ISO 13485 requires that OEMs control outsourced process validation via clause 7.4 purchasing controls. Important clauses of ISO 13485 establishing this are:
a) Clause 1 reminding us that processes (such as process validation) required by ISO 13485 that are applicable to the organization, but not performed by the organization, are still the responsibility of the organization and are to be accounted for in the organization's QMS by monitoring, maintaining,
and controlling such processes; and
b) Clause 4.1.5 requiring that if an organization outsources any process (e.g., manufacturing, process validation, or other process) that affects product conformity to requirements, then the organization must ultimately "retain responsibility" for the corresponding ISO 13485 conformity in accordance with clause 7.4.
Remember also a semantical, yet important, aspect: ISO 13485 provides for "exclusion" of requirements only with respect to design and development controls, and only when an applicable regulatory requirement permits such an exclusion. In contrast, ISO 13485 provides for "non-applicability" with respect to the basic nature of the device (e.g., ISO 13485's sterile device requirements are not applicable for a non-sterile device) or due to activities not undertaken by (i.e., not required of) the organization.
In the context of outsourced process validation, this final bit about activities not undertaken can I suppose be subject to interpretation. Yet the requirements I mentioned in points (a) and (b) remain in force regardless, thus rendering such differences moot. To assure clarity on this with respect to outsourced process validation, I recommend that organizations keep clause 7.5.6 applicable. Then in the Quality Manual and/or in a process validation SOP, first acknowledge the organization's general obligations [points (a) and (b)] above, and then state that outsourced process validation will be controlled via clause 7.4 purchasing controls and a corresponding written quality agreement.
Hope this helps.
------------------------------
Kevin Randall, ASQ CQA, RAC (U.S., Europe, Canada)
Principal Consultant
Ridgway, CO
United States
© Copyright 2021 by ComplianceAcuity, Inc. All rights reserved.
------------------------------
Original Message:
Sent: 28-Jun-2021 11:33
From: Anonymous Member
Subject: ISO 13485 exclusion - Validation of processes
This message was posted by a user wishing to remain anonymous
Greetings -
I have a question pertaining to ISO 13485 exclusions, specifically regarding clause 7.5.6 Validation of processes for production and service provision.
My company currently employs contract manufacturers to build our class I products. Since we do not manufacture on-site, the company excluded ISO 13485 clause 7.5.6. However, during a recent re-certification audit, the auditor noted that while we do not manufacture, we are responsible for the manufacturing process, which includes process validation. Note, the contract manufacturers do conduct process validations that would be applicable to our products. Therefore, the auditor noted we cannot exclude clause 7.5.6 from our QMS.
I do understand the auditor's logic, but is this correct? If so, what supporting language may I utilize to get executive management on board with revising our exclusions as I'm encountering a lot of resistance.
Thank you.