosis, monitoring or prevention of human or auxiliary diseases in the treatment of the same and of the disability, as well as the employees in the replacement, correction, restoration or modification of the anatomy or human physiological processes. Medical devices include products of the following categories: medical equipment, prostheses, orthotics, functional aids, diagnostic agents, supplies for dental use, surgical, healing and hygiene products. ISO 13485:2016 Certificates meets the requirement of IEC 60601-2-25 : 1993 + A1: 1999 safety of Electrocardiograms.
Year | Description |
---|---|
1993 | EN 46001 Quality systems – Medical devices – Particular requirements for the application of EN ISO 9001 is published by the European Committee for Standardization (CEN), forming the basis for developing ISO 13485. |
1996 | ISO 13485 (1st Edition). |
2000 | EN ISO 13485 is published by CEN, creating a European Norm version of the international standard, and the previous European standard (EN 46001) is withdrawn. |
2003 | ISO 13485 (2nd Edition). |
2012 | EN ISO 13485 is revised so that it harmonizes with the three European directives associated with the medical sector: 93/42/EEC (medical devices), 98/79/EC (in vitro diagnostic medical devices), and 90/385/EEC (active implantable medical devices). |
2016 | ISO 13485 (3rd Edition). |
A quality management system (QMS) is a collection of business processes focused on consistently meeting customer requirements and enhancing their satisfaction. It is aligned with an organization's purpose and strategic direction. It is expressed as the organizational goals and aspirations, policies, processes, documented information, and resources needed to implement and maintain it. Early quality management systems emphasized predictable outcomes of an industrial product production line, using simple statistics and random sampling. By the 20th century, labor inputs were typically the most costly inputs in most industrialized societies, so focus shifted to team cooperation and dynamics, especially the early signaling of problems via a continual improvement cycle. In the 21st century, QMS has tended to converge with sustainability and transparency initiatives, as both investor and customer satisfaction and perceived quality are increasingly tied to these factors. Of QMS regimes, the ISO 9000 family of standards is probably the most widely implemented worldwide – the ISO 19011 audit regime applies to both and deals with quality and sustainability and their integration.
Conformance testing — an element of conformity assessment, and also known as compliance testing, or type testing — is testing or other activities that determine whether a process, product, or service complies with the requirements of a specification, technical standard, contract, or regulation. Testing is often either logical testing or physical testing. The test procedures may involve other criteria from mathematical testing or chemical testing. Beyond simple conformance, other requirements for efficiency, interoperability, or compliance may apply. Conformance testing may be undertaken by the producer of the product or service being assessed, by a user, or by an accredited independent organization, which can sometimes be the author of the standard being used. When testing is accompanied by certification, the products or services may then be advertised as being certified in compliance with the referred technical standard. Manufacturers and suppliers of products and services rely on such certification including listing on the certification body's website, to assure quality to the end user and that competing suppliers are on the same level.
The ISO 9000 family is a set of international standards for quality management systems. It was developed in March 1987 by International Organization for Standardization. The goal of it is to help organizations ensure that they meet customer and other stakeholder needs within the statutory and regulatory requirements related to a product or service. The ISO refers to the set of standards as a "family", bringing together the standard for quality management systems and a set of "supporting standards", and their presentation as a family facilitates their integrated application within an organisation. ISO 9000 deals with the fundamentals and vocabulary of QMS, including the seven quality management principles that underlie the family of standards. ISO 9001 deals with the requirements that organizations wishing to meet the standard must fulfill. A companion document, ISO/TS 9002, provides guidelines for the application of ISO 9001. ISO 9004 gives guidance on achieving sustained organizational success.
Medical software is any software item or system used within a medical context, such as reducing the paperwork, tracking patient activity
The presence of the logo on commercial products indicates that the manufacturer or importer affirms the goods' conformity with European health, safety, and environmental protection standards. It is not a quality indicator or a certification mark. The CE marking is required for goods sold in the European Economic Area (EEA); goods sold elsewhere may also carry the mark.
A medical device is any device intended to be used for medical purposes. Significant potential for hazards are inherent when using a device for medical purposes and thus medical devices must be proved safe and effective with reasonable assurance before regulating governments allow marketing of the device in their country. As a general rule, as the associated risk of the device increases the amount of testing required to establish safety and efficacy also increases. Further, as associated risk increases the potential benefit to the patient must also increase.
