Regulatory Open Forum

 View Only
Reg Intel Conference 2024
Back to discussions
Expand all | Collapse all

ISO Certificate Backlog?

  • 1.  ISO Certificate Backlog?

    This message was posted by a user wishing to remain anonymous
    Posted 20-May-2019 09:24
    This message was posted by a user wishing to remain anonymous

    ​Is anyone else having trouble receiving an ISO 13485 certificate?
    We passed the audit months ago, our previous certificate has expired, and they just keep telling us the certification office will issue the new certificate as soon as they complete their review. I don't see how it could possibly take them this long -- in past years they've always been prompt. I don't really want to try starting over with a new NB at this point, but this is ridiculous, and we're losing business.


  • 2.  RE: ISO Certificate Backlog?

    This message was posted by a user wishing to remain anonymous
    Posted 20-May-2019 12:24
    This message was posted by a user wishing to remain anonymous

    Ditto here. 

    We seem to be in a perpetual administrative backlog. We had a new sterilization vendor "approved" months ago, but still are waiting to see the DE cert updated for some products. Just waiting for that little line that gets added to the table in the end that states "Addition of a new sterilization vendor..." and a new issue date for the cert. I don't understand why it is taking so long. If we wait much longer we are at risk of losing business. Now if only that was the only thing we have been waiting for...
    Original Message


  • 3.  RE: ISO Certificate Backlog?

    This message was posted by a user wishing to remain anonymous
    Posted 21-May-2019 14:52
    This message was posted by a user wishing to remain anonymous

    Here too

    It took 9 months after we passed our 13485 certification audit for us to finally receive our certificate.  The NBs are slammed and understaffed!
    Original Message


  • 4.  RE: ISO Certificate Backlog?

    Posted 21-May-2019 10:13
    You may see the same issue with any other Notified Body, at least ones who are certified for MDSAP, ISO 13485:2016, and plan to be certified under MDR. Everything seems to be taking much longer now...

    ------------------------------
    Corey Jaseph RAC
    Director of Regulatory Affairs
    South Jordan UT
    United States
    ------------------------------

    Original Message


  • 5.  RE: ISO Certificate Backlog?

    This message was posted by a user wishing to remain anonymous
    Posted 22-May-2019 09:21
    This message was posted by a user wishing to remain anonymous

    ​Nine months is a very long time. Is it possible to keep selling? What can you say when the competent authorities or customers ask for the certificate?
    Original Message


  • 6.  RE: ISO Certificate Backlog?

    Posted 22-May-2019 14:30
    Yes, I have a current client I am consulting for and their ISO 13485:2016 upgrade audit was completed in September 2018.They just received their certificate last week. And yes, the ISO Registrar issuing the cert is also a MDSAP Auditing Organization and also a transitioning Notified Body for the MDR. Other clients of mine have also had months long waiting for any correspondence. I was at a training a few weeks ago with some of the VPs of notified bodies and it appears that with the perfect storm, particularly the EU MDR 2017/745 that they have bigger fish to fry. They will respond, so just be patient. Continue to ping them and keep track of the objective evidence of your attempts to contact them either via email / phone / snail mail or all of the above. That way at least you have some back up that you had been trying to reach them but with no responses, if that is part of the issue. Just based on my experience.

    ------------------------------
    Dallas Thomas RAC
    Regulatory Affairs Quality Management & Auditing Consultant for Medical Devices
    dallas@thomasregulatory.com
    Palm Beach Gardens FL
    United States
    ------------------------------

    Original Message


  • 7.  RE: ISO Certificate Backlog?

    Posted 25-May-2019 02:07
    Umm...as far as I know, you don't have to get ISO certification from a Notified Body.  If the NBs don't have currently have the resources for timely certification, perhaps other ISO 13485 Registrars do.

    ------------------------------
    Julie Omohundro, ex-RAC (US, GS), still an MBA
    Principal Consultant
    Class Three, LLC
    Mebane, North Carolina, USA
    919-544-3366 (T)
    434-964-1614 (C)
    julie@class3devices.com
    ------------------------------

    Original Message


  • 8.  RE: ISO Certificate Backlog?

    Posted 25-May-2019 12:07
    I agree Julie. 



    Original Message


  • 9.  RE: ISO Certificate Backlog?

    Posted 27-May-2019 07:19
    Edited by Richard Vincins 27-May-2019 12:32
    Removed comments on this topic as too strong view on state of Notified Bodies at the moment.  I can say personally have seen too many instances of ISO certificates being issued by Notified Bodies months after audit was completed.  Stepped up too much on the soap box - so yea no other comments on MDSAP AOs either lol.

    ------------------------------
    Richard Vincins RAC
    Vice President Global Regulatory Affairs
    ------------------------------

    Original Message


  • 10.  RE: ISO Certificate Backlog?

