- 1. Requirements Management
- 1 What is Requirements Management?
- 2 Why do you need Requirements Management?
- 3 Four Fundamentals of Requirements Management
- 4 Adopting an Agile Approach to Requirements Management
- 5 Conquering the 5 Biggest Challenges of Requirements Management
- 6 Three Reasons You Need a Requirements Management Solution
- 2. Writing Requirements
- 1 Functional requirements examples and templates
- 2 How to write system requirement specification (SRS) documents
- 3 Adopting the EARS Notation to Improve Requirements Engineering
- 4 Jama Connect Advisor™
- 5 Frequently Asked Questions about the EARS Notation and Jama Connect Requirements Advisor
- 6 How to Write an Effective Product Requirements Document (PRD)
- 7 Functional vs. Non-Functional Requirements
- 8 What Are Non-Functional Requirements and How Do They Impact Product Development?
- 9 Characteristics of Effective Software Requirements and Software Requirements Specifications (SRS)
- 10 8 Do’s and Don’ts for Writing Requirements
- 3. Requirements Gathering and Management Processes
- 4. Requirements Traceability
- 1 What is Traceability?
- 2 Tracing Your Way to Success: The Crucial Role of Traceability in Modern Product and Systems Development
- 3 What is Requirements Traceability and Why Does It Matter for Product Teams?
- 4 How to Create and Use a Requirements Traceability Matrix
- 5 Traceability Matrix 101: Why It’s Not the Ultimate Solution for Managing Requirements
- 6 Live Traceability vs. After-the-Fact Traceability
- 7 How to Overcome Organizational Barriers to Live Requirements Traceability
- 8 Requirements Traceability, What Are You Missing?
- 9 Four Best Practices for Requirements Traceability
- 10 Requirements Traceability: Links in the Chain
- 11 What Are the Benefits of End-to-End Traceability During Product Development?
- 5. Requirements Management Tools and Software
- 6. Requirements Validation and Verification
- 7. Meeting Regulatory Compliance and Industry Standards
- 1 Understanding ISO Standards
- 2 ISO 26262 and Recent Updates: Ensuring Functional Safety in the Automotive Industry
- 3 What is ISO 13485? Your Comprehensive Guide to Compliant Medical Device Manufacturing
- 4 A Guide to Automotive Safety Integrity Levels (ASIL)
- 5 What is DevSecOps? A Guide to Building Secure Software
- 6 Compliance Management
- 7 What is FMEA? Failure Modes and Effects Analysis
- 8 Failure Modes, Effects, and Diagnostic Analysis (FMEDA) for Medical Devices: What You Need to Know
- 9 What’s a Design History File, and How Are DHFs Used by Product Teams?
- 8. Project Management
- 9. Measuring Requirements
- 10. Systems Engineering
What is ISO 13485? Your Comprehensive Guide to Compliant Medical Device Manufacturing
In this subchapter, we will cover key components of the important medical device standard ISO 13485 and cover steps for successful adherence.
In the complex world of medical device development, teams not only face challenges of innovation, but also a shifting regulatory environment and evolving standards.
Balancing the competing interests of customers and stakeholders with the guidance and regulations from different entities across global boundaries presents challenges that even the most organized and methodical teams may struggle to meet.
In this environment, systems thinking can greatly improve the ability of medical device development teams to get products from the idea stage to market. By breaking down complex problems into manageable pieces, teams can better evaluate their systems and streamline and strengthen processes.
Using an applied systems approach will also help resolve inefficiencies in the development process and produce the outputs necessary for the design history file (DHF).
A growing number of organizations and teams are already pursuing a general systems approach by applying the guidance in ISO 13485:2016. This standard helps define a framework for the Quality Management System (QMS) for medical device development and pushes the development process naturally toward a systems approach. But for those teams that have not yet adopted the standard, adding one more document or piece of guidance to the overall process can feel like another layer of complication.
It doesn’t have to be. Adopting this standard can help standardize and systematize the medical device development process. Though it may look daunting at first, once adopted, ISO 13485 can streamline processes and position organizations for a better outcome with regulatory requirements.
The Purpose of ISO 13485
The standard was developed by the International Organization for Standardization (ISO) to outline the standard for a Quality Management System (QMS) for the design and manufacture of medical devices.
