With the much anticipated and long overdue update to ISO 13485 moving out to the end of the year and probably into 2016, it looks like medical device companies can breathe easy for a little while longer, before beginning the revamp of their Quality Management System.

Is it time to relax though?

Time to breathe easy?Before you relax too much, consider that people often miss out chunks of the current version of the standard, or focus on its content; forgetting about hot topics that are not currently well defined. Their absence in development projects gives me a headache on a regular basis. Headaches that are cured when we resolve things like;

  • Traceability from the initial requirements through to what has been validated and is (hopefully) about to be manufactured for the market. Often traceability is done late on in development and unsurprisingly, holes are found in the design and testing. Sometimes it’s that critical or frequently used functions were overlooked in test design, other times that testing crept to include parameters or functions that weren’t part of the device design.
  • Test results during development that can be held up to scrutiny (i.e. the equipment was qualified and the method validated). Quick and dirty tests are often called for by design engineers, and certainly have a place in concept development. Saying its “just for development” or the data is “for information only” may seem fine at the time, but as soon as you try to use the data to support a decision… or, I hesitate to say it, transfer a test method from supplier to manufacturer, what then? This seems particularly prevalent where computers, software and spreadsheets are brought into the mix.

  • That the true purpose of Design Verification is to answer the question “did we design the device right”, so designing the verification study to answer that “simple” question,
  • Design Validation confirming that “we designed the right device” for its users and their needs. Nothing more, nothing less,
  • Writing down why decisions were made and requirements defined as they were (i.e. rationales),
  • Transfer of information and development activities between partners, even when they’re part of the same organisation. This seems particularly tricky when design or development activities are transferred from, for example a supplier or design originator, to the eventual device manufacturer, or the industrialisation partner.

All these are slated for inclusion in the revised ISO 13485, so you can perhaps sense that they’re important aspects of device development.

I go further than that, to say they’re integral aspects of good business; knowing who you’re developing a product for; ensuring that your development works towards those goals; having sound, reliable data to make business decisions upon; knowing that what you’ve developed is technically robust and is the right product for your market. Importantly, you will save significant sums of money by covering these aspects well, as you go along, rather than leaving things and then fixing the inevitable gaps later on.

The elephant in the room

The bad news (depending on how you look at it) is that EN ISO 9001,wide eyed which has undergone significant changes, is scheduled to become effective at the end of 2015.

Many commentators say that this will have a significant impact on medical device manufacturers who currently claim compliance with both standards. The new version of ISO 9001 will focus on risk management, with an emphasis on leadership, objectives, measurement and change.

What does this have to do with ISO 13485?

Well the revision has snuck in the requirement that all QMS built around ISO standards will have to comply with the new requirements and core content of ISO 9001. This impacts some areas that were not covered in the proposed updates to ISO 13485, probably meaning further delays for the new version.

So, the revised 13485 standard will need to cover;

  • Management responsibility
  • Corrective Action Preventative Action (CAPA)
  • Software validation
  • Supply chain
  • Outsourcing
  • Risk management
  • Post market activities
  • Process validation
  • Product lifecycle management
  • Alignment with ISO 9001

Happily, the headaches I mentioned earlier will still all be covered by these revisions. I look forward to my life being made a little easier, once organisations have transitioned from the current version.

What to do in the meantime

The activities we’ll see in the revised ISO 13485 make good business sense for healthcare organisations right now.

If, like me, you see the benefits, perhaps you will want to act sooner, rather than wait until the new standard comes into force. Adding the missing elements now will give you an advantage today, tomorrow; and help reduce the burden of change later on.