DAkkS: The German Accreditation Body
The DAkkS, the German Accreditation Body, is Germany’s national accreditation authority.
ISO 13485 is a harmonized standard that formulates requirements for Quality Management (QM) or QM systems (QMS) of medical device manufacturers.
These manufacturers can use ISO 13485 to prove that they meet the MDR and IVDR legal requirements for a QM system. Even the FDA references ISO 13485 in its Quality System Management Regulations (21 CFR part 820).
Content
On this page, you will find links to articles that will help you set up, operate, and audit Quality Management Systems:
- Articles on the basics
- Articles on standard operating procedures
- Articles on inspections (audits and validations)
- Articles on further topics
- Support in setting up and improving QM systems
1. Articles on the basics
a) FAQ on quality management and ISO 13485
The FAQ on quality management systems and ISO 13485 is a valuable introduction and answers the following questions, among others:
- Who needs a QM system?
- Does the QM system have to meet the requirements of ISO 13485 or ISO 9001?
- In which cases must the QM system be certified according to ISO 13485?
- What do you have to do to obtain ISO 13485 certification?
- How long does ISO 13485 certification take, and how much does it cost?
- What is the path to ISO 13485 certification?
b) Standards
There are many standards and versions defining requirements for quality management:
- ISO 9001:2015 – Delta to ISO 13485:2016
- Update ISO 13485: The new 2021 version is here
- ISO 14969 or ISO 13485: Which standard do your auditors benefit from
Tip: Affordable download
You can find ISO 13485 as a PDF for download from the Estonian standardization organization, not free of charge but at a reasonable price.
c) QM manual
In contrast to ISO 9001, ISO 13485 requires organizations to have a QM manual. This manual must describe the quality objectives and quality policy.
The Quality Management Representative (QMR) usually maintains this manual.
2. Articles on standard operating procedures
a) General
ISO 13485 requires you to describe your processes and procedures. This is usually done with the help of standard operating procedures and work instructions, which, in turn, reference other specification documents such as templates, forms and checklists.
This article provides you with an overview of the necessary standard operating procedures. When writing these standard operating procedures, it is advisable to choose a risk-based approach.
Another article describes the differences between process orientation and process management.
b) Specific standard operating procedures
You will find further articles on specific standard operating procedures:
- Document control, document release, and retention periods
- Management review
- Corrective action and preventive action
- Handling measurement devices
- Control of suppliers, e.g., with Quality Assurance Agreements (QAA). Dealing with development service providers must also be regulated.
- Vigilance
- Post-market surveillance
c) Validation of procedures, processes, and tools
ISO 13485 insists on the validation of processes and tools. Please refer to the following articles:
- Process validation: Definition & example – What to look out for
- Computerized Systems Validation (CSV)
- ISO 80002-2: Validation of process software
- AAMI TIR 36: Validation of process software
- Tool validation in the development of medical devices
3. Articles on audits
The effectiveness of the QM system is checked as part of external audits by notified bodies and internal audits. The internal auditors are responsible for the latter.
Part of these audits must also include supplier audits. Furthermore, notified bodies are obliged to carry out unannounced manufacturer audits.
At least for the external audits, there are specifications regarding the audit duration. The Medical Device Single Audit Program (MDSAP) also determines requirements for the duration and subject matter of the audits. This enables manufacturers to prove that they meet the regulatory requirements for the QM system in many countries (EU, FDA, Australia, Japan, Brazil).
4. Articles on further topics
The following articles are also relevant for organizations that develop medical devices:
- Dealing with critical parts / devices / components
- Differences between design review and design review
5. Support with your QM system
Do you still have questions, for example about setting up your QM system? Then, take advantage of our free micro-consulting service.
The Johner Institute supports medical device manufacturers, their service providers, and laboratories in developing and continuously improving QM systems.
a) Training and further education
The seminars provide you with the necessary competence:
b) Help for self-help
The Medical Device University supports you in setting up your QM system. The program includes:
- Onboarding with an overview of the roadmap
- Video training
- Sample templates that you still need to adapt to your own situation
- Weekly sessions with experts who will answer your questions
c) Consulting and taking on roles
Benefit from the Johner Institute’s consultants! These …
- … create your QM system together with you or for you.
- … check your QM system and prepare it for audits (e.g., through mock audits).
- … act as your legal manufacturer.
- … take on the role of QM Representative(s).
Interested? Then, contact us right away.
Internal audits: Avoid the 7 most common mistakes
Internal audits are inspections of the quality management system (QM system) and its processes by the organization itself. This is why they are also called 1st party audits. ISO 13485 requires internal audits like its “sister standard,” ISO 9001, and other standards and regulations. Therefore, internal audits are also a subject of external audits and…
DetailsSupplier evaluation – supplier selection – supplier audits
The MDR and IVDR, as well as ISO 13485:2016, just like the FDA, set out clear requirements regarding supplier evaluation, supplier selection, and supplier monitoring. This article not only gives you an overview of the regulatory requirements. It also gives you tips on how to implement them and tells you when a supplier audit is necessary.
DetailsNIS-2 on cybersecurity: It’s probably affecting you!
The NIS-2 (Network and Information Security) Directive is a European directive (Directive (EU) 2022/2555) that sets minimum standards for cybersecurity within the EU. Does this directive also affect IVD and medical device manufacturers? If so, what does it require, and what should manufacturers do? This article provides answers.
DetailsMDSAP: Medical Device Single Audit Program
The Medical Device Single Audit Program (MDSAP) was initiated to satisfy a wish of many medical device manufacturers: To replace the various audits and inspections by authorities from different countries with one audit. Participating in the MDSAP shall suffice for verifying effectiveness and conformity of QM systems (e.g., with ISO 13485 or 21 CFR part 820). In…
DetailsAQL (Acceptable Quality Level) – When is good good enough?
AQL stands for Acceptable Quality Level and is sometimes translated as “permitted reject rate.” The AQL determines when a batch of parts or products is rejected or accepted based on a random sample inspection. However, auditors regularly no longer accept the AQL. What to do? This article provides answers.
Details21 CFR part 11: An over-interpreted law?
In 21 CFR part 11, the FDA establishes its requirements for electronic records and signatures, which also apply to medical device manufacturers. A lot of companies print everything out on paper and then sign it by hand to circumvent the requirements of part 11. Is this really necessary?
DetailsCAPA: Corrective and Preventive Actions
What MDR and IVDR confuse and why you should not talk about CAPA. The FDA (in 21 CFR part 820 – QSR) and ISO 13485 differentiate between Unfortunately, the MDR and IVDR do not clearly differentiate between these concepts. Some manufacturers also believe they can combine corrective and preventive actions into one single CAPA process. But…
DetailsQM document control: How many fail audits
Document control is a documented procedure that specifies how documents are created, reviewed, approved, labeled, distributed, and updated. Organizations certified according to ISO 9001 or ISO 13485 are obliged to document control.
DetailsQMSR: The end of 21 CFR part 820?
In 21 CFR part 820, the FDA formulates the requirements for the quality management systems of medical device manufacturers, among others. Thus, 21 CFR part 820 (Quality System Regulation QSR) is or was the counterpart to ISO 13485.
