ISO 13485:2016 is the latest revision of the standards for quality management systems in medical device manufacturers and their suppliers.
Since companies only have until September 2018 to comply with these standards, it’s important to understand the main takeaways of the latest revision:
- The standard provides a step-by-step framework for creating or evaluating a Quality Management System (QMS).
- The ultimate goal of the standard is to keep consumers safe of the risk of defective medical devices.
- There is an emphasis on improving operational efficiency by examining current processes, identifying gaps and implementing new processes.
- ISO 13485:2016 incorporates most items from ISO 9001:2015, but adds additional requirements around documentation of regulatory requirements for medical devices.
- ISO 13485:2016 lacks the high-level structure of other standards (including 9001:2015) in favor of a more direct requirement approach.
ISO 13485:2016 is being adopted as a global standard among regulatory agencies such as those in Japan and the EU.
ISO 13485 and the Need for Problem Solving
One of the biggest updates in the 2016 revision of ISO 13485 was the emphasis on risk. The updated standard takes a risk-based approach to developing a QMS as well as product realization and post-market feedback.
For example, the 2003 version of the standard only mentioned the word “risk” twice—versus fifteen times in the 2016 update.
This drives organizations to improve their problem solving and quality cultures under the new standards. The standards suggest that organizations take a “Plan-Do-Check-Act” approach to problem solving, but that alone may not be enough.
Corrective Action and Compliance
Aside from being mandated by medical device manufacturing regulations, a corrective action system can be the best problem-solving tool in your toolkit—if executed properly.
Corrective action helps your organization constantly lower risk and make sure you are operating within the standards of ISO 13485:2016.
A good corrective action system:
- Links to compliance records: Corrective actions should connect to all relevant areas of compliance, wherever the issues arise. That way, you have a clear log of trends and improvement measures taken in any area in compliance.
- Has a defined workflow with action items: For corrective actions to be effective, they should follow a defined workflow to ensure participation from the correct people in the correct order. A workflow that is clearly defined to find the root cause and check the effectiveness also reassures that your corrective action is really solving the true issue.
- Links to risk assessment: Leveraging risk assessments before and after the corrective action lets you know if the corrective action was truly effective at its main goal: reducing risk. Additionally, you can use risk levels to assess each issue, so you know what needs immediate attention and what you can hold off on.
- Closes the loop: Corrective action shouldn’t be an isolated activity, but rather a closed-loop process that leads to continuous risk reduction. If corrective actions are not integrated, automated and verified, the issue may recur. But if your process is, then it will continuously work to reduce risk and maintain compliance.
ISO 13485:2016 focuses heavily on risk management as an underlying theme. A good way to reduce risk and fix anything that is not within compliance is by having a good corrective action system. Between corrective action and the other guidelines of the standard, you can be confident that your organization is releasing safe and effective medical devices.