ISO 13485:2016 consulting and gap analysis
ANSWERED ON THIS PAGE:
- What are the deadlines for ISO 13485:2016 certification?
- How should we approach the transition to ISO 13485:2016?
- What are the biggest changes in ISO 13485:2016?
ISO 13485:2016 is the most recent update to the quality system standard specifically for medical device companies. You have until March 2019 to update your current ISO 13485 certificate to the new version.
But don't panic yet. There may be many differences between ISO 13485:2003/EN ISO 13485:2012 versions and the ISO 13485:2016 version—including an increased focus on risk management, supplier controls, and feedback mechanisms–that may seem daunting. But the changes are reasonably easy to implement with Emergo's help.
Download our free white paper about the differences between ISO 13485:2003 and ISO 13485:2016.
We'll help you upgrade to ISO 13485:2016
Our expert quality system consultants have a four-part method to help you transition to ISO 13485:2016, or implement a new system:
- Gap analysis audit - We evaluate your management system to determine your current level of compliance with ISO 13485:2016. If you already have ISO 13485 certification, you are probably 80% or more compliant with the new requirements. However, it's important to know where you stand. The gap analysis supports the development of a list of action items to adopt the new standard, also known as a quality plan.
- Quality plan - The quality plan is a documented list of tasks your organization must accomplish to comply with ISO 13485:2016. In addition, there is more emphasis on quality planning in the new standard, so this is an excellent way to get started! Our consultants develop a detailed quality plan tailored to your company.
- Risk-based approach - ISO 13485:2016 places much more emphasis on risk management. Our consultants evaluate your system to ensure your risk assessment and decision-making measures are as robust as possible.
- Pre-assessment audits - If you plan to complete the work necessary to upgrade in-house, Emergo can perform a pre-assessment audit several weeks prior to your Notified Body or Registrar certification audit. We can also conduct on-site ISO 13485:2016 training for your key employees to ensure ongoing compliance.
Act soon to maintain your current ISO 13485 certification
The deadline to comply seems far into the future, but there will be a surge of companies that want to recertify in 2018 or sooner. To avoid lengthy delays or a potential lapse in your certification, plan ahead. The number of Notified Bodies continues to shrink and demand for their services will grow. Failure to transition to the new standard may result in a suspended ISO certification, which could have dire consequences for your company. Plan ahead to beat the rush, and let us help you meet the new standard.
We are also transitioning our CE Certificate to the MDR. How should we coordinate our ISO recertification?
The answer to this question depends on several factors, including when your CE certificate expires and the status of your Notified Body. Download our free white paper about MDR transition timelines for more information about when you should start the transition process.
With the introduction of ISO 13485:2016, can we drop our ISO 9001 certification?
Each company must assess their needs with respect to this question. ISO 9001 certification is relevant to general or industrial products; ISO 13485 is relevant to medical devices. So, if a company markets both, ISO 13485:2016 would be required for marketing medical devices in several countries.
For EN ISO 13485, when should my QMS be updated to include Risk Management in all business processes?
Notified bodies are planning a 3-year transition. Therefore, your QMS should be updated during this transition period.
Does the standard outline the frequency of Risk Management Reviews? Is the frequency determined by the classification of the device and/or the discretion of the manufacturer?
There is no prescribed timeline for risk reviews. However, the frequency should enable you to maintain a robust risk process that meets your company's needs.
How should companies distinguish between vendors and suppliers who may impact quality (supplying parts/services related to the product) compared to those who may not (suppliers of office supplies, janitorial services, catering, etc.)? Does this change under ISO 13485:2016?
The distinguishing factor is handled through risk management activities. Therefore companies usually categorize their vendors with a rating system (e.g., 1-5, with 1 being those which are critical to quality and 5 being those not bearing on quality) and fit others in depending on their level of impact.
Can manufacturers still get ISO 13485:2003 certification? Or are we required to get an ISO 13485:2016 certificate?
All manufacturers must obtain an ISO 13485:2016 certificate by March 1, 2019 (if you sell in Canada, the Health Canada deadline is January 1, 2019). If your notified body will issue a 2003 certificate, technically you can pursue this certification route. However, you are still required to complete a full re-assessment and transition to the 2016 version before the deadline.
Within the UL family of companies we provide a broad portfolio of offerings to all the Medical Device industries. This includes certification, notified body and consultancy services In order to protect and prevent any conflict of interest, perception of conflict of interest and protection of both our Brand and our customers brands UL is unable to provide consultancy services to Notified Body or MDSAP customers. UL has processes in place to identify and manage any potential conflicts of interest and maintain impartiality. Read more about this.