ISO 13485:2016

Johnathon Bis
VP Healthcare Solutions - Sales
BSI Healthcare

Copyright © 2014 BSI. All rights reserved.

1 - Current - EN ISO 13485:2012
2 - ISO 9001:2015 Update
3 - ISO 13485:2016
4 - Key additions for ISO 13485:2016
5 - Potential Timings

Copyright © 2014 BSI. All rights reserved. 2

EN ISO 13485:2012

Copyright © 2014 BSI. All rights reserved. 3

What is the difference?

• The current • The previous • Changes within

ISO 13485:2003

EN ISO 13485:2003

EN ISO 13485:2012
International version of the Foreword &
Standard European Annex Zs only
Harmonised • No change to
Standard requirements
(Normative
Text)
• Obsolete as of
• Annex Z’s to
30 August provide greater
2012 clarity on
applicability &
alignment with
AIMDD, MDD &
IVDD

Copyright © 2014 BSI. All rights reserved. 4

Example

EN ISO 13485:2012
Annex ZB

Relationship between
Annex II of 93/42/EEC and
clauses of ISO 13485

Copyright © 2014 BSI. All rights reserved. 5

ISO 9001:2015

Copyright © 2014 BSI. All rights reserved. 6

What’s next?

Copyright © 2014 BSI. All rights reserved. 7

3/15/2016
New ISO Management Systems High Level Structure
• New and revised ISO MS Standards now using
ISO Annex SL: A standard for standard writers

• Provides a 10 clause high-level structure and

common text

• Standardises terminology for fundamental

Management System requirements

• Follows the Plan → Do → Check → Act (PDCA)

principle

Copyright © 2014 BSI. All rights reserved. 8

New
ISO 9001:2015

10 Clause
Structure

Copyright © 2014 BSI. All rights reserved. 9

The Future

Copyright © 2014 BSI. All rights reserved. 10

ISO 13485:2016
Published February 26, 2016

Copyright © 2014 BSI. All rights reserved. 11

ISO 13485:2016 – What’s New?

• Many additions

• Some new requirements

• Some expansion & clarification

• Increased clarity of
interrelationship between clauses
and requirements

Copyright © 2014 BSI. All rights reserved. 12

Overall Numbering of Clauses
•Due to the inclusion of several new clauses, several sub-
clauses have been re-numbered. Although the content may
not have changed, the sub-clause reference may have
changed. This presentation covers changes to content, not
every sub-clause re-number.
•In order to work with the MDSAP program of determining
levels of non-conformance grading*, the clauses and sub-
clauses required formatting

* See GHTF Document SG3 N19

Copyright © 2014 BSI. All rights reserved. 13

Regulatory Requirements

ISO 13485:2003 FDIS ISO 13485:2016

“Regulatory requirements”

Appears 9 times* Appears 37 times*

* Within Normative Requirements, i.e. Clauses: 4 - 8

Copyright © 2014 BSI. All rights reserved. 14

Objectives and scope

ISO 13485:2003 ISO 13485:2016

Objectives Facilitate harmonization Facilitate global alignment

Scope & Role Organizations provide Medical
devices and related services
Organizations can be involved in one or more
stages of the life-cycle including the design
and development, production, storage and
distribution, installation, or servicing of a
medical device and the design and
development or provision of associated
activities (e.g. technical support). This
International Standard can also be used by
suppliers or external parties that provide
product including quality management
system-related services to such organizations.

Copyright © 2014 BSI. All rights reserved. 15

Definitions
ISO 13485:2003 ISO 13485:2016

3.7 Definition Active implantable medical device Advisory notice

（8 19） Active medical device Clinical evaluation
Complaint
Advisory notice
Distributor
Customer complaint Implantable medical device
Implantable medical device Importer
Labelling Labelling
Medical Device Life cycle
Sterile medical device Manufacturer
Medical device
Medical device family
Performance evaluation
Post market surveillance
Purchased product
Risk
Risk management
Sterile barrier system
Sterile medical device

Copyright © 2014 BSI. All rights reserved. 16

Changes to Clause Numbering

• Due to the inclusion of several new clauses,

several sub-clauses have been re-numbered.