    Posted 27-May-2019 09:30

    Thanks, Richard, you make very good points as well.

     

    And I do have clients using the NB as both ISO Registrar and for CE Marking, and I have others that choose to split these 2 activities out as separate entities. Especially now that MDR is ramping up, however, I have seen an uptick in the audits (both announced and unannounced) from the NBs where they are not also the ISO registrar of the client. They told us that in order to ensure compliance, they are not allowed to simply accept the ISO certificate from an accredited registrar but that it appears they need to verify independently, especially in the case of contract manufacturers.

     

    And yes, to your point, as always, since auditing is more subjective than people tend to believe, there is always variability based on which auditor will be auditing, regardless of the organization they are representing. I have had very good audits from NBs, and others that may not have been so value-added.

     

     

     

    Dallas L. Thomas, RAC, MHA, MPA, Certified Lead Auditor ISO 13485:2016

    Medical Device Regulatory, Quality, Compliance, and Auditing Consultant

    A close up of a sign Description generated with very high confidenceThomas Regulatory Resolutions (TRR)

    www.thomasregulatory.com

     

    ----------------------------------------------------------------------------------------

    This message (including any attachments) may contain confidential, proprietary, privileged and/or private information. The information is intended to be for the use of the individual or entity designated above. If you are not the intended recipient of this message, please notify the sender immediately, and delete the message and any attachments. Any disclosure, reproduction, distribution or other use of this message or any attachments by an individual or entity other than the intended recipient is prohibited.

     




    Original Message


  • 11.  RE: ISO Certificate Backlog?

    Posted 27-May-2019 12:20
    Edited by Julie Omohundro 27-May-2019 17:42
    I couldn't find "least burdensome" in MDR 2017/245.  Regardless, like Dallas, I'm aware of device companies that have secured ISO 13485 from a non-NB Registrar and CE certification from another, so I conclude it is not a hard requirement.  I also conclude that, as under the old regulations, anything that is not a hard requirement under the new regulations will be an NB "requirement," and therefore subject to business negotiation with the NB.

    Burden, like quality, is in the eye of the beholder.  In fact, burden is one type of quality when it comes to regulating and being regulated.

    There are a whole lot of markets that recognize ISO 13485, and now FDA may be headed that way as well. For the foreseeable future, if an NB is smart (and designated or still hoping to be), when a device company offers them an ISO 13485 certificate from another company, I think it will take it and say, "Thank you very much, we are already overloaded as it is."

    NBs do not (reliably) conduct quality system audits well?  Who knew. Oh, wait...everybody.  Shall we discuss FDA inspections now? Nah not today.  It's supposed to be a holiday over here, after all... :)

    ------------------------------
    Julie Omohundro, ex-RAC (US, GS), still an MBA
    Principal Consultant
    Class Three, LLC
    Mebane, North Carolina, USA
    919-544-3366 (T)
    434-964-1614 (C)
    julie@class3devices.com
    ------------------------------

    Original Message


  • 12.  RE: ISO Certificate Backlog?

    Posted 27-May-2019 12:29
    Oh, to be fair to the NBs (why not), I must add that, when a company tells you it has received no observations from its NB for the past three years, I would ask to see the documentation that supports that claim...

    ------------------------------
    Julie Omohundro, ex-RAC (US, GS), still an MBA
    Principal Consultant
    Class Three, LLC
    Mebane, North Carolina, USA
    919-544-3366 (T)
    434-964-1614 (C)
    julie@class3devices.com
    ------------------------------

    Original Message


  • 13.  RE: ISO Certificate Backlog?

    Posted 28-May-2019 10:07
    Oh, I am sure he has seen that evidence. This is a very common phenomenon. Followed by - "there are NB observations on nit-picky things but not significant thing." In one example I am aware of, the NB had nit-picky observations on the Quality Policy wording, but omitted for years the fact that the company in question had no process validations whatsoever.

    It all depends on the actual auditor from the NB - they vary greatly (even more than FDA inspectors). I've requested a number of particularly clueless ones to be removed from our account. I certainly have no interest in paying them to give our company a false sense of security.

    g-

    ------------------------------
    Ginger Glaser RAC
    Chief Technology Officer
    MN
    ------------------------------

    Original Message


  • 14.  RE: ISO Certificate Backlog?

    Posted 29-May-2019 07:47
    Totally agree Ginger about removing auditors who are not bringing value.  The next auditor (internal or external 3rd party) who does actually look and cite a non-conformance is at a disadvantage if the NB has not cited it.

    I think auditors who don't find something are not looking.   The significance of the finding may vary by an auditor's trigger points, but there is always something.   I tend to focus on process/testing and software validations and material controls. Must be because of my many years in quality.


    ------------------------------
    Ginger Cantor, MBA, RAC
    Founder/Principal Consultant
    Centaur Consulting LLC
    River Falls, Wisconsin 54022 USA
    715-307-1850
    centaurconsultingllc@gmail.com
    ------------------------------

    Original Message


  • 15.  RE: ISO Certificate Backlog?

