ISO 13485:2003 |
ISO 13485:1996 |
Major Changes |
| 0.1 General |
- |
Reference to use by registrars, clarified status of Notes, a strategic decisiong |
|
0.2 Process approach |
4.2.3 Quality Planning |
Specifies use of a management system based on interacting processes |
| 0.3 Relationship with other standards |
- |
New, refers to ISO/TS 14969 to guide application of ISO 13485:2003 |
| 0.4 Compatibility with other management systems |
- |
New, clarifies that existing management system may be adapted to ISO 13485 |
| 1.1 General |
- |
New, ISO 13485:2003 does not conform to ISO 9001:2000 |
|
1.2 Application |
1 |
Permissible to excludes parts of clause 7 if not needed & permitted by regulations |
|
2 Normative reference |
2 |
New definitions with ISO 9000:2000 |
|
3 Terms and definitions |
3 |
Broader definition of medical device from the Global Harmonization Task Force |
|
4.1 General requirements |
4.2.1 |
Show sequence and interaction of processes needed in QMS (see 4.2.2c) |
|
4.2.1 General documentation requirements |
4.2.1, 4.5.1 |
Must include documentation specified by regulations (was a guidance Note!) |
|
4.2.2 Quality manual |
4.2.1 |
See 4.1 above, must also include scope of system and justify any exclusions |
|
4.2.3 Control of documents |
4.5 |
Must indicate where changes have been made in revised documents |
|
4.2.4 Control of quality records |
4.16 |
Records are now documents! Does not mention records from subcontractors |
|
5.1 Management commitment |
4.1, 4.1.2.2, 4.2.1 |
Evidence of top management commitment now specified in detail |
|
5.2 Customer focus |
4.3.2, 4.4.4 |
Customer needs are explicit drivers of the realization processes (clause 7) |
|
5.3 Quality policy |
4.1.1 |
More prescriptive on content. Policy (and objectives) are controlled documents |
|
5.4.1 Quality objectives |
4.1.1, 4.2.1 |
Objectives required for functions, levels & products - not for system or processes |
|
5.4.2 Quality management system planning |
4.2.3, 4.1.3 |
Now includes planning improvements of QMS effectiveness and of changes |
|
5.5.1 Responsibility and authority |
4.1.2, 4.1.2.1 |
Onus on interrelationships (instead of on employee feedback of problems) |
|
5.5.2 Management representative |
4.1.2.3 |
Must also ensure employee awareness of customer requirements & regulations |
| 5.5.3 Internal communication |
- |
New requirement |
|
5.6.1 General |
4.1.3 |
Consider adequacy of QMS to meet new and revised regulatory requirements |
|
5.6.2 Review input |
4.1.3 |
More prescriptive on review agenda |
|
5.6.3 Review output |
4.1.3 |
More prescriptive on output |
|
6.1 Provision of resources |
4.1.2.2 |
None |
| 6.2.1 General |
4.1.2.2, 4.2.3, 4.18 |
Documented procedure not specified, competence now explicitly required |
| 6.2.2 Competence, awareness and training |
4.1.2.2, 4.18 |
Assess effectiveness of training and other actions, awareness required |
| 6.3 Infrastructure |
4.1.2.2, 4.9b |
From "adequate" to "as necessary to achieve product conformity" |
| 6.4 Work environment |
4.9 (Particular b) |
Extends beyond scope of "production, installation and servicing" |
| 7.1 Planning of product realization |
4.2.3, 4.9, 4.10, 4.15, 4.19 |
Must document production risk (e.g. FMEA) management requirements and records |
|
7.2.1 Determining requirements relating to the product |
4.3.2, 4.4.4 |
DPNS (see SUMMARY on page 3), make implied needs explicit requirements |
|
7.2.2 Review of requirements relating to the product |
4.3, 4.4.4 |
Must confirm any undocumented customer requirements with customer |
|
7.2.3 Customer communication |
4.3.2 |
New requirement includes communicating advisory notices |
|
7.3.1 Design and development planning |
4.4.2/3/6/7/8 |
More prescriptive on what must be covered in documented design plan |
|
7.3.2 Design and development inputs |
4.4.4 |
Must consider use of information from previous designs |
|
7.3.3 Design and development outputs |
4.4.5 |
