Alexa Sussman, Content Marketing Writer, EtQ03.15.18
Medical device regulations are changing rapidly, and companies have limited time to comply.
The deadline for ISO 13485:2016 is March 1, 2019, so organizations have just over a year to comply. Up until February 2018, organizations were able to be accredited to either the 2003 or 2016 version of the standard, but in this third year before the deadline, only the 2016 certificates will be issued.
Some institutions have even tighter deadlines for the transition. Health Canada requires all medical device companies to comply with the Medical Device Single Audit Program (MDSAP) and ISO 13485:2016 by January 2019 to continue selling products. These companies now have less than a year to finalize their compliance.
Although transitioning to a new revision of standards may require a lot of time and effort, organizations should not be worried. These standards are mutually beneficial and will pay off for organizations in the long run.
Certifying to ISO 13485:2016 can provide improvements to the product submission process for international participants of the MDSAP: Australia (TGA), Brazil (ANVISA), Canada (Health Canada), Japan (MHWL/PMDA), and the United States (U.S. Food and Drug Administration—FDA). In return, the MDSAP leverages the investment to certify to ISO 13485:2016 and utilizes those audit metrics.
Visibility into Organization-Wide Goals
The regulatory certification processes are urgent as deadlines are approaching. Medical device companies should be adapting to ISO 9001:2015 and ISO 13485:2016 as soon as possible to sustain audit readiness.
To achieve this successfully, companies need visibility into organization-wide goals. Since ISO 13485:2016 places greater emphasis on quality throughout the supply chain and the entire product lifecycle, quality becomes a high-level activity in all processes rather than a siloed activity.
ISO 13485 is marked with an underlying theme of harmonization of regulatory requirements across multiple stakeholders and from manufacturer to manufacturer. This, combined with an emphasis on risk and improvement mechanisms like CAPA and post-market feedback, gives visibility into organization-wide goals.
An Automated Quality Management System Can Ease Transitions
Having a single integrated solution improves the overall effectiveness of a company’s processes. Having one site lets users find all quality solutions based on the required changes. There are a few specific areas where having an automated, centralized Quality Management System (QMS) proves beneficial in helping to keep up with regulatory changes in the following ways.
Document Control. Centralizing document control strengthens the link with regulatory documentation. Users can create, store, and share necessary and supplementary files for training, production, supplier agreements, and more. This provides improved visibility into communication and dissemination of information. The result is increased accountability and involvement in changing processes due to new standards.
An automated process also creates a controlled environment for the creation of, revision of, and access to information. That way, there is confidence in the fact that all information is accurate, secure, and not adulterated in any way.
Risk management. Risk is considered in the context of the safety and performance of medical devices in meeting regulatory requirements beyond product realization. Combined with the many risk-driven standards in ISO 13485, risk management becomes a fundamental part of quality management.
An automated QMS provides a systematic way to measure and mitigate risk. Some of these tools include:
Automating the audit process with QMS software lets users automatically schedule audits to help maintain compliance and to test new processes to ensure they are up to new standards. Audit templates can be stored for easy access. Additionally, internal audits can be conducted to identify weaknesses in new procedures. They can also be linked to corrective action to take improvement measures.
Corrective and Preventive Action (CAPA). A CAPA tool lets organizations get back on track quickly in the case of an adverse event. An automated system assists in discovering the root cause, planning and executing a corrective action, planning and executing a preventive action, and verifying the effectiveness of the corrective action.
A good CAPA process links to other quality processes like audit management and risk management to provide improved visibility and transparency and support continuous improvement efforts.
Customer feedback and complaint handling. Customers are a great source of honest feedback beyond basic product specification measurements. Automating this process lets users collect, organize, and analyze customer feedback. Linking this with risk tools sorts feedback items into what needs corrective actions and how quickly these actions must be executed.
The latest standard revisions place an emphasis on complaint handling and reporting to regulatory authorities in accordance with requirements. Post-market surveillance is a component of ISO 13485:2016 and is a great tool for learning the real-world successes and issues with products.
Supply chain management. Since ISO 13485:2016 focuses on risk management and process efficiency throughout all phases of the lifecycle, supply chain management becomes increasingly important. The ISO standards extend to all parties involved with manufacturing at any stage, so a company’s quality standards must extend to its suppliers.