    Posted 28-May-2019 12:39
    Just had to add that, in the course of looking at this question, I was reminded that the full title of ISO 13485 ends with "...for Regulatory Purposes," presumably as opposed to for actual Quality purposes.  They probably should have just called it the "Regulatory Compliance Management System" standard.  If you can squeak past a regulatory audit, you're fine, right?

    ------------------------------
    Julie Omohundro, ex-RAC (US, GS), still an MBA
    Principal Consultant
    Class Three, LLC
    Mebane, North Carolina, USA
    919-544-3366 (T)
    434-964-1614 (C)
    julie@class3devices.com
    ------------------------------

    Original Message


  • 16.  RE: ISO Certificate Backlog?

    Posted 29-May-2019 12:07
    It seems like there is a question if ISO 13485 (2016) is called out in the MDD or MDR.  It is physically not mentioned as all standards are part of the Harmonized List of Standards which only exists currently for the MDD.  EN ISO 13485:2016 is on the MDD Harmonized List of Standards.  It is expected that EN ISO 13485:2016 will also be Harmonized under the MDR once the Harmonization process is set-up and Harmonized standards are published in the OJEU but no one seems to really know when that will happen.  Note, there are lots of references to a Quality Management requirement in the MDR (about 50 references) so having a NB accept a different registrars EN ISO 13485:2016 certificate can be problematic.  Also, see Annex IX (Conformity Assessment: QMS & Technical Documentation) of the MDR, 3.4 which states "The notified body shall randomly perform at least once every five years unannounced audits on the site of the manufacturer and, where appropriate, of the manufacturer's suppliers and/or subcontractors...".  So, if a critical manufacturer is identified they are to be audited at least on an unannounced audit but I believe NBs are asking to audit some critical suppliers more often than that.

    Hope this clarifies some information that was missing in the discussion so far.

    ------------------------------
    Leonard (Leo) Eisner, P.E.
    The "IEC 60601 Guy"
    Principal Consultant, Eisner Safety Consultants
    Phone: (503) 244-6151
    Mobile: (503) 709-8328
    Email: Leo@EisnerSafety.com
    Website: www.EisnerSafety.com
    ------------------------------

    Original Message


  • 17.  RE: ISO Certificate Backlog?

    Posted 29-May-2019 16:07

    It is, in my opinion, unlikely that EN ISO 13485:2016 will be harmonized to MDR or IVDR. Instead CEN will issue a new version that, at some point will be harmonized.

    Today, the information for application to the MDR and the IVDR is in CEN/TR 17223:2018. This document starts with the requirements in Article 10 and maps it through the conformity assessment annexes to the clauses in ISO 13485:2016.

    The CEN website lists the 13485 standards and now includes one under preparation. I believe this will be the version with five annexes. There will be three for the directives and two for the regulations. This is the model for the upcoming ISO 14971:2019 as Ed Bills explained in a recent post.

    I expect the new version will likely be EN ISO 13485:2019, but it could be EN ISO 13485:2020.

    Also, there are two processes involved. In one CEN prepares a standard with the annexes. In the subsequent process some of the CEN standards become harmonized. For example, some standards harmonized to the MDD are obsolete and replaced by newer versions of CEN standards. I'm advising my clients that they need to use the latest CEN (and CENELEC) standards for MDR planning not the MDD harmonized standard. I anticipate that when the EU launches the MDR harmonization process they will start with the latest CEN standards, not the MDD harmonized standards.



    ------------------------------
    Dan O'Leary CQA, CQE
    Swanzey NH
    United States
    ------------------------------

    Original Message


  • 18.  RE: ISO Certificate Backlog?

    Posted 29-May-2019 16:38
    Agree with Dan O's comments about CEN.  Most EU NBs currently are expecting 'State of the art' standards as noted in MDD Essential Requirements Annex I.  Many of the 'state of the art' standards are ahead of the Harmonized Standards List currently, especially in the EN 60601 series.  The MDR has the same text 'state of the art' at the end of clause 1 of Annex I, General Safety & Performance Requirements.  So, I would expect that the current 'state of the art' standards which CEN and CENELEC approve but do not publish (the EU countries publish thru their National Standards Body) is what the EU NBs would expect until the MDR Harmonized Standards are published in the OJEU (who knows when that may happen - A working crystal ball would sure help in this chaotic process).

    ------------------------------
    Leonard (Leo) Eisner, P.E.
    The "IEC 60601 Guy"
    Principal Consultant, Eisner Safety Consultants
    Phone: (503) 244-6151
    Mobile: (503) 709-8328
    Email: Leo@EisnerSafety.com
    Website: www.EisnerSafety.com
    ------------------------------

    Original Message


Related Content