Key Changes

 Emphasis upon global ‘Regulatory Requirements’

 Requirements for ‘Risk Management’ throughout
the Quality Management System
 Requirements providing clarity for ‘Design,
Validation, and Verification Activities’
 Improving ‘Supplier Control’ Processes
 Requirements for improved ‘Feedback Processes’
 Requirements providing clarity for ‘Software
Validation’
 Requirements for ‘Identification & Traceability’

Regulatory
Requirements:
 Emphasis for
organisations to meet
customer and
applicable regulatory
requirements for
safety & performance.
 Manufacturers
required to assess the
ISO 13485:2016 Medical Device Quality Management impact of regulatory
System requirements, on their
activities.
Background  Demonstrate communication with regulatory
ISO 13485 sets out the criteria for medical device quality authorities according to applicable regulatory
management systems. It can be used by medical devices requirements.
manufacturers, suppliers or any organization that can benefit  Evaluate impact of a product design change and
in implementing the standard. The recently revised standard, its impact to ‘applicable regulatory requirements’.
published in March 1, 2016, is based on a number of quality
management principles focusing on how companies should Risk Management
manage risk-based decisions related to purchasing, design,  Documentation of one or more processes for risk
development, manufacturing, production control activities management of product realisation activities.
and other aspects of quality management systems.  Risk Management outputs to be evaluated as a
result of any product design changes.
Structure and Terminology  Documented evaluation of Risk Management
 ISO13485:2016 - Structured to meet the using data from feedback process.
requirements for a medical devices QMS for:
 Manufacturers Design Activities
 Service Providers (outsourced  Design & Development, planning and review must
processes) be documented throughout design process.
 Ensures that key stakeholders in medical device  Design & Development outputs must be traceable
industry demonstrate their compliance to to their respective inputs.
regulatory requirements.  Resources during Design & Development
 Structured to cover the whole life-cycle of a processes must be documented, including
medical device including design and development, competency of personnel involved.
production, storage and distribution, installation,
servicing and final decommissioning and disposal. Validation Activities
 Acceptance criteria, statistical techniques and
ISO 13485:2016 structure sample sizes used during validations must be
1. Scope documented.
2. Normative References  Confirmation of product’s application with other
3. Terms & Definitions medical devices (if applicable), must be confirmed
4. Quality Management System during validation.
5. Management Responsibility  Software shall be validated proportionate to it’s
6. Resource Management application in the process potential risk to the
7. Product Realisation product.
8. Measurement, Analysis & Improvement  Results, conclusions and actions arising from
validations shall be documented.
*Note: The new version of ISO 13485:2016 does not follow the Annex SL
structure (such as that of ISO 9001:2015) as some of the new elements in the
Annex SL are deemed not appropriate as regulatory requirements.
Supplier Control
 Documented ‘Agreement’ to be in place between
organisation and supplier for notification of
changes.
 Purchased product verification to be based on
supplier evaluation data and to be proportionate to
risk associated with purchased product.
 Changes to purchased product must be evaluated
for impact to product realisation and medical
device.

Feedback
 Methods for obtaining feedback must be
documented.
 Data to support feedback must be derived from
production and post-production activities.
 Feedback to serve as input to risk management,
product realisation and improvement processes.
 Detailed and specific requirements for complaint
handling

Identification and Traceability

 Product status to be identified throughout product
realisation process.
 A system to assign Unique Device Identification
(UDI), shall be documented.
 Specific requirements included for records of
traceability for implantable medical devices.

Summary
 Scope of ISO 13485:2016 expanded to include all
stakeholder roles within the medical product /
device lifecycle e.g. Manufacturer, Distributor,
Importer.
 ISO 13485:2016 requires organisations to adopt a
risk based approach to the management of its
Quality Management and Product Realisation
systems.
 Increased emphasis within ISO 13485:2016 for
organisations to meet regulatory requirements.