What is the difference between ISO 13485:2016 and ISO 9001

Overview

ISO 9001:2015 was released in September 2015, and many expected the new ISO 13485 to be based upon this new ISO 9001 standard. But the work on ISO 13485 had gone on for a long time and it was almost ready for publication when ISO 9001:2015 was released. Therefore, a decision was taken to continue to release the ISO 13485:2016 based on the obsolescent ISO 9001:2008 standard. How this impacts on organizations will be discussed in another article.

As a result, ISO 13485:2016 has been published as a standalone standard to specify the requirements for medical devices and the text no longer highlights how these requirements relate to the 9001:2008 standard.

The main differences between ISO 13485:2016 and ISO 9001: 2008 are in 5 key areas:

  1. Product specific
  2. Regulatory
  3. Documentation
  4. Customer satisfaction
  5. Continual improvement

The following text provide a summary of the key differences. For a complete description of the requirements of ISO 13485:2016 refer to the Standard, which contains an explanation of the differences with the ISO 9001:2008 standard (Annex B).

1.    Product specific

The medical device industry is subject to rigorous and stringent controls due to the application of the product(s). This is reflected in the ISO 13485:2016 standard with the following inclusions, which are not covered in the ISO 9001:2008 standard:

  1. Medical device terminology (3)
  2. Work environment – training and supervision of staff working in special conditions, and the prevention of contamination (6.4)
  3. Document processes for risk management in product realisation (7.1)
  4. Communication of advisory notes (7.2.3)
  5. Clinical, or performance, evaluation, as part of design and development validation, in line with regulatory requirements (7.3.7)
  6. Cleanliness of products or contamination control (7.5.2)
  7. Status of product with respect to monitoring and measurement (7.5.8)
  8. Customer property (7.5.10), which includes confidential health information (4.2.5)
  9. Nonconforming product – authorised personnel must be identified, concessions must meet regulatory requirements, and the adverse effect of rework must be determined (8.3)

2.    Regulatory requirements

The intent of the standard is to facilitate the harmonisation of quality management system regulations around the world. Meeting product regulation requirements is also a key element of this standard, as the aim is to develop safe products which have an effective performance. Reference to regulatory requirements is mentioned throughout. Each organisation must make itself familiar with current regulations, both national and international, and make sure that these regulations are communicated to all staff. Organizations are audited against these regulatory requirements (4.1.3 e).

3.    Documentation

The requirements for documents, documented procedures and records are far more onerous in ISO 13485:2016 than in ISO 9001: 2008.

Documentation requirements include:

  • A medical device file (4.2.3) for each type or family of which states:
    1. General description
    2. Product specification
    3. Manufacturing processes
    4. Installation processes
    5. Servicing processes
  • Quality manual shall also define the structure of documentation within the QMS (4.2.2)
  • Retention of obsolete controlled documents (4.2.4) is required for the lifetime of product or as specified by regulatory requirements
  • Responsibilities and authorities must be documented in addition to being defined and communicated, and interrelation of personnel must also be documented (5.5.1)
  • Maintenance activities (6.3) which affect product quality
  • Health, cleanliness, clothing and contamination (6.4)
  • Communication (7.2.3) with customers in relation to:
    1. Customer feedback and complaints: Customer complaints, including authorisation when corrective and/or preventive action are not taken. Complaints must be investigated, and if no action taken, a justification of why must be documented (8.2.2)
    2. Advisory notes (7.2.3)
  • Traceability of purchased product, including documents and records (7.4.2)
  • Numerous additional requirements for production and service provision (7.5):
    1. Documentation of procedures and methods for control (7.5.1)
    2. Qualification of infrastructure (7.5.1)
    3. Document requirements for cleanliness or contamination control of product (7.5.2)
    4. Installation activities (7.5.3), including verification
    5. Servicing activities (7.5.4)
    6. Maintain records for each sterilization batch (7.5.5)
    7. Document procedures for validation of computer software (7.5.6)
    8. Validation of sterilisation (7.5.7)
    9. Product identification including returns (7.5.8)
    10. Traceability (7.5.9)
      • Document procedures for traceability (7.5.9.1)
      • Records for Implantable medical devices (7.5.9.2) to include components, materials and work environment conditions
      • Record Identity of personnel performing inspection (8.2.6)
    11. Preserving conformity of product (including constituent parts and product requiring special storage conditions (7.5.11)
  • Control of monitoring and measuring devices (7.6) including validation of computer software that impacts product conformity
  • Feedback system of early warning (8.2.1) of quality problems
  • Procedure for notification to regulatory authorities reporting adverse events of issue of advisory notices (8.2.3)

4.    Customer Satisfaction

ISO 9001: 2008 requires customer satisfaction and customer perceptions to be monitored and measured. In 13485:2016, the requirement is to monitor information to demonstrate that customer requirements have been met (8.2.1).

5.    Continual Improvement

Continual improvement of the QMS is a requirement of ISO 9001: 2008. The ISO 13485:2016 improvement requirement is to maintain the continued suitability and effectiveness of the QMS (8.5.1).