Originally posted on MedScrum.com. Visit for industry news and tips.
Get to Know ISO 13485:2003
If you only intend to commercialize your standalone medical device software in the US, believe it or not you don’t need to implement a 13485-certified Quality Management System. In fact ISO 13485 isn’t even officially recognized by FDA (though the Agency's launch of the ISO 13485 Voluntary Audit Report Submission Pilot Program back in 2012 suggests we'll see further harmonization down the road).
That said, you should still implement ISO 13485.
Elsewhere--as in, the rest of the world--ISO 13485 is more often than not used as a basis for demonstrating regulatory compliance. Health Canada is an example of a regulatory body that uses the standard for exactly this purpose. To comply with the Canadian Medical Devices Regulations, manufacturers of medical devices simply need to integrate a handful of Health Canada-specific requirements into their procedures and--voilà!--they're set as far as QMS readiness goes.
In Europe, you’ll find EN ISO 13485:2012. It follows ISO 13485 word-for-word. The one notable difference is that the European version of the standard contains a series of annexes that provide guidance on how medical device manufacturers should approach the regulations in a manner that will satisfy the requirements of Europe’s Medical Devices Directive (MDD). In many cases, a simple checklist demonstrating how each item in the annex has been fulfilled (similar to an Essential Requirements Checklist) will reassure EU Notified Bodies that the harmonized version of the standard has been met.
There are others, too, like Australia's Therapeutic Goods Administration, who recognize ISO 13485. But I think I've made my point.
FDA, as I've hinted, has its own framework—the Quality System Regulations (also known as 21 CFR Part 820)—which, to the Agency's credit, overlaps extensively with ISO 13485. This is owed to the fact that the FDA Regulations were harmonized with the 1996 version of the standard.
The main difference? Where ISO 13485 is flexible, FDA QSR is prescriptive. The prescriptive nature of FDA QSR isn't necessarily a bad thing, since it takes the guesswork out of how to fulfill a particular requirement. On the other hand, opportunities abound for deviating from the requirements and inviting non-conformities from FDA inspectors. Give and take I suppose.
At any rate, it is unlikely you plan to restrict your sales to the US. And I probably don’t need to explain to you the value ISO 13485 brings as far as attracting new business goes even if this were true. No matter the case, It’s in your best interest to start by implementing an ISO 13485-compliant QMS and augment it with any additional requirements that are unique to the regions wherein you wish to seek market clearance for your device. You might also want to check out ISOxpress if you're looking for a starting point. They offer 13485-compliant templates--procedures, forms and a manual--to simplify the process of setting up your own QMS. As a bonus, the templates already address FDA QSR requirements.
Ultimately, you need to get familiar with ISO 13485. Certifying your QMS to this standard is a no-brainer.
You’ll also need to follow these product standards if you want to navigate national regulatory approval processes with ease. I’ll discuss them in more detail in a future post.
No. 2: ISO 14971:2007 Medical devices – Application of risk management to medical devices (stay tuned!)
No. 3: ISO 62366:2007 Medical devices – Application of usability engineering to medical devices (stay tuned!)
No. 4: ISO 62304:2006 Medical device software – Software life cycle processes (stay tuned!)
No. 5: IEC/TR 80002-1:2009 Medical device software -- Part 1: Guidance on the application of ISO 14971 to medical device software (stay tuned!)
No. 6: NEMA PS 3.1 – 3.20, Digital Imaging and Communications in Medicine (DICOM)(2011) (stay tuned!)