With an automated QMS, suppliers can be kept involved in internal quality standards without sacrificing security or sensitive information. Users can launch supplier corrective actions from within an internal system to quickly and efficiently settle any issues with external parties. Additionally, a QMS allows companies to store a profile for each supplier, with an activity history and rating, so there is a detailed record of how each supplier fits into the quality strategy.
Data integrity. In recent years, the FDA discovered a troubling trend of data integrity (completeness, consistency, and accuracy of data) violations within GMP inspections. In 2016, the FDA issued official guidance in an effort to strengthen companies’ recordkeeping systems. The European Commission is recognizing the importance of data integrity as well, and thus released Annex 11, which is a set of standards for managing data in computerized systems.
Automated systems provide a significant advantage over paper-based and manual systems in terms of data integrity. Some tools that help to record, track, and report accurate data include:
Although it may seem like adjusting to a new revision of standards is a lot to handle, it can be a very smooth process with an automated QMS. That’s because an automated QMS is a single integrated solution with risk as a core feature that can be leveraged in each process.
With a single solution, there is visibility into end-to-end processes for the entire lifecycle of products. A single solution supports one standardized process based on harmonized, organization-wide requirements and standards.
Alexa Sussman is a marketing content writer for ETQ . She is responsible for developing and writing content for EtQ, a leading enterprise quality and compliance management software provider.
The deadline for ISO 13485:2016 is March 1, 2019, so organizations have just over a year to comply. Up until February 2018, organizations were able to be accredited to either the 2003 or 2016 version of the standard, but in this third year before the deadline, only the 2016 certificates will be issued.
Some institutions have even tighter deadlines for the transition. Health Canada requires all medical device companies to comply with the Medical Device Single Audit Program (MDSAP) and ISO 13485:2016 by January 2019 to continue selling products. These companies now have less than a year to finalize their compliance.
Although transitioning to a new revision of standards may require a lot of time and effort, organizations should not be worried. These standards are mutually beneficial and will pay off for organizations in the long run.
Certifying to ISO 13485:2016 can provide improvements to the product submission process for international participants of the MDSAP: Australia (TGA), Brazil (ANVISA), Canada (Health Canada), Japan (MHWL/PMDA), and the United States (U.S. Food and Drug Administration—FDA). In return, the MDSAP leverages the investment to certify to ISO 13485:2016 and utilizes those audit metrics.
Visibility into Organization-Wide Goals
The regulatory certification processes are urgent as deadlines are approaching. Medical device companies should be adapting to ISO 9001:2015 and ISO 13485:2016 as soon as possible to sustain audit readiness.
To achieve this successfully, companies need visibility into organization-wide goals. Since ISO 13485:2016 places greater emphasis on quality throughout the supply chain and the entire product lifecycle, quality becomes a high-level activity in all processes rather than a siloed activity.
ISO 13485 is marked with an underlying theme of harmonization of regulatory requirements across multiple stakeholders and from manufacturer to manufacturer. This, combined with an emphasis on risk and improvement mechanisms like CAPA and post-market feedback, gives visibility into organization-wide goals.
An Automated Quality Management System Can Ease Transitions
Having a single integrated solution improves the overall effectiveness of a company’s processes. Having one site lets users find all quality solutions based on the required changes. There are a few specific areas where having an automated, centralized Quality Management System (QMS) proves beneficial in helping to keep up with regulatory changes in the following ways.
Document Control. Centralizing document control strengthens the link with regulatory documentation. Users can create, store, and share necessary and supplementary files for training, production, supplier agreements, and more. This provides improved visibility into communication and dissemination of information. The result is increased accountability and involvement in changing processes due to new standards.
An automated process also creates a controlled environment for the creation of, revision of, and access to information. That way, there is confidence in the fact that all information is accurate, secure, and not adulterated in any way.
Risk management. Risk is considered in the context of the safety and performance of medical devices in meeting regulatory requirements beyond product realization. Combined with the many risk-driven standards in ISO 13485, risk management becomes a fundamental part of quality management.
