In this blog post, we will cover key components of the important medical device standard ISO 13485 and cover steps for successful adherence.
In the complex world of medical device development, teams not only face challenges of innovation, but also a shifting regulatory environment and evolving standards.
Balancing the competing interests of customers and stakeholders with the guidance and regulations from different entities across global boundaries presents challenges that even the most organized and methodical teams may struggle to meet.
In this environment, systems thinking can greatly improve the ability of medical device development teams to get products from the idea stage to market. By breaking down complex problems into manageable pieces, teams can better evaluate their systems and streamline and strengthen processes.
Using an applied systems approach will also help resolve inefficiencies in the development process and produce the outputs necessary for the design history file (DHF).
A growing number of organizations and teams are already pursuing a general systems approach by applying the guidance in ISO 13485:2016. This standard helps define a framework for the Quality Management System (QMS) for medical device development and pushes the development process naturally toward a systems approach. But for those teams that have not yet adopted the standard, adding one more document or piece of guidance to the overall process can feel like another layer of complication.
It doesn’t have to be. Adopting this standard can help standardize and systematize the medical device development process. Though it may look daunting at first, once adopted, ISO 13485 can streamline processes and position organizations for a better outcome with regulatory requirements.
The standard was developed by the International Organization for Standardization (ISO) to outline the standard for a Quality Management System (QMS) for the design and manufacture of medical devices.
The ISO defines “medical device” as “a product, such as an instrument, machine, implant or in vitro reagent, that is intended for use in the diagnosis, prevention and treatment of diseases or other medical conditions.” It is a stand-alone document designed for use by organizations of any size involved in any stage of medical device development, from design to production to installation to service of devices. Both internal and external parties can use the standard to support the auditing process.
ISO 13485 is the most common standard for quality management in the field of medical device development across the globe. Adoption of the standard indicates a commitment to the highest quality and safety across the development process, and it provides a foundation for QMS requirements.
While not required by all government entities, the standard does provide a good foundation for addressing regulations such as the EU Medical Device Directive and the EU Medical Device Regulation. In 2018, the FDA proposed a rule that would align US FDA 21 CFR 820 with ISO 13485:2016; this rule would make this standard the mandatory QMS for medical devices.
Note: The rule was set for release in 2019; however, as of December 2020, the rule was still forthcoming. Check for current guidance.
Though adoption of ISO 13485 may look complicated or daunting, in reality, adhering to the standard helps eliminate some of the ad hoc nature of requirements and systems in the medical device field.
With increasing worldwide adoption of ISO 13485 by both companies and government entities, the medical device industry should start to realize some harmonization and consistency of processes and systems. This standardization will help streamline the industry overall and allow important innovations a smoother and potentially faster route to market.
The requirements to obtain ISO 13485 certification start with a QMS. ASQ defines a Quality Management System as “a formal system that documents the structure, processes, roles, responsibilities and procedures required to achieve effective quality management.” The QMS must include documentation that defines the overall scope and implementation of the QMS; important documentation includes Quality Policy, Quality Objectives, and Quality Manual.
Bottom Line These documents should be sure to address customer requirements. In addition, organizations need to create mandatory and additional processes and requirements necessary for all stages of development. Examples of documents required by ISO 13485:2016 can be found here.
Key Takeaways from Our Complete Guide
ISO 13485 and systems thinking go hand-in-hand; teams will find that adoption of ISO 13485 directs them toward systems thinking.
Adoption of this standard will streamline processes and position medical device teams for better regulatory outcomes.
ISO 13485 is a stand-alone document; however, it closely aligns with ISO 9001:2008 and EN ISO 13485.
ISO 13485 and ISO 14971 are related, but ISO 14971 is more focused on risk management – the two standards can be used in tandem.
This standard is not mandatory; teams can develop a Quality Management System (QMS) without the standard as long as it meets regulatory requirements. However, adoption of the ISO 13485 will create a QMS that is ideally positioned to meet the requirements of various regulatory and legislative entities, including the EU.
Jama Software’s Complete Guide to ISO 13485 for Medical Device Development covers requirements for adherence, the difference between ISO 13485 and other medical device standards, and steps for successful adoption and certification.
