Sponsored By

New ISO 13485:2016 affects every link in medical manufacturing supply chain

The third edition of the international quality standard for medical manufacturing, ISO 13485:2016, was published on Feb. 24. There is a three-year transition period, but medical device manufacturers along with their suppliers should start their transition planning now, stresses John Beasley, founder and Senior Consultant at MedTech Review (Henderson, NV), which provides consultancy services to the global medical device industry.

Norbert Sparrow

March 1, 2016

4 Min Read
New ISO 13485:2016 affects every link in medical manufacturing supply chain

 (Henderson, NV), which provides consultancy services to the global medical device industry. Beasley took time out of his busy schedule to discuss some of the key changes in ISO 13485:2016 that will affect, in particular, the supply chain "in either direction, upstream and downstream," including contract injection molders and extruders.

Image courtesy Stuart Miles/freedigitalphotos.net.

A key aspect of the third edition is the "increased scope of application of the standard," says Beasley. "It applies to any organization involved in the life cycle of the medical device, including providers of technical services, component manufacturers, entities involved in regulatory work, such as European Union authorized representatives, even distributors and importers. The scope has opened up a lot, and this is new," says Beasley. It's a development that China, for one, has taken to heart, he adds.

"I was just in China in November, where I was invited to give a half-hour presentation to a group from a medical device association. More than 200 people showed up, all of whom were importers," said Beasley. Devices coming into China go through the free trade zone and are relabeled to Chinese specifications. "That is part of the supply chain," notes Beasley, adding that China is going to apply the new requirements of ISO 13485:2016 to this process. "That's one of the reasons I'm telling  everyone to start their transition planning now: The certification basis is going to increase, as everyone in the supply chain will seek a certificate, and I predict that will put a strain on registrars," said Beasley. Get in the queue early, he stresses, to avoid finding yourself on the wrong end of the bottleneck and discovering that you will have to wait several months for a certification audit.

Beasley also calls out the standard's new emphasis on a risk-based approach. A key change to the standard is the requirement to have a written quality agreement between the OEM and the contract injection molders, extruders or any other suppliers of products and services that describes controls in place that are proportionate to the risks of the devices involved.

"I just had meeting with a new client, an aerospace company that is moving into making precision machined components for medical devices," recounts Beasley. "It intends to make parts for implantable devices, so the risk is high. The amount of control you should expect will be higher than if you're injection molding a manifold or something. That's one place where risk comes in for a supplier," says Beasley.

Software clause will cause some headaches

Clause 4.1.6, which is also new to ISO 13485, involves software, and it has the potential to create a fair amount of angst, according to Beasley.

"It's equivalent to 21 CFR 820.70 (i) [Code of Federal Regulations, Title 21, Part 820, Automated Processes]. Since 1996, if you use software to automate production or any other part of a quality management system (QMS), then that software has to be validated," explained Beasley. While the requirement has been around for some time, it's not typically part of an FDA inspection, and in Beasley's experience, many companies either have weak validation or no validation at all. "Compliance is expensive, and sometimes companies might wait until they receive a Form 483 warning letter before making improvements," said Beasley. However, when your organization applies for ISO 13485:2016 certification, you're suddenly out of wiggle room. "If you are using software, you have to have a documented procedure for validating application of software used in a QMS and you have to validate it before you use it and, as appropriate, you have to revalidate if you make changes. Bear in mind that software is all around you," adds Beasley, "including things like your PLC."

This requirement will be brand new to companies that don't currently offer products or services to the U.S. market and have not had to deal with 21 CFR 820.70 (i) before. As for companies that do market to the United States and are certified to ISO 13485:2003, they no longer have the option of waiting for feedback from FDA before establishing a validation program for their software. The kicker, though, is that currently there is no ISO standard that provides guidance on meeting this requirement, adds Beasley. ISO 80002-2 is under development and is specific to 4.1.6, but the work on this standard hasn't passed the committee draft stage, notes Beasley, who predicts that the final document won't be published until sometime in 2018, the last year of the transition to ISO 13485:2016.

For a deeper dive into the third edition of ISO 13485, MedTech Review has archived a series of six webinars hosted by consultant Egan Cobbold, recently retired Health Canada Quality Systems Officer. They are available for purchase individually or as a series.

About the Author(s)

Norbert Sparrow

Editor in chief of PlasticsToday since 2015, Norbert Sparrow has more than 30 years of editorial experience in business-to-business media. He studied journalism at the Centre Universitaire d'Etudes du Journalisme in Strasbourg, France, where he earned a master's degree.


Sign up for the PlasticsToday NewsFeed newsletter.

You May Also Like