How to Get ISO 13485 Certification?

Get ISO 13485 Certification

ISO 13485 is a QMS standard necessary for medical device manufacturing. let’s discuss in brief the ISO 13485 certification process and FAQs related to them. As an ISO 13485 certification consultant, we guide manufacturers to get ISO 13485 certification.

What is ISO 13485?

ISO 13485 is a standard company that is either involved in manufacturing or providing services in the medical device industry. ISO 13485 acts as a guideline and provides a structure for companies to establish their Quality Management Systems.

Simply put, ISO 13485 is a set of requirements defined by The International Organization for Standardization, designed to be used by medical device manufacturers as a form of quality management system. But then again, there is a big difference between being ISO 13485 certified and being compliant with ISO 13485:2016, the medical devices quality management systems standard.

Looking for Medical Device Regulatory Consultants?

ISO 13485 was written to support medical device manufacturers in designing quality management systems that establish and maintain the effectiveness of their processes. It ensures the consistent design, development, production, installation, and delivery of medical devices that are safe for their intended purpose.

Anyone can claim compliance with the standard. Certification, however, requires that an accredited certification body has followed the requirements. To maintain that certification, you must maintain your quality system’s effectiveness and endure both annual surveillance audits and a re-certification audit once every three years.

How to get ISO 13485 Certification?

ISO 13485 Certification Process :

Step one:

  • Planning the quality system:

The first step in every quality system is planning. Most people refer to the Deming Cycle or Plan-Do-Check-Act (PDCA) Cycle when they describe how to implement a quality system. You need to document the quality plans to implement the changes to your QMS. 

However, when you are implementing a full quality system, you need to break the “doing” part of the PDCA cycle into many small tasks rather than one big task. You also can’t implement a quality system alone. Quality systems are not the responsibility of the quality manager alone. Implementing a quality system is the responsibility of everyone in top management. 

  • Regulatory requirements: 

Once you decide your target market for your medical devices establish compliance with other medical device regulations for example if you are developing your quality plan for US medical device companies then you must comply with 21 CFR part 820. 

  • Documents, training, and records:

The quality manual should define the process interaction for your quality system. The documents will spread light on what is being tested by quality control. 

  • Management review process: 

Conducting your first management review.

To make sure that you have inputs for each of the 12 requirements in the ISO 13485:2016 standard, it is recommended to conduct your management review only after you have completed your full quality system audit and initiated some corrective actions. If possible, you should also conduct supplier audits for any contract manufacturers or contract sterilizers. It is recommended to use a template for that management review that is organized in the order of the required inputs to ensure that none of the necessary inputs are skipped. 

Conducting your first internal audit 

The purpose of the internal audit is to verify the effectiveness of the quality system and to identify nonconformities before the certification body auditor finds them. To successfully achieve this secondary objective, it is essential to have a more rigorous internal audit than you expect for the certification audit. Therefore, the internal audit should be of equal duration or longer in duration than the certification audit. The internal audit should not consist of a desktop review of procedures. Reviewing procedures should be part of gap analysis, which is conducted on draft procedures before they are approved. Internal audits should utilize the process approach to auditing, and the auditor should apply a risk-based approach. 

After your internal audit, you will receive an internal audit report from the auditor. You should also expect findings from the internal auditor, and you should expect opportunities for improvement (OFI) to be identified. 

  • ISO 13485 Certification Audit:

The certification body is expected to interview process owners and sample records to verify that the quality system has been implemented. Certification body auditors will also typically verify that your company has conducted a full quality system audit and at least one management review. 

Finally, the auditor will usually select a process such as corrective action and preventive action (CAPA) to make sure that you are identifying problems with the quality system and taking appropriate measures to address those problems. 

The audit objectives for the Stage 2 ISO 13485 certification audit specifically include evaluating the effectiveness of your quality system in the following areas: 

  • Applicable regulatory requirements 
  • Product and process-related technologies 
  • Technical documentation 

All procedures will be reviewed for compliance with ISO 13485:2016 and the applicable regulations. The auditor will also sample records from each process. If the auditor identifies any nonconformity during the audit, it is important to record the findings and begin planning corrective actions immediately. If you have any questions regarding the expectations for the investigation of the root cause, corrections, corrective actions, and effectiveness checks, you should ask the auditor during the audit or the closing meeting.  At a minimum, you must submit a corrective action plan for each finding to your MDSAP auditing organization (AO) within 15 calendar days of receiving the finding. 

