Introduction
As with every Quality Management System, we need to understand the standard and how it relates to our processes. We need to be aware of the requirements and best practice guidelines beneficial to our operations.
Quality is everyones business as it takes the team to uphold high standards with confidence in our customers, partners and the community. We are to have trust in quality and have it in the centre of our business.
Standards allow to maintain quality within a company with its all operational functions.
ISO13485:2016 - History
ISO is non-governmental organisation established in 1947 based in Geneva. Over 23000 standards have been developed by their technical committees. ISO13485:2016 is an international standard for Medical Devices - Quality Management System (QMS). The standard specifies the requirements that an organisation needs to fulfil when implementing the QMS.
It is applicable to organisations which are involved in one or more activities of the lifecycle:
* design and development
* manufacturing
* distribution
* storage
* sterilisation
* installation, or
* servicing of Medical Devices
In 1993 EN46001 "Quality System. Medical Devices. Particular Requirements for the application of ISO9001" was first introduced in Europe. It was used as a basis for development of the ISO 13485. It was published first time internationally in 1996 - specifically for designing and manufacturing of Medical Devices. First major revision of the standard was in 2003 and the current edition in 2016.
Process approach
The ISO 13485:2016 is based on process approach when implementing the QMS. It meant to improve the effectiveness of the system and meet the Medical Devices applicable requirements (both customer and regulatory requirements). It contributes to the organisational effectiveness in achieving the results. The management of processes can be achieved using the Plan-Do-Check-Act (PDCA) circle. The overall focus in on risk analysis and taking advantage of the opportunities as well as avoiding of unintended outcomes.
PDCA Circle
The PDCA circle can be defined as follows:
Planning - setting up objectives for its whole system and its processes. At the same time, it covers detailed plans identifying and addressing risks and opportunities and providing the tool needed to deliver results.
Doing - refers to the implementation of the plan,
Checking - must be done after the implementation to monitor and measure results and analysing the impact on products and services the plan had
Acting - taken to improve the system based on the reports provided from checks
Clause-by-clause guidance
The ISO 13485 is essentially a guideline for quality business practices. It focuses on the organisations QMS in relation to Medical Devices and related services.
Clauses of the standard:
Clause 1: Scope
Clause 2: Normative References
Clause 3: Terms and Definitions
Clause 4: Quality Management System
Clause 5: Management Responsibility
Clause 6: Resource Management
Clause 7: Product Realisation
Clause 8: Measurement, Analysis and Improvement
With a proper system in place, assurance can be provided that the organisation is able to provide Medical Devices and related services that constantly meet customer expectations and regulatory requirements. It also covers considerations of other standards regarding risk management and product-life-cycle processes.
Clauses 1 to 3
It is important to note the interpretation of:
* "Shall" means it is a requirement
* "Should" means it is recommendation
* "May" means there is a permission allowed
* "Can" means there is a possibility
To properly apply the standard we need to clearly state the organisations roles and products. We need to consider the life cycle for example whether we are responsible for the design of the product, whether we handle the production or distribution of the medical device, or other services we may provide i.e installation or servicing. Perhaps the product is a General Medical Device or In-vitro Diagnostic Device.
Answers to these questions would allow crafting of the Scope of the organisational processes and the Requirements of the QMS. We then decide which clauses are applicable, giving the organisations involvement in the activities covered under Clause 6, 7 and 8.
Clause 4 - QMS
Clause 4 clarifies the structure the QMS should follow. Taking product design, for example, management (Clause 5) must be involved in the designing the product and bringing into the market - Product Realisation (Clause 7). Resource Management ( Clause 6) requires resource allocation to run operations in various departments. Measurement, analysis and Improvement (Clause 8) is essential to gather feedback in appropriate action to be taken to better serve future needs.
Clause 4 largely focuses on the documentation requirements as this supports the processes that the QMS will be based on. It assures clarity and orderly conformance in all operations. In particular Quality Manual ( clause 4.2.2) and Medical Device File ( 4.2.3).
Quality Manual - 4.2.2
The Quality Manual is an overarching, general guide providing:
* overview of the organisations information, and
* how they are linked to support the overall quality policy and objectives.
