Three Major Opportunities Within ISO 13485:2016
The revised ISO 13485:2016 standard brings changes. Your organization will have to invest time and resources responding to the changes and complying with the new requirements. We recommend reframing this effort—which is necessary to retain certification—as a series of changes and opportunities.
For example, here are three major changes in ISO 13485:2016 and the opportunities arising from these changes:
The ISO 13485:2016 standard’s clause structure is not aligned with the clause structure of ISO 9001:2015.
Impact and Opportunity: If your organization holds certifications to both standards, you should assume that future certification audits will require more time to complete, because the auditors will be working with different standard structures. You will also need more time to conduct internal audits. In addition, the revised ISO 13485:2016 standard eliminates the use of italicized text to indicate changes in relation to ISO 9001. You can now find the correspondence between ISO 13485:2016 and ISO 9001:2015 in Annex B (informative) of ISO 13485:2016.
The good news: Your organization does not have to align its documentation to the clause structure of either standard. This freedom offers an opportunity to take a step back and design a quality system that better reflects your organization’s business processes and complies with requirements.
ISO 13485:2016 addresses risk from a broader perspective across multiple clauses. ISO 13485:2003 addressed risk only in Clause 7 (Product Realization).
Impact and Opportunity: Clause 4.1 – General Requirements still functions as the anchor clause of the standard. It requires your organization to “apply a risk-based approach to the control of the appropriate processes needed for the quality management system.” In the areas of monitoring and measurement, under Clause 8.2.1 – Feedback, the standard anticipates that the feedback process will generate input for risk management.
Effective risk management demands the involvement of top management. The new risk requirements present an opportunity to encourage your top management to take an active role in managing the QMS and aligning it with your company’s business strategy.
ISO 13485:2016 has significant new requirements related to supplier management, an area of great concern to global regulators.
Impact and Opportunity: The new standard clearly states that your organization retains responsibility for conformity. It includes more explicit requirements related to the criteria for evaluation and selection of suppliers. These criteria must consider elements such as the supplier’s ability to provide products that meet requirements, supplier performance, the impact of the supplied product on the quality of the medical device, and associated risks.
These changes offer the opportunity—and justification—to establish more robust supplier agreements that reflect underlying risk and reexamine supplier criteria, selection, and management.
How you approach the ISO 13485:2016 transition is your choice. You can do just enough to retain your certification or you can use the new requirements to prompt needed improvements at your organization.
Author: Oriel STAT A MATRIX