The ISO defines “medical device” as “a product, such as an instrument, machine, implant or in vitro reagent, that is intended for use in the diagnosis, prevention and treatment of diseases or other medical conditions.” It is a stand-alone document designed for use by organizations of any size involved in any stage of medical device development, from design to production to installation to service of devices. Both internal and external parties can use the standard to support the auditing process.
ISO 13485 is the most common standard for quality management in the field of medical device development across the globe. Adoption of the standard indicates a commitment to the highest quality and safety across the development process, and it provides a foundation for QMS requirements.
While not required by all government entities, the standard does provide a good foundation for addressing regulations such as the EU Medical Device Directive and the EU Medical Device Regulation. In 2018, the FDA proposed a rule that would align US FDA 21 CFR 820 with ISO 13485:2016; this rule would make this standard the mandatory QMS for medical devices.
Note: The rule was set for release in 2019; however, as of December 2020, the rule was still forthcoming. Check for current guidance.
RELATED ARTICLE: Understanding Integrated Risk Management for Medical Devices
Requirements for ISO 13485 Adherence
Though adoption of ISO 13485 may look complicated or daunting, in reality, adhering to the standard helps eliminate some of the ad hoc nature of requirements and systems in the medical device field.
A quality management system: The QMS needs to include documentation, internal audits, and corrective actions must be established and maintained.
Risk management system: Teams must also set up a risk management strategy to identify and evaluate any potential risks related to the medical device during the course of its lifetime.
Compliance verification: Organizations must verify that their goods comply with both customer and regulatory criteria, according to ISO 13485. To guarantee that products are identified and traced along the supply chain, this includes maintaining traceability and record-keeping systems.
System of control: A system for the control of non-conforming products must also be established and maintained by organizations in order to ensure that any problems are found and resolved quickly and effectively.
With increasing worldwide adoption of ISO 13485 by both companies and government entities, the medical device industry should start to realize some harmonization and consistency of processes and systems. This standardization will help streamline the industry overall and allow important innovations a smoother and potentially faster route to market.
The requirements to obtain ISO 13485 certification start with a QMS. ASQ defines a Quality Management System as “a formal system that documents the structure, processes, roles, responsibilities and procedures required to achieve effective quality management.” The QMS must include documentation that defines the overall scope and implementation of the QMS; important documentation includes Quality Policy, Quality Objectives, and Quality Manual.
Bottom Line These documents should be sure to address customer requirements. In addition, organizations need to create mandatory and additional processes and requirements necessary for all stages of development. Examples of documents required by ISO 13485:2016 can be found here.
Management Requirements for ISO 13485 Compliance
Management responsibility for ISO 13485 compliance involves ensuring that the quality management system is established, implemented, and maintained, assigning responsibilities for specific quality-related tasks, providing adequate resources and training, monitoring the system’s effectiveness, and continually improving it. Top management is ultimately responsible for ensuring compliance with ISO 13485 and must actively demonstrate their commitment to quality throughout the organization.
Design and Development Processes Required
ISO 13485 requires a structured design and development process that includes planning, input requirements, output specifications, design verification and validation, and design changes. It emphasizes the importance of risk management throughout the process and requires documentation of all stages of development. The process must also include design transfer to production and post-production activities such as monitoring and review. The goal is to ensure that medical devices are safe, effective, and meet customer and regulatory requirements.
Product Realization Management
PRM, or product reality management, is essential to ISO 13485 compliance. Designing, creating, and producing medical devices in accordance with patient demands, legal requirements, and consumer expectations is known as PRM.
According to ISO 13485, manufacturers of medical devices must have a PRM process that is clearly defined and involves the following stages; planning, design and development, validation, production, monitoring, and measurement. Each of these stages essential for guaranteeing the security, efficiency, and dependability of medical equipment.
Companies must specify the PRM process’s parameters, pinpoint customer wants, and ascertain regulatory requirements during the planning phase. A thorough design specification must be created, prototypes must be developed, and risk analysis must be done during the design and development process. The device is put through testing during the validation process to make sure it complies with all requirements and specifications.
Once the device has been validated, it can enter the production phase, where it is manufactured according to the approved design and production processes. Next, the monitoring and measurement phase involves ongoing monitoring of the device’s performance and the implementation of corrective actions if necessary.
