ISO 13485 provides quality management system (QMS) guidelines for the production of safe and effective medical devices, but it’s easy to get tripped up.
Jon Speer, Greenlight Guru
ISO does not publish reports on manufacturer violations found during audits, making it difficult to learn from others’ mistakes. Here are the four most common mistakes that manufacturers make in their attempts to comply with ISO 13485.
Treating processes as checkboxes
Oftentimes, contract manufacturers will achieve their ISO 13485 certification as a competitive advantage to secure business, instead of doing it because they believe in the benefits of the framework. ISO 13485 activities are not just “checkboxes,” or must-do items for compliance.
Implementing ISO 13485 should involve a holistic approach with an emphasis on quality from the outset. The process should promote a culture of quality across the entire organization that extends beyond the initial execution of the standard’s processes.
Companies that adopt a quality-first mindset when implementing ISO 13485 will find it as a value-add exercise, rather than just an effort to comply with regulations.
Many companies have ineffective CAPA processes that can cause mistakes to snowball. It’s critical to fully understand the differences between “corrective action” and “preventive action.” According to ISO 13485, a corrective action eliminates the cause of nonconformities in order to prevent a recurrence. A preventive action eliminates the causes of potential nonconformities in order to prevent their occurrence.
CAPA overload can quickly occur when a company’s poor processes inhibit the ability to eliminate and prevent nonconformities, or the company is overburdened by managing excess CAPA events.
Auditors are likely to dig deeply into a company’s CAPA processes to gain a better understanding of how root causes were identified. ISO auditors are also interested in the efficiency of your QMS processes. Effective CAPA procedures within your QMS are one of the first things an auditor looks at and considers in their findings. Don’t skip this important step!
Management reviews are required under ISO 13485 and FDA 21 CFR Part 820 to ensure companies are properly executing and following procedures. Companies often make mistakes during implementation due to the amount of time and paperwork involved.
Management teams often see reviews as a last-minute checkbox activity. This pressure of feeling “under the gun” only compounds the work needed to be done, creating unnecessary stress. Section 5.6.2 of the standard offers a list of things companies should consider during management reviews:
- Results of audits.
- Customer feedback.
- Process performance.
- Product conformance.
- Status of corrective and preventive actions.
- Follow-up to previous reviews.
- New regulatory requirements.
- Changes that could affect quality systems.
Ineffective systems make it challenging to keep information up-to-date, and records may be easily lost. This leads to poor management reviews that reinforce a poor quality culture within an organization. Effective management reviews are opportunities to assess how your QMS and internal processes are functioning, in order to be proactive and control CAPA management.
ISO 13485:2016 frequently mentions risk-based processes, encouraging companies to assess risk after completing a process or task. This, too, is often carried out as a checkbox activity.
Companies should document each risk assessment with its corresponding risk management file to be managed and scored. This is a process that cannot be done in haste.
When managing supplier risk, risk-based processes should be directly proportional to the supplier’s role with your device. One effective way is to assess how the component interacts with patients. The more contact it has with patients, the higher the risk score it should receive.
A risk-based approach is also critical for handling complaints. Without one, your processes can become cumbersome and lead to the CAPA overload scenario.
Prevention is key
Manufacturers can avoid common pitfalls associated with ISO 13485 by using their QMS to bring safe, effective medical devices to market. This is the overall intended purpose of the standard.
A focus on quality can help manufacturers achieve and maintain compliance as a natural byproduct. Reinforced by an effective QMS, valuable insights can be gained to prevent issues from happening later.
Jon Speer is founder and VP of quality assurance and regulatory affairs at quality management software company Greenlight Guru. A graduate of the Rose-Hulman Institute of Technology, he has more than 20 years of medical device experience, including product development, project management, quality and regulatory affairs.
The opinions expressed in this blog post are the author’s only and do not necessarily reflect those of Medical Design and Outsourcing or its employees.