|Orthopedic technologies such as the OsteoPrecision bone graft delivery system are among the thousands of medical devices that meet ISO 13485 regulatory requirements.|
To achieve a comprehensive quality management system for designing and manufacturing medical devices, manufacturers are increasingly achieving ISO 13485 certifications. Officially designated as ISO 13485:2003, this series of international standards has widespread commercial implications but is also squarely focused on improving patient safety. It requires that manufacturers demonstrate the ability to provide medical devices and related services that consistently meet customer and regulatory requirements. The newest version of ISO 13485 supersedes such earlier documents as ISO 13485:1996 and ISO 13488 (both published in 1996), as well as EN 46001 and EN 46002 (both published in 1997).
ISO 13485 was authored by the Geneva–based International Organization for Standardization (ISO), the world's largest developer of international standards. In order to avoid compromising their competitiveness, medical device manufacturers are being pressured to comply with this standard. Indeed, for companies seeking access to international markets, conformity with ISO 13485’s regulatory requirements is fast becoming a universal prerequisite.
Achieving ISO 13485 Compliance
From 2004 through 2012, a total of 22,237 ISO 13485 certificates were issued worldwide in 93 countries, according to the ISO. From 2010 to 2012, company certifications rose a cumulative 18%—an average of 6% per year. In 2012 alone, the percentage of certifications doubled, increasing by 12% percent. Overall, the number of certifications in 2012 was 240% higher than that in 2011. In 2012, ISO certifications were highest in Italy, the United States, and the UK, Today, the largest number of certified companies is in the United States, followed by Germany and Italy.
A 2011 Covidien-commissioned survey of 900 medical device manufacturers showed that 37% of responding companies had become ISO 13485 certified to meet regulatory requirements. At the same time, 31% had become certified to support regulatory approval of products or services, while 28% had become compliant to meet customer requirements.
ISO 13485 defines a medical device as any instrument, apparatus, implement, machine, appliance, implant, in vitro reagent or calibrator, software, material, or other similar or related article that is intended by the manufacturer to be used alone or in combination. Receiving ISO 13485 certification requires an evaluation of all aspects of a company’s business processes and procedures to confirm conformity with the requirements outlined in the standard. Registration signifies that a manufacturer has implemented an integrative management system that complies with the applicable regulatory requirements for quality management.
To achieve ISO 13485 certification, companies must develop written policies for executing the following tasks:
- Document and record controls.
- Internal auditing procedures.
- Controls for nonconformance.
- Corrective and preventative actions.
- Process and design controls.
- Record retention.
- Accountability and traceability.
By achieving ISO 13485 certification, medical device manufacturers can hope to gain
- Access to markets that recognize or require certification, including Canada and Europe.
- Reduced operational costs by highlighting process deficiencies and improving efficiency.
- Increased customer satisfaction by consistently delivering quality products and systematically addressing complaints.
- Proven commitment to quality by adhering to an internationally recognized standard.
- Added transparency in handling complaints, surveillance, or product recalls.
ISO 13485 versus Other Standards
Along with ISO 9001, ISO 13485 requirements are among the most comprehensive of the approximately 19,000 standards developed by ISO, serving as the model for quality management systems. The fundamental difference between ISO 9001 and ISO 13485 is that the former requires companies to demonstrate continuous improvement, whereas the latter requires them only to demonstrate that the quality system has been implemented and maintained.
Although generally harmonized with ISO 9001, ISO 13485 includes particular requirements for medical devices and excludes some of the requirements of ISO 9001 that are not appropriate to quality standards in the medical device manufacturing industry. Because of these exclusions, companies whose quality management systems conform to ISO 13485 do not necessarily conform to ISO 9001 unless they have already acquired ISO 9001 certification. Consequently, many companies are certified to both standards. Specifically, ISO 13485
- Views the promotion and awareness of regulatory requirements as a management responsibility.
- Expects companies to control the work environment to ensure product safety.
- Expects companies to focus on risk management and design transfer activities during product development.
- Contains specific requirements mandating how companies must inspect and trace implantable devices.
- Contains specific requirements for documenting and validating processes for sterile medical devices.
- States that companies must maintain effective processes for designing, manufacturing, and distributing medical devices safely.
While FDA does not formally recognize ISO 13485 certification, the quality system requirements covered by Current Good Manufacturing Practices overlap with many ISO 13485 requirements.
ISO 13485 addresses most, or all, of the quality system requirements in the U.S., European, Australian, Japanese, and Canadian markets. Within the European Union, it is now considered to be the standard for medical devices, although such devices were previously covered by the Global Harmonization Task Force (GHTF) guidelines, which are gradually becoming universal standards for the design, manufacture, and export of medical devices. Adopted by the European Committee for Standardization, ISO 13485 has been harmonized as EN ISO 13485:2012.
Compliance with ISO 13485 is a necessary step in achieving compliance with European regulatory requirements. According to European Economic Committee decrees, medical device companies must undergo a conformity assessment to acquire the CE mark and receive permission to sell a medical device in the European Union. The preferred method for proving conformity is to certify the implementation of a quality management system according to ISO 13485, ISO 9001, and ISO 14971. The latter standard details the requirements for applying a risk management system to medical device manufacturing.
Patient safety and risk management remain critical focuses of increasingly strict government and private sector regulatory agencies. In turn, tighter standards and regulations, such as ISO 13485, are pushing medical device manufacturers and suppliers to change their operating procedures and comply with the new guidelines. Failure to do so can cause them to lose market share or even the ability to sell their products in some markets.
Tens of thousands of medical device manufacturers and their suppliers internationally have adopted ISO 13485, and thousands more are moving through the approval process at escalating rates. Ultimately, this development will benefit patients.
Jodi Raus is director of regulatory, clinical, and quality affairs at Westlake, OH–based Nordson Medical. Reach her at [email protected].