Download The Complete Guide to ISO 13485 for Medical Device Development to untangle everything there is to know about this important standard.
https://www.jamasoftware.com/media/2021/02/2021-02-18-ISO-13485-ebook-1024x512-1.jpg5121024McKenzie Jonsson/media/jama-logo-primary.svgMcKenzie Jonsson2022-09-08 03:00:002023-03-20 16:46:12[GUIDE] ISO 13485 for Medical Device Development
If you’ve worked in product development for any time at all, you’ve probably heard the term “ISO” used in conjunction with the terms “standards” and “compliance” (along with a variety of four- and five-digit numbers).
But what does that all mean, and how does it affect you? In this article, we will provide you with a basic guide to understanding ISO standards.
What is ISO and What are ISO Standards?
The International Organization for Standardization is a nongovernmental organization. It consists of a network of standards bodies from 165 member countries (currently), with one body representing each member country. The American National Standards Institute (ANSI), for example, represents the United States. The organization maintains a central office in Geneva, Switzerland, to oversee this network.
Because “International Organization for Standardization” is a mouthful and would have different acronyms in different languages, the organization’s founders chose ISO—derived from the Greek ‘isos’, meaning equal—as its official abbreviation. As the group’s website proclaims: “Whatever the country, whatever the language, we are always ISO.”
ISO’s purpose is to help unify standards on an international basis. ISO standards are designated by the term ISO followed by a number, like ISO 9001. In some cases, ISO standards share a numeric code with an industry association, as in the case of ISO/IEC 12207. IEC stands for the International Electrotechnical Commission, which prepares and publishes international standards for electrical, electronic, and related technologies.
Nearly 800 ISO technical committees and subcommittees are tasked with standards development. As of June 2021, ISO has published some 23,886 international standards covering almost all aspects of technology and manufacturing.
What Are the Benefits of ISO Standards?
ISO forms a bridge that links the public and private sectors. Many of its member institutes are either departments of their national governments or mandated by them. Other member organizations are rooted solely in the private sector, having been set up by industry association partnerships within their country. ISO helps these diverse bodies reach consensus on solutions that meet both the requirements of business and the broader needs of society.
ISO standards help make the world a safer place and give consumers confidence that the products they buy are safe, reliable, and of high quality. Regulators and governments count on ISO standards to help develop better regulation, knowing they have a sound basis thanks to the involvement of globally recognized experts.
Finally, compliance with ISO standards gives companies an advantage in the marketplace. ISO certification provides assurance to potential customers that the company adheres to industry best practices. In many industries, companies require that their suppliers are certified to certain relevant ISO standards.
The ISO process for creating a new standard begins when an alliance of industry associations or consumer groups submits a request. ISO then recruits subject matter experts and industry stakeholders to form a technical committee or subcommittee. This committee executes a two-round drafting process and then takes a formal vote on the second draft. This second draft is called the Final Draft International Standard (FDIS). If the FDIS is approved, it is certified by the central secretariat, and ISO publishes it as an official international standard.
As technologies and best practices evolve, industry associations may request an update of an ISO standard. Different versions of the standard are distinguished by the year the revision was published appended to the standard designation. For example, the latest version of ISO 9001 is ISO 9001:2015.
What ISO Standards Are Related to Product Development?
ISO 9001
The ISO 9000 family of quality management standards is easily the most popular set of industry standards in the world. Of these, ISO 9001 is the only one to which companies can be certified.
ISO 9001 describes how to put a Quality Management System (QMS) in place to better prepare your organization to produce quality products and services. Today, over one million companies in more than 170 countries are certified to ISO 9001:2015.
ISO/IEC 12207
ISO/IEC 12207, Systems and software engineering – Software lifecycle processes aims to define all the processes required for developing and maintaining software systems, including the outcomes and/or activities of each process.
First introduced in 1995, ISO/IEC 12207 establishes a common framework for software life cycle processes with well-defined terminology that can be referenced by the software industry. It defines the processes, activities, and tasks to be applied during the acquisition of software products or services, as well as during the supply, development, operation, maintenance, and disposal of software products and to the software portion of firmware, as well.
ISO/IEC 12207 also provides a process that can be employed for defining, controlling, and improving software life cycle processes.
ISO 8887
ISO 8887 specifies the requirements for the preparation, content, and structure of technical product documentation (TPD) of the design output for the cycles of manufacturing, assembling, disassembling, and end-of-life processing of products. It describes the TPD needed at the critical stages of the design process.
Beyond those requirements, the standard also identifies and describes methods and conventions appropriate to the preparation of documentation necessary to realize a design, including the application to multiple life cycles. ISO 8887 also incorporates guidance on the ultimate reusing, recovering, recycling, and disposing of the components and materials used.
