ISO 13485:2016 – What’s New?

Short innovation cycles and a high level of regulation are typical for the medical device industry. In order to bring medical products to market, a variety of regulatory and statutory requirements have to be met. As a result of an ongoing tightening of these requirements, the newest ISO 13485 Standard has been released in 2016.

Generally, the ISO 13485 Standard regulates management systems in medical device producing or selling organizations. The 2016 released version is also applicable on subcontractors and organizations storing or installing medical devices, as well as offering technical support. In summary it can be said, that this version is applicable for all organizations who are involved in the life cycle of a medical device and need to prove the conformity to customer requirements and regulations. The ISO 13485 Standard is a key part, regulating the development and content of a management system for medical devices and contains a variety of requirements that will pose a challenge to certified organizations which have only three years to adopt the new standard.

The new requirements will pose a challenge to certified organizations

Version 2016 – Key Changes

The ISO 13485 Standard has its roots in the directives 90/385/EWG on active implantable medical devices, 93/42/EWG on medical devices and 98/79/EG on in vitro diagnostic medical devices released by the European Union and were transformed to national laws in all member countries of the EU. The aim of these directives is to undergo every medical device a conformity assessment to evaluate that producers of medical devices meet the requirements before the products are put into circulation. Depending on the risk for the patient, this conformity assessment can be conducted by the producer or by notified bodies in case of high risk for patients.

In comparison to the most popular management standard ISO 9001 which also contains requirements for management systems, the 2015 implemented “High Level Structure” has not been implemented for the ISO 13485:2016. Though, risk management has gained importance on both management standards. Another difference between the latest 9001 version and the latest 13485 version relates to the development of the medical devices. The ISO 9001 Standard is depending the degree of detail on the risk, whereas the  ISO 13485 Standard lists clear requirements. The topics development verification and development validation are newly added to the standard. While so far, the focus on risk was only product related, a risk-based approach is required for all processes in the organization. Also, the regulation of IT systems and their correct operation are described more detailed. Therefore, a software validation is necessary for electronic quality management systems. The management review which needs to be described in the quality manual, has been extended regarding its inputs and outcomes.