How Regulatory Compliance Software Can Support the ISO 13485 Standard

To successfully develop, manufacture, and distribute a safe medical device to a local or international market, it is essential that certain standards as well as regulations be met. Regulations may make the process legal, but standards can add efficiencies, credibility, and marketability that make the process and subsequent product more prodigious.

One standard in particular brings an exceptional level of global clout: the ISO 13485 standard. This fact can also make the possibility of certifying seem overwhelming. However, there are some exceptional digital tools to help you better align with the standard, such as a purpose-built digital quality management system (QMS), and other regulatory compliance software solutions that make certification a tenable reality.

Becoming Familiar With ISO 13485 Definitions

ISO 13485 is an outline of standards for developing a QMS to be used by medical device companies that are certified to the standard. It is maintained by the International Organization for Standardization (ISO). Being certified to the ISO 13485 standard demonstrates a company’s ability to develop or manufacture medical devices and related services that can consistently meet customer needs and regulatory requirements.¹ You can read an insightful brief that summarizes the standard here.

Medical Device Life Cycle

Regardless of which part of the medical device product life cycle you focus on, the ISO 13485 standard covers all stages of the product life cycle including:

• Design and development.
• Production.
• Storage and distribution.
• Installation.
• Servicing and technical support.

ISO 13485 Standard Certification

When you are ISO certified, this implies you are intentionally and consistently applying standards to your QMS where appropriate and delivering products or services that are both safe and efficacious. In order to receive ISO 13485 standard certification, you must demonstrate to an accredited (optional distinction) third-party (not anyone from ISO itself), known as a certification body, that you meet certain requirements.² ISO certification allows companies to establish a global reputation for meeting high-quality standards in the international marketplace and garner deserved trust from clients, consumers, and partners. Companies can also expect to see a return in the form of more efficient quality and manufacturing processes, less rework/scrap, and more sustainable practices and partnerships.

According to one ISO consultant, you must take the following six steps to achieve ISO certification:³

1. Plan the quality management system and write a quality manual.
2. Familiarize yourself with the standards and plan to meet regulatory requirements.
3. Implement design controls.
4. Coordinate documents, training, and production record interactions.
5. Integrate risk management and business management.
6. Supply all necessary documentation and complete all necessary certification audits.

Although ISO assumes the responsibility for outlining the standards governing the QMS, the responsibility for certifying, monitoring, maintaining, controlling, and auditing the processes that constitute the QMS falls on the company that implements the QMS.

What Is the Latest Version of the ISO 13485 Standard?

ISO 13485:2016 is the latest version of the ISO 13485 standard, last reviewed and confirmed in 2020.⁴ This version focuses heavily on risk-based planning and quality management that must include executive-level review and approval.

The ISO 13485 standard is based on the more expansive ISO 9001 standard for general quality management. However, there are specific requirements that only apply to medical device manufacturers and some general standards that have been dropped. For example, the medical device standard shifts priorities from customer satisfaction to focus more on regulatory compliance and post-market surveillance and includes specific documentation rules. It is not necessary to be certified to both standards.

There are two other current versions of the medical device standard, EN ISO 13485:2012 and CAMCAS-ISO 13485:2016, that apply to the European and Canadian markets respectively.

What Is ISO 13485/21 CFR Part 820 Harmonization About?

The importance of understanding, and possibly becoming certified to ISO 13485, is increasing considering active plans by the U.S. Food and Drug Administration (FDA) to harmonize title 21 CFR Part 820 of the federal code with the ISO 13485 standard.⁵ This section of the federal code outlines quality management system regulations for medical device manufacturers.

Although the two documents are not yet harmonized, there are some known changes that will affect medical device manufacturers and the way that they prepare for quality inspections. You can read “4 Things To Know About the 21 CFR Part 820/ISO 13485 Harmonization” to learn more about these changes.

How Can Regulatory Compliance Software Help?

International standards establish the high-level benchmarks that are necessary for a safe global marketplace. They also offer credibility and cost-savings benefits to medical device manufacturers. However, it can be a complicated journey to navigate the standards, try to reconcile them with additional regulations, and stay current as they both continue to evolve.

A purpose-built QMS designed to reflect these standards, regulations, and industry best practices does a lot of the dirty work for you, such as:

• Managing document control and eliminating paperwork.
• Automating quality event management.
• Integrating and automating training fulfillment.
• Flagging and routing corrective action/preventive action (CAPA) responsibilities.
• Keeping your QMS audit-ready.

Any help is appreciated here, especially when it comes time to manage the software validation requirements that are part of both the ISO 13485:2016 standard and 21 CFR 820. It will save you a lot of time and headaches if you can find a digital QMS that is self-validating, such as MasterControl’s Quality Excellence with its patented Validation Excellence tool, for example.

Conclusion

Although compliance with the ISO 13485 standard is not required in every region, there are many reasons to pursue certification. These include:

• Increased customer confidence.
• Enhanced marketing opportunities.
• Sustainable supplier relationships.
• Improved brand equity.
• Expedited market entry.

Even if you do not plan to pursue certification at this time, it is in your best interest to familiarize yourself with the ISO 13485 standard and ISO 13485 definitions pertinent to your region in anticipation of the harmonization of FDA regulations with the ISO standard.

References:

1. "ISO 13485:2016 Medical devices – quality management systems – Requirements for regulatory purposes,” International Organization for Standardization, ISO.org, accessed Feb 28, 2023.
2. "Certification,” International Organization for Standardization, ISO.org, accessed Feb 28, 2023.
3. "6 Steps to ISO 13485:2016 Certification,” Lewis Yasenchak, Todaysmedicaldevelopments.com, March 2017.
4. Supra note 1.
5. "Proposed Rule: Quality System Regulation Amendments — Frequently Asked Questions,” U.S. Food and Drug Administration, Feb. 22, 2022.