• This presentation covers changes to content,

not every sub-clause re-number.

• In order to work with Medical Device Single

Audit Program (MDSAP) levels of non-
conformance grading, the clauses and sub-
clauses required formatting
* See GHTF Document SG3 N19

Copyright © 2014 BSI. All rights reserved. 17

4 – Quality Management System
4.1 - 2 4.1.3 - 5 4.1.6 4.2
General General General Documentation
Requirements requirements Requirements Requirements

Records to
+ Document
meet Medical Device
role(s)
regulatory + Requirement File
undertaken by
requirements. to validate the
organization + Detailed list
Change control computer
under of items (a-f)
regulatory software used that shall be
requirements for QMS prior included to
For outsourced to initial use &
+ Risk based meet
processes after changes
approach to regulatory
control based
control QMS requirements
on risk and
processes ability

Copyright © 2014 BSI. All rights reserved. 18

5 – Management Responsibility
5 5.5.1 5.5.2 5.6
General Responsibility Management Management
requirements & Authority representative review

Procedures
required,
Top mgmt Focus on document
shall awareness of planned
Increased DOCUMENT quality intervals
emphasis on the management
regulatory system and the
interrelation removal of
requirements of all + More bullet
customer
personnel requirements points for
who.... from bullet c) inputs, new
bullet for
outputs

Copyright © 2014 BSI. All rights reserved. 19

6 – Resource Management

6.2 6.2 6.3

Human resources Human resources Infrastructure

+ Maintain
competency
+ Prevent product
Shall document the + NOTE mix up, ensure
processes for Methodology used orderly handling;
establishing to check Maintenance of
competence, effectiveness to be equipment applies to
providing training, proportionate to risk production, control
and ensuring associated with of work env, monitor
awareness work for which and measurement.
training or other
action is provided.

Copyright © 2014 BSI. All rights reserved. 20

6.4 – Work environment and contamination control

6.4.1 6.4.2
Work environment Contamination control

For sterile medical devices, the

organization shall document
Adds documentation
requirements for control of
requirements, competence for
contamination with micro-
temporary work, NOTE refers
organisms or particulate matter
to ISO 14644 and ISO 14698
and maintain the required
for further information
cleanliness during assembly or
packaging processes.

Copyright © 2014 BSI. All rights reserved. 21

7 – Product Realization
7.2.1 7.2.2
7.1 7.2.3
Determination Review of
Planning of product
of product product
realization Communication
requirements requirements
+ applicable
+ Documented
regulatory + The
processes for risk
+ Any user requirements organization
management
training needed are met shall
+ Required planning for to ensure communicate
+ any user
verification, validation, specified with regulatory
training
monitoring, performance authorities in
identified in
measurement, and safe use of accordance
accordance
inspection, test the medical with applicable
with 7.2.1 is
activities, handling, device regulatory
available or
storage, distribution, & requirements
planned to be
traceability
available…

Copyright © 2014 BSI. All rights reserved. 22

7 – Product Realization (continued)
7.3.2 7.3.6 & 7 7.3.6 & 7
7.3.3 - 5
Design & Design & Design &
D & D Inputs,
development development development
outputs, review
planning V/V V/V

V/V of device
Requirement to interfaces. All
+ List of items document: the
to document: Inputs + Usability, validation
V/V plan, the activity must
+ Traceability standards, ability methods of
to verify/validate be conducted
of outputs to V/V, criteria for
inputs Review + specific acceptance,
on
record rationale for representative
+ Resources product or
including requirements sample sizes.
Connections documented
competence equivalent
and interfaces
devices