Within the Quality Manual we must state the Scope of the QMS, supporting SOPs, excluded of inapplicable clauses. This is where the bulk of the work lies when generating your documents, as tight references to various clauses and your SOPs need to be made.
Medical Device File - 4.2.3
At the hard of the business is the product, as such we need to maintain the Medical Device File for each device type that applies to our business. The file shall include everything we need to prove that the Medical Device has achieved its conformity and be ready to the manufacturing process.
Besides that, it is used to be the communication gateway between the product development team and manufacturing operations team, such as production, quality assurance, quality control, purchasing and warehouse.
The Medical Device File shall provide information such as:
* General description of medical devices including intended use and instruction for use;
* Product Specifications;
* Provision for manufacturing process, storage, handling and distribution;
* Measuring and monitoring in daily production;
* Installation requirements;
* Servicing activities for the medical device that still requires attention during certain periods of usage, for example calibration.
4.2.4 Control of documents
ISO 13485 requires the documentation of the QMS to be controlled. We shall also prepare a documented procedure to:
* Review and approve prior to use;
* Review the effective document in a pre-determined period and update as necessary;
* Ensure that the document is identified while revision is retrievable;
* Ensure availability at the point of use;
* Ensure the document is legible and identifiable;
* Prevent from deterioration and loss;
* Prevent unintended use of obsolete documents.
Change of the document should be carefully controlled through review and approval by the impacted department. After a certain time we might find the document cabinet full, but we need to be careful when we want to dispose of some documents. The standard requires to retain documents related to medical devices manufacturing for at least the lifetime of the medical device.
4.2.5 Control of records
Besides the documents, records that provide evidence of the product conformity and effective QMS shall also be maintained. A procedure to control the records shall be made available to ensure that it is:
* Identifiable
* Stored properly
* Secured
* Easy to retrieve
* Has a clear disposition
This records shall be maintained for at least the lifetime of the medical device. This means, that if the Medical Device needs to be implanted for the rest of the patients life, the records shall be kept for the rest of the patients life, even if it should be 100 years. Regardless, the records shall be maintained for not less then 2 years.
Clause 5 - Management Responsibility
The role Management plays is key to establishing proper business practices and the QMS.
In Clause 5.1 Management Commitment and Clause 5.2 Customer Focus in the standards are stated as requirements. "Shall" is used and it means that it is a requirement.
Management responsibility includes:
* Defining and setting in place the quality policy and organisational objectives;
* Conducting regular management reviews;
* Ensuring that both customer and regulatory requirements are clearly defined and fulfilled.
We can craft the policies based on those requirements. For example Management review policies including maintaining the records.
5.3 Quality Policy
Quality Policy is essential to successful implementation of the QMS. The commitment to comply with requirements and maintaining the effectiveness of the QMS shall be documented and clearly communicated to all personnel. From the top to bottom. Communication may vary based on the creativity of each company. You can deliver your quality policy through socialisation or placing posters in strategic areas in your building. It is also important to review the quality policy periodically.
5.4 Planning
Planning is important in any QMS. The QMS runs based on the PDCA circle, and planning determines the level of quality management system we aim to achieve.
5.4.1 Quality objectives
We need a target to measure its success, QMS needs quality objectives to measure its effectiveness. These should be established with the same frequency with the quality policy and they need to be elaborated in each function in the QMS.
5.4.2 QS Planning
If there is an objective there must be a strategy and action plans to achieve these objectives. They are usually manifested in documented in the form of KPIs ( Key Performance Indicators).
When changes to the QMS happen, this planning shall be maintained, so that it is still relevant to the changes.
5.5 Responsibility, authority and communication
This clause requires that the organisation established an organisational structure that defines the responsibilities and authorities within the QMS. The best practice to comply with this clause is creating the Organisational Chart that shows the relationships within the functions of the organisation. Each function shall have set up job descriptions. All these processes shall be documented and communicated within the organisation.
A management representative shall be appointed by top management to be responsible for the assurance of each process needed for the QMS is documented. A Management representative shall also be responsible for the reporting of the effectiveness of the QMS and recommending improvements to top management. Responsibility of the management representative also includes promoting awareness of compliance to applicable regulatory and QMS requirements to all personnel within the organisation.
