Regulatory Open Forum

This message was posted by a user wishing to remain anonymous

Hi All,

We are outsourcing the design and development of a new medical device and we prefer to hire a contractor that maintain 13485 certification

The contractor that we are dealing with does not have ISO 13485 certification but claims they are CFR 820 and ISO compliant. They also told us that as a contract design and development company they are not required to maintain an ISO 13485 certification.

Does the statement from the contractor correct regarding with the ISO 13485 certification?

Please advise.

Hello Anon,

That is correct, there is no requirement a contract design and development company needs ISO 13485 certification.  In fact, no company is required to have ISO 13485 certification (except maybe those medical device manufacturers who want to sell into Canada under MDSAP).  ISO 13485 is "semi-voluntary" meaning companies falling under the scope of the standard can achieve certification or claim compliance.  If the company is claiming compliance, then it is up to the requesting company to confirm compliance, i.e. doing a supplier audit.  Achieving ISO 13485 certification gives an organisation the assurance processes are implemented and another party is auditing the system on a routine basis.  But this does not mean a company is fully compliant, because even ISO 13485 certified organisations can still have compliance issues.  ISO 13485 audits are sample and risk approach, so not everything would be examined.  If you want an organisation which has ISO 13485 certification to give reduce risk associated with the design and development process, then it would be sourcing one with ISO 13485 certification, understanding who the certification body is, accreditation, and maybe doing your own assessment.

------------------------------
Richard Vincins RAC
Vice President Global Regulatory Affairs
------------------------------

Original Message:
Sent: 07-Dec-2021 09:25
From: Anonymous Member
Subject: Contract Design and Development of Medical Device certification requirement

This message was posted by a user wishing to remain anonymous

Hi All,

We are outsourcing the design and development of a new medical device and we prefer to hire a contractor that maintain 13485 certification

The contractor that we are dealing with does not have ISO 13485 certification but claims they are CFR 820 and ISO compliant. They also told us that as a contract design and development company they are not required to maintain an ISO 13485 certification.

Does the statement from the contractor correct regarding with the ISO 13485 certification?

Please advise.