Expert: ISO 13485 Keeps Eye on Quality, But Revisions Could be Problematic

The revised ISO 13485 is intended to maintain non-negotiable levels for quality and safety requirements, but one expert says the standard has gone too far in an attempt to satisfy everybody involved in quality management systems.

Improvements in the new version, released last week, include broadening its applicability to include all organizations involved in the life cycle of the product, from concept to end of life, greater alignment with regulatory requirements and a greater focus on post-market surveillance including complaint handling.

ISO 13485:2016, Medical devices - Quality management systems – Requirements for regulatory purposes also has a greater emphasis on having the appropriate infrastructure, particularly for the production of sterile medical devices, and more focus on risk management, ISO says.

Wil Vargas, secretary of the technical committee responsible for the revision, says the new version will provide even greater confidence to stakeholders, including consumers.

“Not only will it allow organizations to demonstrate compliance with regulatory requirements, but it will help all organizations involved in the development, distribution and maintenance of medical devices improve their processes, better manage risks and ultimately improve the quality of what they do,” he says.

However, Dan O’Leary, president of Ombu Enterprises, says while the changes in the new standard include many of the issues raised in FDA’s QSR, as well as other issues from a variety of regulatory regions, it appears the new standard rewords and changes many of the requirements.

“This has the potential to create further confusion in implementing a medical device quality management system, especially when it must satisfy both QSR and ISO 13485:2016,” he tells IDDM. “The inclusion of these accumulated requirements can help make a comprehensive standard, but one wonders if these changes are solutions looking for problems, i.e., after all the work to implement the new standard, will medical devices be safer and more effective?”

The new 13485, which revised a 2003 version, contains some significant changes, says John Beasley, senior consultant at MedTech Review. One item, in particular, is the section on validation of computer software. Compliance with the issue of validation of computer software could be a full time job at some companies, he says.

“The FDA has always had, since 1996, a requirement for validation of computer software that is used not only in production but also in the quality management system. But that requirement is not a specific item that is looked at in the QSIT audit that FDA investigators do,” he tells IDDM.

“So, I am asking the question, ‘What does your validation of computer software look like?’ and I’m encouraging people to get it ready because when the ISO auditor comes in for the new standard, they will look at it,” Beasley adds.

Another change worth noting involves management review of new and revised regulatory requirements, he says. “In the new version, it isn’t enough that you make management aware of the new and revised requirements. You need to document how management will respond to these modified requirements,” he explains.

“So when China comes up with new rules on clinical trials and you are coming for a revision to your medical device license in China, are you going to have to provide information on a clinical trial that will be acceptable to the China FDA? How are you going to respond? Are you going to investigate? Who are you going to investigate with?” he says. — Jonathon Shacat