Internal communication requirements obliges top management that the communication processes are established within the organisation. This enables the organisation to work effectively and minimise the misunderstanding between each function. Keeping the Organisational Chart well understood within the organisation and putting tasks and responsibilities of each function on the SOPs will satisfy this requirements. Meeting minutes is another tool to optimise internal communication.
As required by most QMS, the organisation shall document a procedure for management review and conduct the review periodically. In common practice the management review is conducted through a meeting. The review shall consist shall consist of:
* Feedback/Compliant;
* Regulatory report;
* Audit results;
* Monitoring and measurement of processes and products;
* Corrective action and preventive action;
* Follow up actions from previous reviews;
* Changes that could affect QMS;
* Recommendations for improvement;
* Updates to applicable regulatory requirements.
The results of the Management Review shall be recorded, including actions for improvements for QMS and customer requirements, changes necessary to respond to regulatory updates and resource needs.
Clause 6 - Resource Management
As explained earlier the clauses are interrelated to support the QMS. Management is tasked with adjusting the issues of the QMS on their own and through the assigned representative. The focus of issue around Resource management is structured around Human Resources, Infrastructure and work environment. The Top management must plan and provide the resources to maintain product and work quality and outlining them in the SOPs.
6.2 Human Resources
Standard requires that the personnel should be competent and aware of the requirements of their activities. The competency of each person varies depending on the job function and level. The best practices to fulfil the requirements is using the training need analysis:
* Determine the Job description and necessary competence for each function,
* Perform the evaluation on whether they fulfil the competency requirements.
Where there is non-fulfilment to a particular competency, it means that there is a competency gap. This gap will lead to the establishment of the training programme.
6.3 Infrastructure
Infrastructure is essential for Medical Devices companies especially for those who handle tangible Medical Devices products. Infrastructure includes the building, workspace, process equipment and supporting services.
When the infrastructure affects the product quality, maintenance activities both for preventive maintenance and corrective maintenance shall be planned, documented and recorded.
6.4 Work environment and contamination control
Each Medical Device product possesses certain requirements for the working environment to achieve conformity to product requirements. It also depends with the risks associated with the product. When we manufacture or distribute sterile products we should take into account that the product shall be handled in controlled environment. For example clean rooms with HVAC systems. Software development may also be affected in such environment. The organisation should also take care of health, cleanliness and clothing of the personnel.
Several Medical Devices require the control of contaminated or potentially contaminated products. The organisation shall plan and document the arrangement for the control. For sterile products the control shall be extended to control of contamination with microorganisms or particular matter in the production or packaging process. The control shall be documented in the procedures.
Clause 7 - Product Realisation
This is the most detailed clause in the standard as relates to the specifics involved into the product realisation. They start from planning to production and distribution and realisation of the product into the market.
7.1 Planning of Product realisation
The organisation will need to document planning for the product realisation process like:
* Quality objectives as defined;
* Product or possibly any other contractual requirements (activities such as verifications, validations, measuring, inspection and testing, storage, distribution, traceability);
* Provision of required resources including infrastructure and work equipment;
* Documentation and record keeping of evidence that processes meet the requirements.
During the planning it is also helpful to document and record one or more processes for risk management in product realisation.
7.2 Customer related processes
Some of the products are possibly contractual requirements and may include:
* Regulatory requirements;
* Delivery and post delivery activities;
* Product requirements not specified by the customer but necessary for its intended or specified use.
An example of such is training for uses of medical device through internal or external courses.
Even at this point of planning, review needs to be done on the regular basis. Before the product hits the market, we shall check whether the products meet regulatory obligations and user needs. Any unique customer expectations also to be addressed.
When planning for training we must ensure that the content covered is sufficient. Should there be any misalignment or changes to expectations or requirements, the relevant parties need to be informed about it. Records of the reviews and actions taken shall be recorded.
Effective communication with customers and if needed regulatory authorities must be established to enhance the planning process.
7.3 Design and development
For this key activity of Design and Development the company needs to have procedures for Design and Development ( or Design Control). For companies that develop software as a medical device the IEC 62304 standard is used as a reference the standard to compliment this clause. This SOP would include all of the stages for Design and Development Activities.
