Expert: Complaint Handling, Risk Management Add Color to ISO 13485

Members of the medtech industry concerned that EU device regulations expected this summer will conflict with aspects of the new version of ISO 13485 can rest easy, one expert says.

Kim Trautman, executive vice president at NSF Health Services, reassured devicemakers during a recent FDAnews webinar that there should be no conflicts between the two, pointing out that European regulators helped in the revision process for the standard.

The new revision of ISO 13485 outlines the requirements for a comprehensive quality management system for the design and manufacture of medical devices and in vitro diagnostics and related processes and services.

Toward Global Harmonization

According to Trautman, the revision — unveiled in March — was intended to harmonize medical device regulatory activities worldwide, particularly as South American and Asian bodies are updating their quality standards.

For example, African nations have recently become actively involved in regulating medical devices, says Trautman. South Africa proposed medical device legislation two years ago, and Tanzania and other countries have formed the Pan-African Harmonization Working Party on Medical Devices and Diagnostics.

The latest version of the standard provides clarity on complaint handling — adding requirements that align with existing regulations — as well as risk management activities. In terms of the latter, Trautman advises industry to pay attention to the changes, adding “many manufacturers may have a bit of work to do … coming up to the level of risk management that’s now required.”

In addition, the 2016 version devotes an entire section specifically on design transfer, which refers to the process by which device design is translated to production.

Control of purchased product is also much more prominent in the new iteration, which references both external and internal suppliers.

One important item to note that while there is a three-year transition for 13485 2016, devicemakers shouldn’t rest on their laurels. After March 1, 2018, only certificates for 13485 2016 will be issued, so devicemakers should know what their certificate deadline or end date is and “what that means to switching to the new version,” Trautman said.

Further, all certifications to 13485 2003, or the EN2012 version, will become obsolete as of June 1, 2019.

Avoid Complacency

Trautman advises companies to obtain a copy of the revised standard as soon as possible.

“If somebody is telling you that the new version of the standard is not that different … they’re [probably] not very familiar with the new standard because there [are] quite a bit of subtle nuances that might not be obvious to a casual reader,” she said.

To understand the nuances of the revision, she recommends that staff members pore over the standard and compare it to the older version as “a lot of things could be easily overlooked.”

As companies transition, they should consider the resources they will need and conduct a gap analysis to assess areas requiring an overhaul.

She noted that the new version brings some aspects closer to 21 CFR 820, such as process validation and complaint handling. She noted that the software validation for quality management software addition closes the gap even further.

Trautman says that technical report 14969, which provides guidance on the application of ISO 13485, will not be updated. Instead, the body will provide a relatively new guidance mechanism in the form of a handbook to help manufacturers. It is in draft form, with final publication expected by the end of the year.