ISO 13485:2016 incorporates significant changes to quality management systems requirements for medical devices. The most significant changes pertain to added requirements:
• document management
• management review
• human resources
• work environment and contamination control
• record keeping
• communication with regulatory authorities
• consideration of many aspects of design and development
Other changes include more explicit detail related to the nature of the organization covered by ISO 13485 and the life-cycle stages covered. The newest version requires the application of a “risk based approach to the control of the appropriate processes. It calls out requirements related to changes to processes and adds new requirements related to validation of the application of computer software used in the quality management system. The standard also addresses new requirements to protect confidential health information.
Table A.1 in the standard provides an outline of changes in this edition of this International Standard (ISO 13485:2016) compared with the previous edition (ISO 13485:2003). The structural relationship between ISO 13485:2016 and ISO 9001:2015 is outlined in Annex B.
ISO 13485:2016 is a quality management system that can be used by an organization involved in one or more stages of the life-cycle of a medical device, including:
• design and development
• storage and distribution
• servicing and final decommissioning and disposal of medical devices
• design and development
• provision of associated activities (e.g., technical support)
The requirements in this International Standard can also be used by suppliers or other external parties providing product (e.g. raw materials, components, subassemblies, medical devices, sterilization services, calibration services, distribution services, maintenance services) to such organizations. The supplier or external party can voluntarily choose to conform to the requirements of this International Standard or can be required by contract to conform.
Several jurisdictions have regulatory requirements for the application of quality management systems by organizations with a variety of roles in the supply chain for medical devices. Consequently, this International Standard expects that the organization:
• identifies its role(s) under applicable regulatory requirements
• identifies the regulatory requirements that apply to its activities under these roles
• incorporates these applicable regulatory requirements within its quality management system
This International Standard can also be used by internal and external parties including certification bodies to assess the organization’s ability to meet customer and regulatory requirements applicable to the quality management system and the organization’s own requirements.