We need to have a clear overview of the design and development project with the products specific application and intended use identified. This will set the framework for further details. In simple terms, we need to identify the user needs the product aims to address. As we move along we can refer to this framework to check how much closer we are to addressing that need.
Over time, the plans may change so we need to update the plans as the project progresses.
The Design and Development planning process should include the following stages:
* The reviews needed;
* The verifications and validations needed;
* The traceability method of D&D output and D&D input;
* The staff responsible;
* The resources needed including the personnel competency.
D&D inputs are part of the ideation process, where you identify the product functions and performance, in line with the regulatory requirements and industry product standards. Identify and record these quantitative inputs clearly in order to measure and evaluate the product at the later stages.
Risk management activities are to be conducted through the product realisation, and any risks identified are to be fed back to consideration when drafting the design and development inputs. We can also include information from similar designs we have had previously or similar designs in the market. All those activities shall be recorded, approved and reviewed to ensure that they are adequate.
D&D outputs are the deliverables that we would use for evaluation to check and verify that the inputs have been met. These could be the prototype, self assembly or any work in progress information for:
* purchasing;
* production;
* service provision;
* product specification.
Details of the D&D outputs must be properly recorded and kept. And again, being a dynamic project, with active feedback provided from small scale verification or validation to customer comments the input or output specifications may change.
After all of the testing and changes, a set of product acceptance criteria is to be defined.
There should be a proper review of the design inputs and outputs. We should in this stage, evaluate the ability of the design to meet the requirements and take necessary actions. This is a cross-functional review so that the participants shall include the representatives of related functions. The review and actions shall be recorded and dated.
The objective of the D&D verification as the next step is to verify that the design outputs meet the input requirements. This could be sub-assembly, prototype, or work in progress product that the design outputs will be tested or measured against the design inputs.
With the final product (after all the iterations) a full set of verification tests will be carried out.
All verification plans and results are to be documented and recorded. This includes the methods used, acceptance criteria, and statistical techniques where appropriate. We can write it down in the form of a protocol and report the results in the form of a report. If a medical device is connected with another medical device the verification should include the confirmation once connected.
The objective of the next stage is the validation that the final product meets the requirements of the product requirements and intended use. As part of the validation the organisation will need the clinical ( clinical trials if required) to perform evaluations according to regulatory requirements. Design validation shall be performed on the representative products such as initial production batches or their equivalent. So we are to be cautious. All the protocols and reports and how the testing are carried out and the respective results must be documented accordingly. All the records must be maintained and kept secure.
There is also the stage of the Design and Development transfer. The focus of this is transfer the design and development output specifications to manufacturing (or known as software release, if the product is a software). In practice it is usually involving the product development department to give production flow and specification to the product department, provide specification to the quality control and provide material specification to the purchasing department. All these activities shall be documented in the SOPs and the procedures shall ensure that the design and development outputs are verified before becoming final specification.
At the end of design transfer, we will find our design and development transfer documents forming a Device Master records or a Medical Device file ( Clause 4.2.3). A trial run should be performed as part of the transfer process to demonstrates that the product performs as it should when manufacturing in scale.
Changes in the design and development stages are to be supported with updated, traceable documents. The procedure for change control shall be documented and change record shall be maintained.
In most practices, once the design outputs have been finalised, changes in the design will follow amendement procedure.
When we have performed all the Design and Development activities we will find that we have a set of documents recording the history of the design. These are generally called, Design and Development Files or Design History Files. This file shall also include the reference records generated to demonstrate conformity to the Design and Development activities. When changes occur, do not forget to update the Design and Development files. Simply, this again, underscores the importance of keeping up with the QMS the organisation defined, with evidence of such compliance.
7.4 Purchasing
The responsibility for the product continues down the supply chain and the distribution network.
This clause requires us to document procedures to ensure that purchased product conforms to specified purchasing information delivered during the design and development transfer. In practice, most companies establish a Supplier Management System to evaluate and select the suppliers. This evaluation and selection process must be proportionate to risks in relation to the medical device. The system needs to include the plan to monitor and re-evaluate suppliers on a scheduled basis. This would also cover the steps to take should supplier not meet the stated requirements.