ISO 13485 emphasizes the importance of document control throughout the PRM process. Medical device companies must maintain detailed records of all design and development activities, testing and validation results, and production processes. This documentation is critical for demonstrating compliance with regulatory requirements and for ensuring the safety and effectiveness of medical devices.
The Difference Between ISO 13485 and Other Medical Device Standards
EN ISO 13485: EN ISO 13485 is simply the European version of ISO 13485; the requirements of both are identical, and all of ISO 13485 is included within EN ISO 13485. The difference between the two standards lies in the inclusion of several tables in EN ISO 13485 that can help teams meet the requirements of three European directives for medical devices (EU directives 90/385/EEC, 93/42/EEC, and 98/79/EC). The tables in EN ISO 13485 align the requirements of ISO 13485 with these European directives, allowing teams to see how adoption of the standard will help meet the requirements of the directives.
It’s important to note that the European Union Medical Device Regulation (EU MDR), released in 2017, supersedes the previous EU directives. A future release of EN ISO 13485 is expected to show alignment with the EU MDR.
ISO 9001: ISO 13485 is based on ISO 9001:2008, which is an internationally recognized standard for QMS in any organization or industry. However, ISO 13485 goes beyond the ISO 9001 standard to address the specific needs of the medical device industry. Additional requirements for the medical device industry include:
- Specific documentation requirements for medical device files
- Work environment and contamination control requirements
- Production requirements that address cleanliness of products and assurance of a sterile environment where appropriate
- Regulatory reporting guidance
It’s important to recognize that ISO 13485 aligns with the 2008 version of ISO 9001 — not the 2015 version. The ISO 9001:2015 includes requirements that were not deemed relevant to the medical device industry, so the ISO 9001:2008 remains the standard most closely aligned with ISO 13485.
ISO 14971: ISO 14971 and ISO 13485 are related, but ISO 14971 includes greater detail regarding risk management requirements. The two standards work together to create a QMS that addresses the full spectrum of requirements unique to the medical device industry.
RELATED ARTICLE: A Guide to Understanding ISO Standards
Analysis & Improvement
The goal is to continually improve the effectiveness and efficiency of the system to meet customer and regulatory requirements and enhance overall product quality. The ISO 13485 quality control system must therefore include measurement, analysis, and improvement. To track the performance of the system and find areas for improvement, this method entails developing metrics and gathering data. Performance is frequently assessed using key performance indicators (KPIs), such as client satisfaction, product quality, and on-time delivery.
Data analysis is used to find patterns and trends that can shed light on the underlying causes of quality problems. This entails locating and recording non-conformities, putting necessary corrective and preventative measures in place, and assessing how well they work. The ISO 13485 standard also highlights how crucial risk management is to the process of measurement, analysis, and development.
Continual improvement is a key principle of ISO 13485. Organizations are required to establish a process for identifying and implementing opportunities for improvement, which often includes necessary adjustments to the QMS, design, or manufacturing processes.
Key Takeaways from Our Complete Guide
- ISO 13485 and systems thinking go hand-in-hand; teams will find that adoption of ISO 13485 directs them toward systems thinking.
- Adoption of this standard will streamline processes and position medical device teams for better regulatory outcomes.
- ISO 13485 is a stand-alone document; however, it closely aligns with ISO 9001:2008 and EN ISO 13485.
- ISO 13485 and ISO 14971 are related, but ISO 14971 is more focused on risk management – the two standards can be used in tandem.
- This standard is not mandatory; teams can develop a Quality Management System (QMS) without the standard as long as it meets regulatory requirements. However, adoption of the ISO 13485 will create a QMS that is ideally positioned to meet the requirements of various regulatory and legislative entities, including the EU.
Jama Software’s Complete Guide to ISO 13485 for Medical Device Development covers requirements for adherence, the difference between ISO 13485 and other medical device standards, and steps for successful adoption and certification.
Download The Complete Guide to ISO 13485 for Medical Device Development to untangle everything there is to know about this important standard.
In This Webinar, Learn the Critical Challenges to Reducing Risk in Product Development and More
ISO: International Organization for Standardization
Ready to Find Out More?
Our team of experts is here to answer any questions and learn how we can help enable your continued success. Get started by filling out this form so we can connect!