I couldn't find "least burdensome" in MDR 2017/245. Regardless, like Dallas, I'm aware of device companies that have secured ISO 13485 from a non-NB Registrar and CE certification from another, so I conclude it is not a hard requirement. I also conclude that, as under the old regulations, anything that is not a hard requirement under the new regulations will be an NB "requirement," and therefore subject to business negotiation with the NB.
Burden, like quality, is in the eye of the beholder. In fact, burden is one type of quality when it comes to regulating and being regulated.
There are a whole lot of markets that recognize ISO 13485, and now FDA may be headed that way as well. For the foreseeable future, if an NB is smart (and designated or still hoping to be), when a device company offers them an ISO 13485 certificate from another company, I think it will take it and say, "Thank you very much, we are already overloaded as it is."
NBs do not (reliably) conduct quality system audits well? Who knew. Oh, wait...everybody. Shall we discuss FDA inspections now? Nah not today. It's supposed to be a holiday over here, after all... :)
------------------------------
Julie Omohundro, ex-RAC (US, GS), still an MBA
Principal Consultant
Class Three, LLC
Mebane, North Carolina, USA
919-544-3366 (T)
434-964-1614 (C)
julie@class3devices.com------------------------------
Original Message:
Sent: 27-May-2019 07:19
From: Richard Vincins
Subject: ISO Certificate Backlog?
The reason you need an ISO Certificate for ISO 13485:2016 from a Notified Body is this is the least burdensome approach under Annex II/V of the MDD (and the other Directives) and least burdensome under Annex IX - XI of the MDR/IVDR. So yes, you can go get an ISO 13485 certificate from a Registrar, but then you need to convince your NB that your quality system ISO certificate is accepted by them. Which most do not ... why? They lost out on revenue stream.
However, I have a really serious problem with this because as long as the Registrar is an accredited under a formal and valid accreditation body, I have no idea why a NB should not accept the ISO certificate at face-value. Be serious ... even NB do not conduct quality system audits well. I have so many clients in Europe receiving a FDA inspection ending up with significant issues. These companies always say to me, 'We have no problems because in the last 3 years we have received no observations from our Notified Body audit.' Yet I go in to perform an internal audit and end up with 15 observations on the audit report - serious, major, critical observations on the audit report.
My own dream is that National Authorities in these Member States would step in, accreditation body like IAF would step in, and tell NB they are doing a bad job. Think about it ... a company that is auditing quality management systems, can not even manage their own quality management system. Would any customer be acceptable with a quality metrics of certificate issuance averaging 8.7 months?!? Would you be ok getting a health and safety audit with them telling you need to wait 6 months for the results? It is sad really.
------------------------------
Richard Vincins RAC
Vice President Global Regulatory Affairs
Original Message:
Sent: 25-May-2019 12:07
From: Dallas Thomas
Subject: ISO Certificate Backlog?
I agree Julie.
Original Message------
Umm...as far as I know, you don't have to get ISO certification from a Notified Body. If the NBs don't have currently have the resources for timely certification, perhaps other ISO 13485 Registrars do.
------------------------------
Julie Omohundro, ex-RAC (US, GS), still an MBA
Principal Consultant
Class Three, LLC
Mebane, North Carolina, USA
919-544-3366 (T)
434-964-1614 (C)
julie@class3devices.com
------------------------------