If the supplier performs an outsourced activity, which is a greater responsibility compared to a general supplier a more strident qualification criteria and a supplier agreement should be in place. The results of the evaluation, selection, monitoring and re-evaluation of the supplier capability and performance shall be recorded.
In regards to purchasing communication we are responsible for all the information and communication of the purchasing information relating to the products. This information is all-encompassing:
* product specifications;
* standards to meet the product acceptance, procedures, processes and even equipment;
* QMS practices;
* Quality requirements of the supplier personnel.
We may even have written agreements from our suppliers and distributors, requiring you to inform you of changes to the purchased product. For the purpose of traceability, documents and records related to relevant purchasing information shall be maintained.
Changes to the purchased product may happen and only be noticed by suppliers or consumers at the point of use. To avoid such situation, as part of the QMS we need to verify that the purchased product meet specified purchasing requirements. Verification of your purchased product can be handled as part of the product receiving inspection or evaluation, as it pertains to the condition of the product at the point it reaches your customer. Therefore, setting up a receiving inspection process to check the conformance to product ready for sale. We need to have verification activities that re proportionate to the risks associated with the product.
If variations to the purchased product are observed, the organisation must determine the effects on the change of the product realisation process or your product. The records to the verification to be maintained.
7.5 Production and service provision
To ensure that all our grounds are covered regarding the product realisation to ensure user needs are being addressed, the clause 7.5 requires that when we handle products, either as a manufacturer or distributor we shall ensure that the production or service provision is planned, executed, monitored and controlled. The aim is to produce a product that conforms to specification. The standard requires us to control the production through the following activities during the production:
* documenting procedures and methods for the control of the production;
* performing the qualification of the infrastructure;
* monitoring and measuring of process parameters and product characteristics by using equipment;
* implementing defined operations for labelling and packaging;
* setting up processes for product release, delivery, and post-delivery activities.
This control shall be recorded for each Medical Device or batch of medical device for the purposes of traceability including the amount manufactured and approved for distribution.
When a product requires a certain amount of cleanliness we should document the requirements for cleanliness or contamination of the product.
When we supply a medical device that needs installation prior to the use, we shall document the requirements for that installation and acceptance criteria to verify the product is already properly installed. Sometimes the product is to be installed by an external party. In this case we need to provide documented requirements for product installation ( i.e installation qualification) and again, the verification of the proper installation.
If we typically provide servicing activities as part of our medical device e.g software as medical device the organisation shall document servicing procedures, reference materials and reference measurement to verify the servicing activities and product requirements are met. Records of servicing activities carried out by the organisation or its supplier shall be maintained.
There are also particular requirements for sterile medical devices and the records related to the sterilisation process parameters used for each sterilisation batches shall be maintained. The records shall also be traceable to each production batch for medical devices.
At certain point, the resulting product or service cannot be or is verified by monitoring or measurement, and the deficiencies are probably detected after the product is in use or the service has been delivered. In this case we shall validate the processes for production and service provision and the validation need to demonstrate the ability of those processes to achieve consistent results.
The validation itself should be performed under documented procedures, which include:
* Criteria for review, approval and records;
* Qualification of the personnel involved in the validation;
* Specific methods, procedures and acceptance criteria;
* Sampling methods with reason of statistical techniques;
* Criterial for revalidation;
* Approval of changes.
When we use application of computer software on the production or servicing activities, we shall also perform the validation of that software. The validation shall be proportionate to the risk associated with the use of software. Results and conclusion of validation shall be recorded.
There are particular requirements for validation of processes for sterilisation and sterile barrier systems. When we conduct a sterilisation process, we shall provide documented procedures and records to the validation of processes for sterilisation. This process validation shall be conducted prior to routine process and change of the new process.
To mitigate risks product identification is essential. Identification of product status shall be applied throughout product realisation, from the material, production storage and servicing of product. This is to ensure that only after the required inspections and tests have been performed, are the products dispatched, used or installed. Some regulatory authorities require the medical devices identified with unique device identification. If this condition applies we shall document the system to apply that code. At the end companies are required to implement a procedure to ensure that medical devices returned to the organisation are identified and distinguished from conforming products.