An automated QMS provides a systematic way to measure and mitigate risk. Some of these tools include:
- Risk matrix: A risk matrix is a versatile tool that can be used in almost any situation where hazards are present. Users can quantify the risk associated with a particular item by plotting the severity and the frequency on axes that correlate with pre-defined levels of acceptability. These graphic representations are color-coded and easily digestible.
- Decision tree: A decision tree is a flowchart that either explores the outcomes of actions vs. their alternatives or provides a set of questions and possible outcomes to help firms make the right choice.
- Bowtie model: The Bowtie model helps to visualize the causes and effects of incidents that are unlikely, but potentially catastrophic. In the case of medical devices, this would be an event like a cybersecurity breach on interoperable devices.
Automating the audit process with QMS software lets users automatically schedule audits to help maintain compliance and to test new processes to ensure they are up to new standards. Audit templates can be stored for easy access. Additionally, internal audits can be conducted to identify weaknesses in new procedures. They can also be linked to corrective action to take improvement measures.
Corrective and Preventive Action (CAPA). A CAPA tool lets organizations get back on track quickly in the case of an adverse event. An automated system assists in discovering the root cause, planning and executing a corrective action, planning and executing a preventive action, and verifying the effectiveness of the corrective action.
A good CAPA process links to other quality processes like audit management and risk management to provide improved visibility and transparency and support continuous improvement efforts.
Customer feedback and complaint handling. Customers are a great source of honest feedback beyond basic product specification measurements. Automating this process lets users collect, organize, and analyze customer feedback. Linking this with risk tools sorts feedback items into what needs corrective actions and how quickly these actions must be executed.
The latest standard revisions place an emphasis on complaint handling and reporting to regulatory authorities in accordance with requirements. Post-market surveillance is a component of ISO 13485:2016 and is a great tool for learning the real-world successes and issues with products.
Supply chain management. Since ISO 13485:2016 focuses on risk management and process efficiency throughout all phases of the lifecycle, supply chain management becomes increasingly important. The ISO standards extend to all parties involved with manufacturing at any stage, so a company’s quality standards must extend to its suppliers.
With an automated QMS, suppliers can be kept involved in internal quality standards without sacrificing security or sensitive information. Users can launch supplier corrective actions from within an internal system to quickly and efficiently settle any issues with external parties. Additionally, a QMS allows companies to store a profile for each supplier, with an activity history and rating, so there is a detailed record of how each supplier fits into the quality strategy.
Data integrity. In recent years, the FDA discovered a troubling trend of data integrity (completeness, consistency, and accuracy of data) violations within GMP inspections. In 2016, the FDA issued official guidance in an effort to strengthen companies’ recordkeeping systems. The European Commission is recognizing the importance of data integrity as well, and thus released Annex 11, which is a set of standards for managing data in computerized systems.
Automated systems provide a significant advantage over paper-based and manual systems in terms of data integrity. Some tools that help to record, track, and report accurate data include:
- Controlled access: When multiple users share login information, nothing can be attributed to a specific person. Automating the process gives each person unique credentials that give access to pre-defined areas, so deletion or alteration of data is not possible. It fosters accountability and prevents backdating data or altering specifications.
- Audit trails: Automating audits provides a timeline of events related to creating, modifying, or deleting data as well as any attempts to rename, delete, or move files. The FDA considers audit trails an important part of an organization’s official records, so relying on an automated QMS to capture information such as test results, sample run sequences, identifications, and process parameters helps to maintain data integrity and more easily pass inspections.
- Calibration and maintenance schedules: Many recordkeeping violations come from failure to maintain adequate records of equipment maintenance. An integrated QMS allows users to automate calibration and maintenance schedules, as well as capture the results.
Although it may seem like adjusting to a new revision of standards is a lot to handle, it can be a very smooth process with an automated QMS. That’s because an automated QMS is a single integrated solution with risk as a core feature that can be leveraged in each process.
With a single solution, there is visibility into end-to-end processes for the entire lifecycle of products. A single solution supports one standardized process based on harmonized, organization-wide requirements and standards.
Alexa Sussman is a marketing content writer for ETQ . She is responsible for developing and writing content for EtQ, a leading enterprise quality and compliance management software provider.