Copyright © 2014 BSI. All rights reserved. 23

7 – Product Realization (continued)
7.3.9
7.3.8 7.3.10
Design and
Design & Design and
development
development transfer development files
changes

New sub-clause
Was 7.3.7 – more + Shall maintain a D&D
detail added. Link to file for each medical
risk management device type or family.
New sub-clause and product This file shall include or
realization added. reference records
Procedures required Detail regarding generated to
determining demonstrate conformity
significance of to the requirements for
change added. D&D and records for
D&D changes

Copyright © 2014 BSI. All rights reserved. 24

7 – Product Realization (continued)
7.4.2 7.4.3
7.4.1
Purchasing Verification of
Purchasing
information purchased product

Criteria for evaluation

+ Purchasing
and selection of
information to
suppliers includes + Extent of
include, as
performance and risk. verification based on
applicable product
Supplier performance risk/supplier
specifications.
monitoring as part of evaluation and link
Suppliers to agree to
re-evaluation process, to change control
prior notification of
additional record
changes
requirements

Copyright © 2014 BSI. All rights reserved. 25

7 – Product Realization (continued)
7.5.2
7.5.1 7.5.3
Cleanliness & 7.5.4
Control of production Installation
& service provision contamination activities Servicing activities
control

Production and service Servicing activity

provisions must be records must be
monitored and Similar to 2003 analyzed to
controlled as well as requirements, adds Similar to
2003 determine if the
planned and carried contamination issue is a complaint
out to ensure product control requirements
or must be utilized
conforms to as an improvement
specifications input

Copyright © 2014 BSI. All rights reserved. 26

7 – Product Realization (continued)
7.5.6 7.5.7
Validation of processes for 7.5.8 Validation of
production and service Identification sterilization and sterile
provision barriers

+ UDI where required

+ Validate processes where + Added sterile
by national or regional
output cannot be or IS NOT barriers
regulations
verified, + need for procedures,
+ Validation required
+ Use appropriate statistical
prior to
techniques, rationale for
implementation,
sample sizes, approval of
+ Requirement for changes
changes, and validation of
procedures for + Document results,
software after any changes,
separation of returned conclusions, actions
risk based
products from
conforming product

Copyright © 2014 BSI. All rights reserved. 27

7 – Product Realization (continued)
7.5.10 7.5.11 7.6 Control of
7.5.9 monitoring and
Customer Preservation of measuring
Traceability
property product equipment
Specific reference Requirements for
to packaging and the validation of
shipping the application of
containers, other computer
measures software used for
Consistent with monitoring and
Similar to 2003
7.5.4 of current measurement of
version
document requirements
added to this
+ Distribution is clause. Risk
specified based approach
required.

Copyright © 2014 BSI. All rights reserved. 28

8 – Measurement, Analysis and Improvement
8.2.2 and 8.2.3
8.2
Complaint handling & Reporting
Monitoring and measurement
to regulatory authorities

New Clauses

+ Feedback procedures, input Requires procedures for timely

to risk management and complaint handling,
improvement process. Clause investigation, regulatory
strengthened. notification and more
Procedures for reporting to
regulatory authorities regarding
complaints are required

Copyright © 2014 BSI. All rights reserved. 29

8 – Measurement, Analysis and Improvement
8.2.6
8.3 8.5.2 & 8.5.3
Monitoring and
Control of non Corrective & Preventive
measurement of
conforming product action
product

+ details in respect of Verifying that CAPA

+ Test equipment controls, concessions, does not have an
shall be identified as records. Clause adverse effect,
appropriate restructured actions to be taken
without undue delay

Copyright © 2014 BSI. All rights reserved. 30

Areas of Increased Emphasis ISO
13485
Feedback
3rd
Outsourced Edition
Processes &
Validation, Supplier
Verification & Control
Design
Risk Transfer
Management