Quality management ensures that an organization, product or service consistently functions well. It has four main components: quality planning, quality assurance, quality control, and quality improvement. Quality management is focused both on product and service quality and the means to achieve it. Quality management, therefore, uses quality assurance and control of processes as well as products to achieve more consistent quality. Quality control is also part of quality management. What a customer wants and is willing to pay for it, determines quality. It is a written or unwritten commitment to a known or unknown consumer in the market. Quality can be defined as how well the product performs its intended function.
Dental laboratories manufacture or customize a variety of products to assist in the provision of oral health care by a licensed dentist. These products include crowns, bridges, dentures and other dental products. Dental lab technicians follow a prescription from a licensed dentist when manufacturing these items, which include prosthetic devices and therapeutic devices. The FDA regulates these products as medical devices and they are therefore subject to FDA's good manufacturing practice ("GMP") and quality system ("QS") requirements. In most cases, however, they are exempt from manufacturer registration requirements. Some of the most common restorations manufactured include crowns, bridges, dentures, and dental implants. Dental implants is one of the most advanced dental technologies in the field of dentistry.
A European Authorised Representative (E.A.R.) serves as a legal entity designated by non European Union (EU) manufacturers, to represent them in the EU and ensure their compliance with the European Directives. The CE certificate and declaration of conformity can only be issued by a company located in the European Union.
Croatian Register of Shipping, also known as CRS, is an independent classification society established in 1949. It is a non-profit organisation working on the marine market, developing technical rules and supervising their implementation, managing risk and performing surveys on ships. The Society's head office is in Split.
A notified body, in the European Union, is an organisation that has been designated by a member state to assess the conformity of certain products, before being placed on the EU market, with the applicable essential technical requirements. These essential requirements are publicised in European directives or regulations.
The Bureau of Indian Standards (BIS) is the National Standards Body of India under Department of Consumer affairs, Ministry of Consumer Affairs, Food & Public Distribution, Government of India. It is established by the Bureau of Indian Standards Act, 2016 which came into effect on 12 October 2017. The Minister in charge of the Ministry or Department having administrative control of the BIS is the ex-officio President of the BIS. BIS has 500 plus scientific officers working as Certification Officers, Member secretaries of technical committees and lab OIC's.
ISO 14971Medical devices — Application of risk management to medical devices is a voluntary consensus standard, published by International Organization for Standardization (ISO) for the first time in 1998, and specifies terminology, principles, and a process for risk management of medical devices.
Global Medical Device Nomenclature (GMDN) is a system of internationally agreed generic descriptors used to identify all medical device products. This nomenclature is a naming system for products which include those used for the diagnosis, prevention, monitoring, treatment or alleviation of disease or injury in humans.
IEC 62304 – medical device software – software life cycle processes is an international standard published by the International Electrotechnical Commission (IEC). The standard specifies life cycle requirements for the development of medical software and software within medical devices. It has been adopted as national standards and therefore can be used as a benchmark to comply with regulatory requirements.
The Machinery Directive, Directive 2006/42/EC of the European Parliament and of the Council of 17 May 2006 is a European Union directive concerning machinery and certain parts of machinery. Its main intent is to ensure a common safety level in machinery placed on the market or put in service in all member states and to ensure freedom of movement within the European Union by stating that "member states shall not prohibit, restrict or impede the placing on the market and/or putting into service in their territory of machinery which complies with [the] Directive".
Harmonization is the process of minimizing redundant or conflicting standards which may have evolved independently. The name is also an analogy to the process to harmonizing discordant music.
The Annex SL is a section of the ISO/IEC Directives part 1 that prescribes how ISO Management System Standard (MSS) standards should be written. The aim of Annex SL is to enhance the consistency and alignment of MSS by providing a unifying and agreed-upon high level structure, identical core text and common terms and core definitions. The aim being that all ISO Type A MSS are aligned and the compatibility of these standards is enhanced.
Regulation (EU) 2017/745 is a regulation of the European Union on the clinical investigation and placing on the market of medical devices for human use. It repealed Directive 93/42/EEC on Medical Devices (MDD) and Directive 90/385/EEC on active implantable medical devices (AIMDD).
A custom-made medical device, commonly referred to as a custom-made device (CMD) or a custom device, is a medical device designed and manufactured for the sole use of a particular patient. Examples of custom-made medical devices include auricular splints, dentures, orthodontic appliances, orthotics and prostheses.