Must keep records of design outputs (not just those issued to manufacturing) |
|
7.3.4 Design and development review |
4.4.6 |
Must identify any problems and record actions arising |
|
7.3.5 Design and development verification |
4.4.7 |
Any follow-up actions to be recorded |
|
7.3.6 Design and development validation |
4.4.8 |
Must validate before delivery or use of product and record any follow-up actions |
|
7.3.7 Control of design and development changes |
4.4.9 |
Must evaluate effect of changes on delivered product |
|
7.4.1 Purchasing process |
4.6 |
Must establish reselection criteria and conduct periodic supplier evaluations |
|
7.4.2 Purchasing information |
4.6.3, 4.8 |
Less prescriptive on drawing issue, more on qualifications of personnel |
|
7.4.3 Verification of purchased product |
4.6.4, 4.10.2
(4.10.2.3) |
None (except loss of explicit provision for recall after delayed receiving inspection) |
|
7.5.1.1 Production and service provision control |
4.9. 4.10.3, 4.19, 4.15.6 |
Conformance to procedures not specified (4.9c) |
|
7.5.1.2.1 Cleanliness and contamination control |
4.9 (Particular c) |
None |
|
7.5.1.2.2 Installation activities |
4.9 (Particular e) |
None |
|
7.5.1.2.3 Servicing activities |
4.19 |
None |
|
7.5.2.1 Validation of production & service processes - General |
4.9 (Particular f) |
Must establish re-validation requirements |
|
7.5.2.2 Particular requirements for sterile medical devices |
4.9 (last para.) |
Must establish documented procedures |
|
7.5.3.1 Identification |
4.8, 4.10.5, 4.12 |
Integration of verification status |
| 7.5.3.2.1 Traceability ¨C General |
4.8 |
None |
| 7.5.3.2.2 Requirements for active/implantable devices |
4.8, 4.15 |
None |
| 7.5.3.3 Status identification |
4.12 |
None |
| 7.5.4 Customer property |
4.7 |
DPNS, customer property can include confidential health information |
| 7.5.5 Preservation of product |
4.15 |
Organization is responsible for shipping damage, constituents, packaging design |
| 7.6 Control of monitoring and measuring devices |
4.11 |
Required to control only those devices that determine product quality |
| 8.1 General |
4.10, 4.17, 4.20 |
See Element 8 clauses below |
| 8.2.1 Feedback (from customers) |
|
Must monitor fulfillment of customer requirements |
| 8.2.2 Internal audit |
4.17 |
Use previous audits to schedule audits and audit conformity to ISO 13485 |
| 8.2.3 Monitoring and measurement of processes |
4.9d, 4.17, 4.20 |
DPNS, must monitor to verify effectiveness of all processes in system |
| 8.2.4.1 Monitoring and measurement of product. |
4.10 |
Customer release is now explicit, identify final release authority |
| 8.2.4.2 Requirements for active/implantable devices |
4.10 |
None |
| 8.3 Control of nonconforming product |
4.13 |
None |
| 8.4 Analysis of data |
4.14.3a, 4.20 |
Broader than 4.14.3a, now applies to whole system |
| 8.5.1 Continual improvement |
4.1.3 |
The adequacy and effectiveness of the system is to be improved continually |
| 8.5.2 Corrective action |
4.14.2 |
Whole (PDCA) process required in documented procedure |
| 8.5.3 Preventive action |
4.14.3 |
Whole (PDCA) process required in documented procedure |
|
SUMMARY
The most significant differences in ISO 13485:2003 are the requirements related to process analysis, measurable objectives and top managers showing their commitment to requirements.
Gone is 4.9c and any equivalent that allows managers to use auditors (or Registrars!) to enforce their documented procedures. This may increase demonstrations of commitment.
Quality planning (4.2.3) always required the organization to decide what processes are essential, what documented procedures are required and what controls to put in place.
Continual improvements to enhance customer satisfaction are not required but advisable to build and maintain customer loyalty.
DPNS = Documented Procedure Not Specified (but may be required by regulations or organization). |