Regulatory Improved
Requirements
linkage of
clauses

Copyright © 2014 BSI. All rights reserved. 31

ISO 13485:2016 Annexes
Annex A
• Comparison of content between ISO 13485:2003 and ISO 13485:2016

Annex B
• Correspondence between ISO 13485:2016 and ISO 9001:2015

European Annexes ZA (AIMD), ZB (MDD) and ZC (IVD)

• Identifies relationship between the European Standard (EN ISO 13485:2016?)
and Conformity Assessment Requirements of the respective EU Medical
Device Directives via each conformity assessment route for each directive

Copyright © 2014 BSI. All rights reserved. 32

ISO 13485:2016 Annexes
Annex A

• Comparison of content
between ISO 13485:2003
and ISO 13485:2016

• List of ‘Comments on
change compared with
ISO 13485:2003’

Copyright © 2014 BSI. All rights reserved. 33

ISO 13485:2016 Annexes
Annex B

• Comparison of content
between ISO 13485:2016
and ISO 9001:2015

• Top level clause mapping

Copyright © 2014 BSI. All rights reserved. 34

ISO 13485:2016 Annexes
European Annexes ZA (AIMD), ZB (MDD) and ZC (IVD)
• Identifies relationship between the European Standard (EN ISO 13485:2016?)
and Conformity Assessment Requirements of the respective EU Medical
Device Directives via each conformity assessment route for each directive

Copyright © 2014 BSI. All rights reserved. 35

Timings

Copyright © 2014 BSI. All rights reserved. 36

ISO 13485:2016 – Timings

ISO European Cease issue of End of 3 year

March – June 2016

28 February 2018
25 February 2016

28 February 2019
13485:2016 Harmonization ISO transition
published ?? 13485:2003
Certificates
BS EN ISO
13485:2016 NOTE: Draft
published guidance - No
new ISO
13485:2003
3 year certificates
transition issued in final
period now year of
started transition

Copyright © 2014 BSI. All rights reserved. 37

Is additional assessment time required?
Early or Late Transition?
• Additional assessment time will be needed
• Early transition by reassessment + limited additional assessment
time
Gradual Transition Over Assessment Cycle
• Transition over at least 2 visits
• Limited additional assessment time is required
• Probably 0.5 - 2 days additional assessment per site: Dependant on
employee numbers, products, processes, activities, scope and
complexity

Note: The above is subject to confirmation of acceptance by

relevant Accreditation Bodies
Copyright © 2014 BSI. All rights reserved. 38
Global Picture
• ISO 13485 & ISO 9001 Revisions

• Europe - New MDR / IVDR

• MDSAP Pilot - US, Canada, Brazil,

Australia + Japan from 1 February
2016 & Europe watching carefully

• Japanese Requirement (JPMD Act)

Copyright © 2014 BSI. All rights reserved. 39

What can you do now?
1. Study the standard (FDIS or when published)
2. Consider gap analysis of current QMS Vs. new requirements
3. Prepare initial transition plan, with timescales
4. Factor any additional resources & costs into budgets
5. Review staff awareness / knowledge and determine training
required
6. Compile project / implementation plan
7. Discuss top–level plan and timescales with BSI Client
Manager
8. Look out for additional help, information and resources

Copyright © 2014 BSI. All rights reserved. 40

 BSI Resources

• e-Updates
• Webinars & Recordings
• White Papers
• Frequently Asked Questions
- Coming Soon

bsigroup.com/ISO13485
revision

Copyright © 2014 BSI. All rights reserved. 41

Questions

Copyright © 2014 BSI. All rights reserved. 42

Thank you

Name: Johnathon Bis

Title: VP Healthcare Solutions - Sales, BSI Healthcare
BSI America, 12950 Worldgate Drive, Suite 800, Herndon VA
Address: 20170
Telephone: 571-393-4337
Email: Johnathon.bis@bsigroup.com
Links: www.bsigroup.com

Copyright © 2014 BSI. All rights reserved. 43