On March 1, 2016 the International Organization for Standardization published the new edition of the ISO 13485 standard. Previously updated in 2003, the revision places more emphasis on the quality management system throughout the supply chain and product lifecycle, as well as on device usability and postmarket surveillance requirements.
ISO 13485 was written to support medical device manufacturers in designing quality management systems that establish and maintain the effectiveness of their processes. It ensures the consistent design, development, production, installation, and delivery of medical devices that are safe for their intended purpose.
While the ISO 13485 is based on the ISO 9001 process model concepts of Plan, Do, Check, Act, it is adapted for a more rigorous regulatory environment. It is more prescriptive in nature and requires a more thoroughly documented quality management system.
- Inclusion of risk-based approaches throughout the quality management system
- Improved alignment with regulatory requirements, particularly for regulatory documentation.
- Increased applicability to include all the organizations that are involved throughout the lifecycle and supply chain for the product.
- Harmonization of the requirements for software validation for different software applications in different clauses of the standard.
- Additional emphasis on validation of processes, particularly for production of sterile medical devices, and addition of requirements for validation of sterile barrier properties.
- Enhanced focus on complaint handling and reporting to regulatory authorities in accordance with regulatory requirements, and consideration of post-market surveillance.
- Better planning and documentation of the CAPA, and duly implementing the corrective action.
Organizations have until March 1, 2019 to transition to the new standard. The coexistence of ISO 13485:2003 and ISO 13485:2016 over the next three years will provide the Medical device companies, certification bodies and regulators with some time to switch over to the new standard. After three years however, any existing certification issued to ISO 13485:2003 will not be valid.