The standard also requires us to document procedures for Traceability which define the extend of traceability in accordance with regulatory requirements and the records to be maintained. Particular requirements are applied when we handle implantable Medical Devices. This record shall include the components, materials and condition for the work environment used. The records shall not only be maintained by the manufacturer but also by the supplier or distributors so that they are available for inspections.
Should customer property be provided, we must safeguard it and report any loss or damage. The customer property may include information, intellectual rights, manufacturing equipment etc.
With all types of products, we will need to look into product preservation. Ensure that:
* The quality of parts in the product must be maintained during processing, storage, handling and distribution;
* The product is protected from alteration, contamination or damage by using adequate packaging and shipping containers;
* If special storage conditions are required, they need to be determined and controlled from end-to-end before reaching the customer.
Should the product require separate monitoring and measuring equipment, you would need to document procedures and take steps to ensure that these complimentary devices are reliable.
From time to time, we must ensure periodic calibration and verification of the suitability and adequacy of the equipment. The equipment is also provided with the identity to determine its calibration status. The equipment must be protected from damage and deterioration during handling, maintenance and storage, as well as possible adjustments that would invalidate the measurement results. It is important to validate the computer software that is used for monitoring and measurement. Validation must be performed before the software is first used, and each time when change has been made to the software or its application.
Clause 8 Measurement, Analysis and Improvement
The processes within the QMS as well as product conformity must be measured and analysed. Such monitoring and measurement may be done through an internal audit or when feedback is received from users and other stakeholders. With corrections and improvements to be made we can see how it is tied with the D&D process as well as on the organisational level. In general, the organisation must develop and implement process to monitor, measure, analyse and improve the following:
* conformance to product specifications;
* conformance to the QMS;
* effectiveness of the QMS.
The organisation must develop processes to gather feedback from production and post-production activities (i.e transportation, installation and during use) mainly for the purpose to ensure that the customer requirements are met. ISO 10004:2018 provides guidelines on monitoring and measuring customer feedback. This also acts as a potential input to the risk management process to maintain product requirements, production processes and initiate improvement activities as required. We must also document the procedures for the feedback process.
A compliant handling process is also important and our SOP should document the process. These includes:
* recording the information received;
* evaluation criteria for information being identified and handled as compliant;
* investigation of complaints internally;
* consideration of required reporting to regulatory authorities;
* handling of product being complained;
* taking into account the necessary correction and corrective action.
On some occasions complaints are clearly identified as not the fault of the QMS. In this cases the investigation can be excluded. The justification of the decision shall be documented. Furthermore, complaints may result from the activities of external parties and we should cooperate with those external parties for the information exchange. Procedures for complaint handling shall be documented and the records of the complaint and its handling shall be maintained.
When there is a product non-conformity that leads to an adverse event ( i.e causing an injury to the user) there is a need to report to relevant regulatory authority based on the published reporting criteria and timeline. These reports shall be maintained.
Internal audit is also essential to measure the conformance level of the company in comparison to the planned and documented arrangements of the QMS we have established, requirements of ISO 13485 and also applicable regulatory requirements. We are expected to measure whether the QMS is effectively implemented and maintained.
Before executing an internal audit we must establish a procedure to define the responsibilities and requirements for:
* planning ( including audit criteria, scope, intervals and method);
* conducting audits;
* recording;
* reporting results.
Objectivity and impartiality shall be ensured by appropriate selection of auditors and the auditors shall not be directly involved in the area of being audited. Should nonconformities be identified, investigation and any necessary measures must be taken without delay to eliminate the non-conformities and their causes. This usually follows the corrections and corrective action process - your set of SOPs should include one prepared on this matter.
As with all SOP records of the audits and actions shall be kept and maintained accordingly.
Organisation must regularly monitor and measure of the QMS processes. The standard does not limit the methods for performing the monitoring and measurement as long as the methods can demonstrate the ability for the QMS to achieve its planned results. If plans are not achieved then corrections and corrective actions must be taken.
The monitoring and measuring does not only applies to the QMS but to the product itself. We must ensure that the product specifications are met throughout the various stages of product realisation. The equipment used as well as personnel in charge of reviewing and authorising of the product must be identified and recorded. When any nonconformity is detected corrections and corrective actions must be taken.