ISO/TS 16949
Based on ISO 9001, ISO/TS 16949 is a technical specification (TS) aimed at the development of a quality management system that provides for continual improvement within the automotive industry. First published in 1999, it emphasizes defect prevention and the reduction of variation and waste in the automotive industry supply chain and the assembly process.
According to the British Standards Institution (BSI), the ISO/TS 16949 standard was created by the International Automotive Task Force (IATF) to help streamline this process. It focuses on the avoidance of errors and defines the requirements for the development, production, and installation of automotive-related products. Today, certification is required by almost all Tier 1 companies, many of whom require their Tier 2 and Tier 3 suppliers to certify. As a result, over 50,000 certifications have been issued to date against this standard.
ISO 26262
ISO 26262, Road vehicles – Functional safety applies to safety-related systems that include one or more electrical and/or electronic (E/E) systems and that are installed in series production passenger cars. Introduced in 2011, this standard addresses possible hazards caused by malfunctioning behavior of E/E safety-related systems, including the interaction of these systems.
With the increased number and interaction of electronic systems within passenger vehicles, this standard is being adopted rapidly within the automotive industry.
ISO 13485
Unlike many ISO standards, ISO 13485, Medical Device Quality Standards, is a single document and does not belong to a family. It was originally published in 2003 and revised in 2016.
ISO 13485 puts a quality management system in place for the production of medical devices and equipment and is very specific to the health industry. It is often implemented with ISO 9001 to show that an organization is qualified to do business in the medical device field.
ISO 13485 is a regulated standard against which over 25,000 certifications have already been issued.
Product developers sometimes ask, “What are the differences between standards and requirements?”
According to Merriam-Webster, a requirement is “something wanted or needed; a necessity” or “something essential to the existence or occurrence of something else.” Other definitions include “a necessity or prerequisite” and “something required or obligatory.”
Webster’s defines a standard as “something set up and established by authority as a rule for the measure of quantity, weight, extent, value, or quality” or “something established by authority, custom, or general consent as a model or example.” In other words, a standard is a principle, example, or measure used for comparison—a benchmark used to evaluate suitability for a purpose.
To meet a requirement, a thing, person or organization must do exactly what the requirement says. To meet a standard, a thing, person or organization must meet the minimum requirements of the standard and align with its intent. Standards typically allow some leeway for tailoring to individual organizational practices and obligations.
As mentioned earlier, many corporate and governmental customers want their suppliers to adhere to certain ISO standards, especially in industries that are multi-tiered or highly regulated. Certification to applicable standards is often a contractual requirement within those industries.
Is ISO Compliance Required by Law?
The ISO standards themselves are not legally binding. There are no laws that compel companies to meet or be certified to any ISO standards.
However, national regulators may refer to ISO standards as examples of good practice. For example, a building regulation might say you must comply with certain local regulations and that one way of complying with those is to comply with a given ISO standard.
Also, while not legally bound, many companies find certification to certain ISO standards is a necessity if they wish to compete for contracts within their industry or with specific customers.
In this guide, we’ve talked frequently about ISO compliance and ISO certification. So, what’s the difference?
Compliance simply means that your product or process conforms to the requirements of the ISO standard. ISO certification, on the other hand, is the result of a formal procedure and thus a bit more complicated.
ISO itself does certify companies directly. Instead, specific certification bodies perform the task of auditing and then certifying an organization’s compliance with a given ISO standard. These bodies, often known as registrars, must themselves be certified under a separate standard, ISO/IEC TS 17021.
During the certification process, the registrar audits the organization to ensure that its operations are in compliance with processes outlined in the current ISO standard. Where inconsistencies or “non-conformities” are found, the organization must typically create a program for correcting these problems before the registrar will issue a certificate.
Once an organization is granted certification, it receives a certification mark that can be used on its company stationery, websites, etc.
When it comes to ISO standards governing ongoing business practices, like ISO 9001 for example, approval is typically valid for a period of three years. After that, the company must recertify to the current form of the standard.
Applying ISO Standards in Lifecycle and Requirements Management
What tools can help meet ISO standards in the realm of product lifecycle management? Jama Software provides several.
