Are you in a medical device company that doesn’t have a QMS compliant to ISO 13485? Maybe you are a start-up company that has just realized your product is a medical device or perhaps you are an existing company that just recently decided to get into the medical device world.
Whatever your motivation for thinking about implementing ISO13485, here are my best tips and tricks, that I think are absolutely key when setting up or adapting your QMS to ISO13485.
A common misbelief that I often encounter when working with medical device customers is that the QMS is something that the Quality Director handles, a bunch of documents to be shown for auditors, and that everyday operation is something performed on the side.
If you feel that this is true for your company you must start by educating your colleagues on what it really means to implement a QMS according to ISO13485, and also explain the benefits to your product quality and your business as a whole.
Start with the management team to get them completely on board first and then continue throughout your company.
Make sure the company management and all staff involved are committed, engaged, and truly believe in the benefits of a QMS.
Resources are important from two aspects. You need to have enough resources allocated for an ISO13485 QMS project but also ensure that the correct knowledge and competence is present.
A general rule is that all management and most staff must set time aside for an ISO13485 QMS project and ring-fence some resources dedicated to this project for a period of time. Make sure that it is not only people representing the Quality department (the management representatives, QA specialists and/or quality consultants) that have allocated time.
Ensuring competence will look different from company to company. Maybe you already have experienced ISO13485 experts within your organisation? Maybe you have allocated resources but they need a boost/training in ISO13485? Maybe you need to use expert consultants. If the latter is the case, a clever way to keep competence within the company and avoid over-dependence on consultants, is to appoint a person (the management representative) within your company that will be responsible over time to work alongside the hired expert. That way you can gradually phase out expert consultants when your in-house resources are ready and retain all the knowledge within your company.
When to start? Where to start? How to start? Questions are many, the answers can be different from company to company and planning is crucial.
Ask anyone who has been a part of ISO13485 QMS implementation project and we would all say,” the sooner the better” and there are good reasons for that. As soon as you are 100% sure your product is a medical device and you have classified it you should start building or adapting your QMS to ISO13485. Need help classifying your device? – Read our blog
It is important to understand that, in the medical device world, if an action such as a meeting or a verification test of your product is not documented, (i.e. no properly signed and saved record) it never happened!
To understand why you should start early and the consequences if you don’t, let us imagine that you do the opposite, which would be to fully design and develop your product first. You will then have a finished product, which you cannot take to market until you have gone back and retro fitted design and development records according to your QMS. This is both time consuming and inefficient compared to following a compliant design and development procedure when creating your product.
Furthermore, by following a compliant design control and product risk management procedure, you will design a safer medical device. You will probably also avoid some extra time-consuming detours, by thinking before doing and ensuring no crucial parts of your product are left behind, such as labelling and packaging.
If you are starting from a current QMS, possibly an ISO9001 system or an old ISO13485 system that has not been maintained properly I would start by doing a gap analysis of your current system towards ISO13485:2016. That way, you’ll get a good foundation for your project plan focussing on filling out the current gaps.
If you are starting from scratch, the key process required to allow you to proceed is a document control procedure, including record management. From then on everything you create will either be a controlling document (a process/procedure description), or a record (documented proof that an activity within a process is done).
With that complete, where to start depends on how far you have come with your product and also what type of business you are.
Let us assume that you are reading this when design and development is only in concept phase. Then I recommend you start building design control, product risk management and supplier control procedures, and move on to production control and monitoring and measuring procedures later.
If you already have finished your design and are in the middle of selecting suppliers then I would start with supplier control SOPs. Make sure to follow those as soon as possible and then maybe design control can wait a little, since you are already too late and will have to do catch-up recording.
Take the time you need to set up the processes you will follow. Preferably describe what you are already doing and make sure to involve your ISO13485 trained resources to ensure all necessary steps are included.
In this context – faster isn’t always better. It will be far more beneficial in the long run to involve the people who will be responsible for and working according to the procedures, than to have an outside consultant just write a procedure document. By involving the staff who will be working in the QMS, you are implementing your QMS while creating it. So, if they don’t have much time to spare, it may be a longer project, but you’ll end up with a functioning QMS.
Don’t believe anyone that states that they can help you go from nothing to a compliant ISO13485 QMS in 30 days. You will most probably will end up with a paper-product and not an established QMS.
If you are in the medical device industry, there will be more regulations and standards to consider than just ISO13485. Both ISO14971 – regarding risk management to medical devices -and EN 62366 – covering usability engineering to medical device – will almost always apply and should be integrated in your QMS.
If you are planning to market your product in Europe, you must at least consider Article 10 Chapter 9 in MDR regarding QMS. But it is also beneficial to integrate some of the other topics within your QMS, for example post-market surveillance and clinical evaluation.
If you are planning to market your product in USA, you must follow 21 CFR 820 (QSR).
My recommendation, whether you are an American or a European company, or from elsewhere, is to implement a QMS that is both compliant to QSR and ISO13485. The differences are so small that it is hardly any extra effort, and chances are you might expand your markets sooner than you think.
There are multiple benefits of implementing an electronic QMS and I’ll list just a couple below. My opinion and experience tell me that the cost of an eQMS will soon be paid back in the form of company efficiency, fewer audit remarks to handle and fewer resources working with easy but time-consuming administrative tasks.
The increase in remote working combined with the strict document control regulations in the medical device world, mean that obtaining signatures from multiple persons/functions within the organisation for every document could take days, or even weeks with a paper-based system. With an eQMS, it can be done within a minute.
Paper-based documents, requiring handwritten signatures, also need to be archived in a fire-proof physical archive, with strict version control so only the current version of the document is distributed within the organisation. All of this is done automatically in an eQMS and can be done while working from a home office or while travelling.
One of my best pieces of advice to medical device companies is not to wait until processes are perfect before starting to use them. It is better to release a first attempt and try to follow that. This is the best way to figure out what processes are working for your company and not.
Continuous improvements and risk management of processes are part of a well-functioning QMS and the best way to set up well functioning processes, that increase the quality of the end-product as well as achieving regulatory compliance. A QMS with several processes with a high version/revision number is often a sign of a healthy, well-maintained system.
So, start following your processes at a very early stage and don’t be afraid to change them. Update them continuously when you figure out better and more streamlined ways of working.
Independent of what the status of your QMS as a medical device company is, two key processes that you really want functioning well are your management responsibility, including management review procedure, and internal audit process. If these two processes are used and followed as intended by ISO13485 and QSR, they will drive and improve your QMS and increase business efficiency as well as the quality of your medical device in the long run.
A well thought out strategy and project plan will go a long way toward helping you build your ISO13485/QSR compliant QMS. You reading this is a very good sign you are on the right track.
So, in conclusion, start by training and educating yourself, your management and all staff; aim to achieve a common understanding that you need a well-functioning QMS. Allocate time and resources. Start building, documenting and using your processes and get into the habit of reviewing and constantly improving your QMS through management review and internal audit process.
If you get stuck, don’t hesitate to reach out to me or my colleagues at MedQdoc for more help and support.