A Focus on Quality – The New ISO 13485:2016
This year’s publication of the ISO 13485:2016 has once again brought movement into the topic of quality management for medical devices. Even though the changes are not as severe as some thought they would be the stagnation with regard to the choice of structure comes as a bit of a surprise.
Whereas the structure of the previous DIN EN ISO 13485:2012 corresponded to that of the ISO 9001:2008, the new High Level Structure of the ISO:9001:2015 was not implemented in the new ISO 13485:2016. The growing influence of the US-American FDA’s 21 CFR, however, is even more apparent than before.
ISO and FDA
The give and take between the ISO standards and the FDA is best explained by comparing the prerequisites and chapters of these two governing publications. The matching chapters, for example, include traceability (FDA: CFR 820.65 -> ISO: chapter 7.5), training management (FDA: CFR 820.25 -> ISO: chapter 6.2), and document management (FDA: CFR 820.40 -> ISO: chapter 4.2), as well as gauge management (FDA: CFR 820.72 -> ISO: chapter 7.6), and supplier management (FDA: CFR 820.50 -> ISO: chapter 7.4). The FDA’s influence on the ISO standard becomes clearest when one looks at the changes in chapter 7.5.8 of the ISO standard. This chapter explicitly refers to the Unique Device Identification System (UDI) which is described in detail in the FDA’s 21 CFR Part 830 and is already in use.
Industry 4.0 and Digitalised Production
This fact along with a greater focus on topics such as software validation in the ISO 13485:2016 appear to underline the need for more digitalisation and data transparency in the international medical device business. Apart from the requests by governing bodies and standards, it is also the desire for Industry 4.0, cyber physical systems, and the internet of things (IoT) that is increasingly driving the degree of digitalisation in the quality management sector. In order to be fit for the future, there is no way around the application of powerful and fully integratable software solutions.
CAQ-Solutions for Quality Management
Today’s highly complex quality management requirements can no longer be mastered with pen & paper or MS Excel alone – sophisticated software solutions are becoming a necessity. This is where CAQ-systems like CAQ.Net® come into play. By fulfilling the requirements of areas such as document management, training management and gauge management as well as risk management, CAPA, and supplier management, CAQ.Net® provides everything that is needed for quality management and quality assurance in the medical device sector. It also fulfils the key requirements of the FDA’s 21 CFR Part 830 and chapter 7.5.8 of ISO 13485:2016 regarding UDI. In CAQ.Net® all UDI-relevant data is managed right at the master article record. This means that the information is always available in shape of an attribute and can be transferred directly to the FDA’s GUDID database. The software manages and tracks all procedures and reports that occur during the correspondence with the FDA, thereby allowing users to always have an overview of their data-transferal statuses and the status of each individual report.
Compliance Management with CAQ.Net
The individual management tools of CAQ.Net® can moreover be used for compliance management purposes. Compliance management encompasses the adherence to applicable laws and guidelines as well as a company’s own Codes of Conduct. The main goals of compliance management include minimizing risks and increasing efficiency and effectivity. Being able to prove compliance with the requirements of e.g. FDA, GMP, GLP, GCP, HACCP or ISO 13485:2016 is important for medical technology companies all around the globe.
The CAQ.Net® management tools that are used in the initial phases of compliance management include risk and document management. These are used for evaluating the risks of potential violations of applicable rules and devising processes that are to prevent said violations. Adherence to the rules is monitored and documented via self-audits with the audit management tool. Changes to regulations or the applicability of new regulations is monitored via the change control tool. The action and escalation management tool is used for consistently monitoring the status of regulation-relevant tasks. This interplay of CAQ.Net® modules shows, that those tools that are used for systematically monitoring and documenting the requirements of ISO 13485:2016 can also assist companies to uphold and document their adherence to their very own compliance culture.