ISO 13485 is a voluntary standard, but it satisfies most European Union quality management system requirements and demonstrates compliance with medical device directives. As well as harmonizing regulatory requirements, there are many other benefits of being certified to ISO 13485. 

 

ISO 13485 Medical Devices FAQ :

ISO 13485:2016 specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements. We have briefly discussed on how to get ISO 13485 certification, still many device makers ask us some doubts . Here we are putting some FAQ’s to provide solutions for their doubts . 

Is ISO 13485 standards mandatory in India? 

A standard is not mandatory. But must say that in Europe, for Medical Device Companies, the ISO 13485 standard is recommended. Why? because to get a certified quality system, you need to find a Notified Body that will approve it.  There is no notified body capable to certify you for anything else than ISO 13485 for medical device companies. They can still review the Quality System that you built but sure they will find many reasons to say that it is not compliant. So in reality, if you want to sell a Medical Device in Europe, ISO 13485 is your only choice. 

Why was ISO 13485 revised and what are the main improvements? 

All ISO standards are reviewed every five years to establish if a revision is required in order to keep it current and relevant for the marketplace. ISO 13485:2016 is designed to respond to the latest quality management system practices, including changes in technology and regulatory requirements and expectations. The new version has a greater emphasis on risk management and risk-based decision making, as well as changes related to the increased regulatory requirements for organizations in the supply chain. 

How long it takes to create an ISO 13485 QMS? 

If you hire or contract someone who brings templates of all of the necessary documents and then go about revising these templates to fit your organization. (4–6 months). It’s going to be a lot longer if you start with a blank screen. Document packages are available to purchase online. Choose a registered body (TUV, BSI, NSAI, etc) and schedule a Phase 1 audit. A Phase 1 only requires that you have the Quality Manual and SOP’s in place that comply with ISO 13485. (2–3 months) 

Assuming you pass the Phase 1, the organization has to exercise the SOP’s with records to document that you’ve used the SOP’s effectively. Depending on where the organization is developmentally – this can be a challenge. Once you’ve demonstrated that you’ve exercised the procedures, schedule the Phase 2 audit. (3–9 months). Once the audit is completed successfully, you get your cert within 3 months. 

Why is ISO 13485 important? 

In the medical devices industry, quality management goes hand-in-hand with safety, and both are non-negotiables. Requirements like those set out by ISO 13485 are strictly enforced throughout every stage of a medical device’s life-cycle, including stages after manufacturing like delivery, service, and maintenance. 

Organizations using ISO 13485 can be involved in any stage of the medical devices life-cycle. Design, development, production, distribution, servicing; even supporting activities like maintenance and customer service. Increasingly, ISO 13485 is becoming necessary for medical devices companies to compete for customer attention. This is because audits by customers (2nd party audits) are becoming less common due to the rise of 1st party (internal) and 3rd party (external, for certification) audits. 

What is ISO 13485 requirements? 

ISO 13485:2016 specifies requirements for a Quality Management System to produce ISO medical devices and related services that consistently meet customer and applicable regulatory requirements. Requirements of ISO 13485:2016 are applicable to organizations regardless of their size and regardless of their type, except where explicitly stated. Wherever requirements are specified as applying to medical devices, the requirements apply equally to associated services supplied by the organization. The ISO 13485 structure is split into eight sections, with the first three being introductory, and the last five containing the mandatory requirements for the Quality Management System. Here is what the five main sections are about: 

  • Quality Management System 
  • Management Responsibility 
  • Resource Management 
  • Product Realization 
  • Measurement, Analysis and Improvement 

ISO 13485 is the most common medical device QMS regulatory standard in the world. It is focused on maintaining QMS effectiveness and meeting regulatory and customer requirements. Since different countries often have different standards, ISO 13485 is intended to provide a globally harmonized model of QMS requirements for international markets. 

As medical device regulatory consultants, Operon Strategist provides quality-assured consultancy services. Contact us for further details.

Operon Strategist
+ posts
Share on:
Scroll to Top