ISO 13485 2003

INTRODUCTION

INTRODUCTION TO ISO

ISO is the International Organization for Standardization.
It was set up in 1947 and is located in Geneva, Switzerland.
Its purpose is to facilitate and support international trade
by developing standards that people everywhere would
recognize and respect. ISO achieves this purpose through
the participation and support of its member bodies. These
member bodies currently come from 150 countries.

ISO standards are developed by technical committees.
The people who serve on these technical committees come
from many national standards organizations. Consequently,
ISO standards tend to have worldwide support. ISO 13485
was developed by ISO Technical Committee 210. ISO/TC 210
is responsible for “quality management and corresponding
general aspects for medical devices”.

INTRODUCTION TO ISO 13485

Use ISO 13485 2003:

• To establish a quality management system that
  is oriented towards the design, development,
  production, and installation of medical
  devices and related services.

• To demonstrate your ability to supply medical devices
  and related services that meet customer expectations
  and comply with regulatory requirements.

• To evaluate how well your organization is able
  to meet customer expectations and comply
  with regulatory requirements.

• To become certified or registered.

ISO 13485 is not a product standard. It’s a process standard.
Therefore, it’s not enough to establish a quality management
system that complies with the ISO 13485 standard, you also
need to comply with all relevant product and service
oriented technical standards and regulations.

ISO 13485 VERSUS ISO 9001

ISO 13485:2003 is based on the ISO 9001:2000 quality
management standard. Both standards are organized
in the same way and use basically the same numbering
system. In addition, most of the ISO 13485 requirements
are taken directly from ISO 9001 without modification.

However, some ISO 9001 requirements were modified
and others were excluded. Of course, ISO 13485 also
includes a special set of requirements specifically related
to the supply of medical devices and related services.
In general, ISO 13485 is made up of two kinds of
requirements: old ISO 9001 requirements and new
requirements that are specifically related to medical
devices and associated services.

ISO 13485 excludes ISO 9001 requirements related to
continual improvement and customer satisfaction. Continual
improvement is excluded because most medical device
regulations require organizations to maintain their quality
management systems, not to improve them. And customer
satisfaction is excluded because committee members
thought it was too subjective.

When ISO 9001 wants you to document a procedure, it also
wants you to implement and maintain it. Section 4.2.1 of
ISO 13485 expands on this idea by including requirements,
activities, and special arrangements. More precisely:

• When ISO 13485 wants you to document a
  procedure, the standard also wants you to
  implement and maintain it.

• When ISO 13485 wants you to document a
  requirement, the standard also wants you
  to implement and maintain it.

• When ISO 13485 wants you to document
  an activity, the standard also wants you
  to implement and maintain it.

• When ISO 13485 wants you to document
  an arrangement, the standard also wants
  you to implement and maintain it.

But you don’t have to remember this rule. Our plain English
publication (Title 45) makes this expectation explicit
whenever a procedure, requirement, activity, or special
arrangement must be documented. It does so by explicitly
asking you not only to document it but also to implement
and maintain it.

ISO 13485 also places a greater emphasis on the use
of procedures to regulate and control how activities and
processes should be performed. In this sense, ISO 13485 is
somewhat more prescriptive than ISO 9001. ISO 9001 often
leaves it up to you to decide how work should be controlled,
whereas ISO 13485 seems to have removed some of this
flexibility by insisting on the use of formal procedures.

Since ISO 13485 is all about medical devices and related
services, it of course adds many new requirements
to address the specific needs of this industry. Our
plain English publication (Title 45) highlights these
new requirements by using blue text and a different font.

POSSIBLE EXCLUSIONS

ISO 9001 2000 says that you may exclude or ignore some
requirements if you can justify doing so. You can exclude
section 7 product realization requirements if you cannot
apply them because of the nature of your organization and
its products. Similarly, ISO 13485 2003 says that you can
exclude section 7 requirements if they are not applicable
in your situation because of the nature of your
organization's medical devices.

You may also exclude section 7.3 design and development if
official regulations allow you to do so and if you have made
alternative arrangements that comply with these regulations.

Occasionally ISO 13485 uses the phrase “if appropriate” or
“where appropriate”. When a requirement uses this phrase,
you may ignore or exclude it if you can justify doing so.

Whenever you decide to exclude or ignore an ISO 13485
requirement make sure that you’ve got a good reason. Make
sure you can justify and explain why, and make sure this
explanation is documented in your quality manual.

HOW TO DEVELOP A QMS

In order to become certified, you need to develop a
quality management system (QMS) that complies with
the ISO 13485 2003 standard. But how do you do that?

One common approach is to carry out a Gap Analysis.
Such an analysis will identify the gaps that exist between
the new standard and your organization's processes. Once
you know exactly what and where your gaps are, you can
take steps to fill them. And once all of your gaps are filled,
your quality management system will be ISO 13485 2003
compliant. By using this approach, you will not only meet
the new ISO 13485 standard, but you will also improve the
overall effectiveness of your quality management system.

If you need to develop a quality management system that
meets the new ISO 13485 2003 standard, we suggest that
you use our Gap Analysis Tool (Title 46). Our Tool will tell
you what you need to do to meet the new Standard. 

Use our ISO 13485 Gap Analysis Tool either to develop a
brand new quality management system or to upgrade your
existing system. If you're currently ISO 13485:1996 or
ISO 13488:1996 certified, you can use our Gap Analysis
Tool to upgrade your quality management system to the
new ISO 13485 2003 standard. And if you're currently ISO
9001, 9002, or 9003 certified you can use our Gap Analysis
Tool to ensure that your quality management system
complies with the new ISO 13485 2003 standard.

Once you've completed your Gap Analysis and filled all
of the gaps, you're ready to ask a Registrar to audit the
effectiveness of your quality management system. If
your auditors like what they see, they will certify that your
quality system has met ISO's requirements. They will
then issue an official certificate to you and record your
achievement in their registry.

Definitions for ISO 13485 Quality Standard for Medical Devices

Plain English Overview of ISO 13485 2003 Quality Standard

ISO 13485 2003 Standard Translated into Plain English

How to Develop an ISO 13485 Quality Management System

ISO 13485 2003 Internal Audit Program

ISO 13485 2003 Gap Analysis Tool

PRAXIOM RESEARCH GROUP LIMITED
9619 - 100A Street, Edmonton, Alberta, T5K 0V7, Canada
Telephone: (780)461-4514 info@praxiom.com

Updated on October 19, 2008. On the Web since May 25, 1997.