ISO 13485 certification represents a formal accreditation to a set of standards from the International Organization for Standardization (ISO) describing requirements for the management system of medical device companies. ISO 13485 aims at facilitating a framework that aligns with the requirements of regulation agencies in the health care industry while maintaining a focus on customer satisfaction. This standard provides an international umbrella under which companies from different countries can comply.
The International Organization for Standardization leverages the wisdom of process experts from more than 160 countries to devise a common set of standards for various industry segments. Started in 1947, this organization has generated more than 18,000 standards. ISO 13485 forms one of the recent additions to the ISO portfolio. Published in 2003, these standards align with the ISO 9001 philosophy, which is one of the most globally adopted quality management standards, but tighten the requirements of medical device companies.
The philosophy of ISO 13485 focuses on customer safety. It specifies requirements that touch processes related to product design, manufacturing and distribution. Emphasis on risk management and process maintenance ensures that the probability of injury has been reduced to the minimum. It asks that the developer anticipates all possible scenarios that would impact the patient negatively. Documentation identifying and managing risk management must be present throughout the life cycle of the product. ISO 14971, the companion set of standards, lists the detailed requirements of good risk management.
ISO 13485 and FDA
ISO 13485 does not constitute a replacement for the Food and Drug Administration (FDA) Quality System Regulation (QSR). ISO 13485 provides a general framework that harmonizes the safety requirements of a family of regulation requirements from various countries. In fact, FDA participated in the development of ISO 13485. Therefore, a company that demonstrates compliance with 13485 most likely will be in alignment with the spirit of the FDA QSR.
Certification can be granted by an accreditation firm after formal audits have been performed. The International Organization for Standardization does not get involved in the certification process. This audit can be as short as a couple of days, or last one month or more. Audits are performed annually to monitor progress and correction. A complete assessment restarts every three years.
Four areas receive prime attention during a compliance audit. First, the auditors evaluate how well the company follows the regulatory requirements set by its country. Second, it investigates the risk management system integrated in the company to ensure that no process deviation may cause a patient’s injury. Third, auditors review the effectiveness of cleanliness and contamination controls. Finally, mechanisms used for clinical advisory alerts or recalls are inspected for efficiency. Some auditors may spend time on clinical trials performed by the company. For organizations manufacturing implantable technology, the auditors will further discuss the regulatory requirements associated with implants.