First and foremost of these is our flagship product, Jama Connect. For example, let’s say your organization is seeking certification to ISO 9001. To achieve that certification, you need to demonstrate you have put in place a defined, repeatable process for assuring quality. Jama Connect is a tool built specifically for requirements management and requirements traceability. Not only does Jama Connect simplify the tracking and tracing of requirements, it also makes it simpler and easier to maintain and demonstrate a robust quality process. That’s because Jama Connect automates so much of your requirements management process.
Finally, to learn more about choosing the right requirements management tools to help your company attain or maintain ISO certification, download our Requirements Management Buyer’s Guide.
https://www.jamasoftware.com/media/2021/07/2021-07-15_guide-to-iso-standards_1024x512.jpg5121024Jama Software/media/jama-logo-primary.svgJama Software2021-07-15 03:00:152023-01-12 16:49:00A Guide to Understanding ISO Standards
Every company that produces medical devices has to plan for that time when they must present compliance evidence to the FDA auditor. Often the most difficult and time-consuming aspect of this process is sorting through the available documentation produced by the design and development team, including outputs from multiple software tools. Even in that best-case scenario (likely you have the added challenge of having to fill a few holes in the paper trail), assembling and delivering documentation that is comprehensive in its demonstration of risk management can be an arduous task.
When the auditor is reviewing the design and development history of your medical device they want to see the full story, from the original concept though post-production. They want to see all the angles from which you’ve examined your product, from internal actions items and decisions, to incorporation of market feedback, to safety analysis of similar products. And within that story, auditors want proof that you’ve taken action to ensure that risks that can’t be eliminated fall into an acceptable range.
Everyone–including the auditor!–wants a smooth audit process, to ensure the safety of the patient. So how can you easily produce comprehensive documentation and pass your compliance audit?
In our work with medical device companies, we’ve come up with these recommendations for using Jama in your development process. These techniques allow you to show full traceability between risks and design controls, making the task of proving compliance less daunting, less time-consuming, with the added benefit of having a positive impact on your product quality.
Use Jama to execute your risk management process
First, we recommend that you manage all design controls (requirements, risks, design specs and tests) in Jama, and synchronize data from other developer tools, such as JIRA, using the Jama Integrations Hub. This foundational set up will ensure end-to-end traceability and also ensure that all of your data is available for your audit documentation.
Also in this Jama instance, capture and manage specific medical device data pertinent to a future compliance audit, such as intended use of your product, patient and user needs, your risk management plan and any other information that defines the device, your product objectives, and information about similar products in the market.
Just like you manage requirements with Jama’s collaboration tools, you can also use Jama to execute your risk management process. This provides the team one area where they can go to understand how to document risks and what information needs to be collected, and prevents confusion around process that is vital for your FDA submissions.
To do this, we suggest you track risks as individual items. Complete a preliminary estimate of the risk by defining the probability of occurrence of the harm and the severity of that harm, and use the calculated risk priority number to assess if the risk is acceptable. As you define mitigations, use relationships to illustrate those in Jama, and then update the risk priority number post-mitigation.
Use Jama’s Review Center for both risk and design controls reviews, inviting feedback from subject matter experts and stakeholders. When anyone has questions about why a risk was estimated in a certain way, these reviews are the source of truth for why decisions were made. Using Review Center, along with documenting this information in the project space, allows teams to collaborate on risk definition (and add more as they arise), discuss mitigation plans and verification of test results, to collaborate on solutions and to finalize and document decisions.
When telling the story of your medical device’s development lifecycle to the FDA, it can be a struggle to organize the information in a cohesive manner. And if documentation is missing or decisions and action items aren’t recorded, these gaps could result in your product never reaching the market—or being pulled from the shelves. Using Jama creates much of the needed evidence and is an easy step to take that will save time and money in the long run.
More on managing risk in medical devices using Jama
Want to know more about how Jama manages risk in Jama? Check out this video to understand more. And if you’re ready to see how Jama can help you manage the development of your medical device start a free trial.
We’d love to hear how your teams manage documentation for compliance audits. Do you have stories about how your company passed audits for ISO 14971, ISO 13485 or 21 CFR Part 11? Our medical devices team is curious to hear about your methods for streamlining your submission process for compliance audits.
/media/jama-logo-primary.svg00jstetson/media/jama-logo-primary.svgjstetson2016-01-15 16:51:242023-01-12 16:55:44Streamline Medical Device Compliance with Jama
If you’ve worked in product development for any time at all, you’ve probably heard the term “ISO” used in conjunction with the terms “standards” and “compliance” (along with a variety of four- and five-digit numbers).