ISO 13485 Countdown: 5 Critical Tasks to Focus on Now

[fa icon="calendar"] Thu, Jul 12, 2018 / by Rachel Beavins Tracy

Clock2The clock is ticking: in less than a year—February 28, 2019—previous ISO 13485:2003 certificates will no longer be valid. And if you plan to participate in the Medical Device Single Audit Program (MDSAP), that deadline is even earlier, as you’ll need to make the switch by the first of the year.

If you feel like you’re behind schedule, taking concrete action can help eliminate some of the stress. Let’s look at 5 practical steps you can focus on right now to make sure you’re ready ahead of the deadline.

  1. Perform a Gap Analysis Against ISO and FDA Requirements

If you haven’t already, you need a firm grasp on where you currently stand regarding the requirements you need to comply with. From there you can make a comprehensive list of gaps that you need to address.

In addition to purchasing and downloading ISO 13485:2016 itself, several additional resources can help you get started:

So what do you do if you have a laundry list of items that need to be fixed? Of course you’ll need a plan to correct them all, but you also need a way to prioritize them. Many experts recommend using risk as a guideline, assigning a risk level to each gap and tackling high-risk items first.

  1. Evaluate Your Risk Management Processes

Risk management isn’t just important in terms of tracking compliance obligations. In fact, regulators expect to see that you use Risk Management tools throughout your QMS and quality processes.

These tools should include:

  • Design controls and planning tools such as Failure Modes and Effects Analysis (FMEA).
  • Defined Supplier Quality Management controls to prevent safety failures originating from supply chain partners.
  • Employee training tracking systems to ensure everyone is up-to-date on best practices, internal protocol and any required certifications.
  • Complaint Handling and Corrective Action tools to ensure fast resolution of any problems identified either within your facility or by consumers.

One key point to remember is that a one-and-done risk assessment doesn’t count as risk management. True risk management is a continuous cycle of hazard identification, risk assessment, corrective action and continuous monitoring—steps that correlate with the Plan-Do-Check-Act cycle.

  1. Get your QMS Documentation in order

Not surprisingly, QMS documentation is a key part of ISO 13485 certification and compliance. You’ll want to formalize your Document Control system to centralize a long list of documents such as:

  • Quality policy and quality manual, including documented procedures for all processes.
  • Medical device files.
  • Records related to employee training, management participation and equipment maintenance and calibration.
  • Product realization documents ranging from customer requirements review to design and development files.
  • Computer validation processes and records.
  • Supplier quality agreements.
  • Monitoring and analysis results.
  1. Validate Your Software Systems

ISO 13485:2016 contains stronger requirements around validation of key systems and applications, including:

  • Enterprise Resource Planning (ERP) systems.
  • Laboratory Information Management Systems (LIMS).
  • Any other software used in your product development or maintenance processes.

Validation includes running test scripts for Installation Qualification (IQ), Operational Qualification (OQ) and finally, Performance Qualification (PQ). The process can be time-consuming—think on the timescale of several months—so it pays to plan ahead on this one. If you use an automated validation service, that can reduce the time required by as much as 75%.

  1. Focus on Solving Past Problems

An important practical step to take as you prepare for the transition to the new ISO 13485 standard is to look back at previous issues.

You’ll want to pay special attention to things like previous customer complaints, corrective actions and failed audit findings. More than just verifying that the individual problems themselves have been resolved, you’ll want to also ask how those lessons learned apply to other processes and potential risks. This is the very essence of risk-based thinking, and you can bet that regulators will be looking hard at prior compliance issues.

Finally, as you work through these steps, consider how your findings can be incorporated into your internal audit program. Only then can you ensure consistent checks are in place to address gaps and maintain improvements you make permanently.

 Are You Maintaining Compliance and Achieving Operational Excellence?

Topics: Life Sciences

Rachel Beavins Tracy

Written by Rachel Beavins Tracy

Rachel Tracy is a writer for EtQ with expertise in environmental, healthcare and technology topics. She has a master’s degree from Vanderbilt University and has been writing for businesses since 2008.

Post a Comment