We should not release products until all relevant checks have been completed at each stage. If we handle implantable medical devices the standard requires to record the identification of personnel reporting any inspections or testing.
Organisation must establish procedures to ensure that a non-conforming product will not be shipped to the user or customer. This includes identifying, segregating, controlling and deciding the disposition of the non-conforming product. While evaluating the nonconformity we must determine the need for investigation and notification to any external parties responsible for the non-conformity. Information on the nature of the non-conformities and any subsequent actions taken, including the evaluation, investigation and rationale for decisions must be recorded.
When a non-conformance is detected before delivery we need to deal with the situation by:
* eliminating the detected non-conformity;
* preventing the device from being used;
* authorising its use, release or acceptance after evaluation and concession, given approval by an authorised personnel within your organisation.
Only when justification has been provided and applicable regulatory requirements are met, can this be done.
Records of this approval must be kept accordingly.
When a non-conforming product is detected after the delivery or its use has started, organisation must evaluate the impact of the issue and take actions accordingly while keeping them in the record.
In a case of a rework required, it must be done according to procedures that take into account the risks and potential adverse effects of this action. In essence we must go through the whole circle of bringing the product to market. The revised procedures for rework will undergo the same review and approval as the original procedure which we should have documented in work instructions. Accordingly, product specifications must be checked against applicable acceptance criteria and regulatory requirements when rework has been completed.
To measure the suitability and effectiveness of QMS we need to collect data for analysis and evaluation. Information can relate to:
* production and post-production feedback;
* conformance of the product to product, customer and regulatory requirements;
characteristics and trends showing effectiveness of processes and opportunities for improvement;
* suppliers;
* audits;
* service reports ( if any).
These activities shall be documented in procedure. The procedure shall also include appropriate methods, statistical techniques and the extend of their use. Don't forget to record all of those results of analysis as the standard requires us to do so. When the results of analysis record that the QMS is not suitable, adequate or effective this analysis shall be included as the input for improvement. The results of the analysis and evaluation serve the important points of discussion as part of management review meetings.
The organisation must identify and implement any change necessary to ensure and maintain the suitability and effectiveness of the QMS through the use of quality policy and objectives, management review meetings, internal auditing as well as corrective and preventive actions.
Corrective actions address the cause of non-conformity in order to prevent reocurrence. By initiation of analysis and implementing of the corrective actions we can eliminate the causes on non-conformance without due delay.
The corrective actions Shall be documented in a procedure and define requirements for:
* reviewing the nonconformity and investigating the root cause;
* evaluating and planning appropriate actions to ensure that the nonconformities do not reoccur in the future;
* verifying and reviewing the corrective actions whether they are adequate to fulfil the applicable regulatory requirements and safety and performance of the medical devices.
The investigation and action taken shall be recorded.
At certain points during the analysis of data we might find that the QMS performance shows negative trends. Although the current resulting product is still able to meet the product specification it is probable that any future product will still become out of specification. In this case preventive actions shall be run. Preventive actions address the cause of potential non-conformities in order to prevent occurrence.
This standard requires to document procedure to define requirements to detect and take necessary action to potential nonconformities and their causes. Planning and documentation in response to that action shall also be recorded along with the verification of the action and effectiveness review. Preventive actions can be integrated with the risk management procedures.
With this positive circle in place for positive reinforcement the organisation can always improve the QMS and their business practices.
Preparation of Documentation
Documentation is an essential part of the QMS. The minimum documented procedures required by the standard are included in the following clauses:
4.1 QMS - General Requirements
4.2.1 Documentation requirements - General
4.2.2 Quality Manual
4.2.3 Medical Device File
4.2.4 Control of documents
4.2.5 Control of records
5.1 Management commitment
5.2 Customer focus
5.3 Quality Policy
5.4.1 Quality Objectives
5.4.2 Quality Management System planning
5.5.1 Responsibility and authority
5.6.1 Management review - General
5.6.1 Review input
5.6.3 Review output
6.2 Human Resources
6.3 Infrastructure
6.4.1 Work environment
6.4.2 Contamination control
7.1 Planning of product realisation
7.2.1 Determination of requirements related to product
7.2.2 Review of requirements related to products
7.2.3 Communication
7.3.1 Design and Development - General
7.3.2 Design and Development planning
7.3.3 Design and Development inputs
7.3.4 Design and Development outputs
7.3.5 Design and Development review
7.3.6 Design and development verification
7.3.7 Design and development validation
7.3.8 Design and Development transfer
7.3.9 Control of design and development changes
7.3.10 Design and Development files
7.4.1 Purchasing process
7.4.2 Purchasing information
7.4.3 Verification of purchased products
7.5.1 Control of production and service provision
7.5.2 cleanliness of product
7.5.3 Installation activities
7.5.4 Servicing activities
7.5.5 Particular requirements for sterile medical devices
7.5.6 Validation of processes for production and service provision
7.5.7 Particular requirements for validation of processes for sterilisation and sterile barrier systems
7.5.8 Identification
7.5.9.1 Traceability - General
7.5.9.2 Particular requirements for implantable medical devices
7.5.10 Customer property
7.5.11 Preservation of products
7.6 Control of monitoring and measuring equipment
8.1 Measurement, analysis and improvement - General
8.2.1 Feedback
8.2.2 Compliant handling
8.2.3 Reporting to regulatory authorities
8.2.4 Internal audits
8.2.5 Monitoring and measuring of processes
8.2.6 Monitoring and measuring of product
8.3.1 Control of non-conforming product - General
8.3.2 Actions in response to non-conforming product detected before delivery
8.3.3 Actions in response to non-conforming product detected after delivery
8.3.4 Rework
8.4 Analysis of data
8.5.2 Corrective action
8.5.3 Preventive action
After knowing the fullest documents to prepare for we may feel a little to overwhelmed. However, there are software packages available now that has been helping hundreds of organisations to generate customised documentation and templates so we do not have to start the ISO13485 documentation creation from scratch.
Implementation
Implementation involves conducting activities that ensure that we comply with the standard and are monitoring it for effectiveness. Monitoring is to be conducted as planned based on the requirements. A successful implementation depends on how well we can ensure QMS and procedures are performed as described.
We need to train the personnel and we need to ensure that:
* the Training involves all responsible staff in the organisation according to their role specified in the QMS;
* training activities are well recorded;
* re-training may be needed when we have any major change in the QMS to refresh the staff.
Providing compliance training to the staff is the best to ensure QMS compliance so that you help them to get better understanding of the QMS.
As part of the implementation we will also need to Monitor the QMS compliance:
* Review your procedures and record observations;
* Review the records are completed properly and appropriate corrective actions is taken and documented;
* For continual improvement of your system inspect and test your procedures for effectiveness.
Records are needed to monitor the QMS. It is important to keep records and maintain implementation. To maintain record keeping:
* Assign the tasks for record keeping to relevant people in charge;
* Create form templates that are easy to understand and easy to use for recording;
* Perform record verification regularly to look out for discrepancies.
Inspection or audit observations frequently identify outdated documents, inadequate control and poor documentation practices including inconsistent recording of activities.
Verification of implementation
Internal audit is one of the activities mentioned and following this requirement is mandatory. In preparing the organisation to fully implement the QMS we should conduct a pre-certification gap analysis to assess the QMS and prepare for certification audit. After the certification, throughout the lifetime of the QMS, we would regularly conduct internal audits to verify that the implementation of the QMS has been done properly. It should not merely be checking activity but a comprehensive assessment to determine the compliance of the system. Integrity of the standard relies on the organisation's ability to evaluate the implementation through internal audits.
As part of planning the audit program shall be arranged with defined audit criteria and scope, in agreed frequency, methods, responsibilities and reporting methods. Appropriate audit checklists are to be prepared. You will also need to select competent internal auditors. They must conduct audits to ensure objectivity and no conflicts of interests.
We can also set up a cross department audits to ensure objectivity. with the audit performed, results are to be reported to management. Should any correction or corrective action be required due to audit findings they are to be handled and verified with set timeline. This would allow to enjoy the benefits of performing an audit as we are able to determine if the QMS meets the intend of the quality policy and objectives.
Comments