Internal Audits: ISO 13485 conformity assessment

What are the benefits of working with a quality system under ISO 13485?

1. Allows the certification CE Marking of medical devices under Medical Device Regulation (EU) 2017/745, It is not a mandatory requirement but it makes it easier to achieve.
2. High credibility of your company: Prioritizing patient safety, the certification ensures the implementation of effective risk prevention strategies. Following ISO 13485:2016 product requirements, you minimize the possibility of reputational damage due to solution shortcomings.
3. Great competitive advantage: By meeting ISO requirements, companies striving to advance in the fast-growing healthcare industry can reach more users. Having a product development process based on ISO 13485:2016 equals matching high industry standards of quality and gaining a strong position in the market.
4. Increased customer satisfaction: In addition to enhanced safety and quality, ISO 13485:2016 focuses on customer satisfaction. From product design to software & hardware development, companies that follow ISO standard put the end-user goals first. Given that medical devices directly affect patients’ well-being, a focus on customers becomes vital. Your customers must be certain that you deliver on the intended purpose.
5. Protection against legal proceedings: Authorities are especially strict when it comes to healthcare regulations. The healthcare sphere is not about second chances, and government bodies need evidence of your complete dedication and conformity to specific standards. By incorporating ISO 13485:2016 requirements into your medical solution, you meet other regulations and fit within the medical products allowed on the market.

To whom does the ISO 13485 standard apply? This standard applies to manufacturers, distributors, importers and Authorized representatives of medical devices, and also to sterilization services for medical devices and technical assistance and maintenance services

Part 1: Why is it necessary to carry out internal audits of the quality system under ISO 13485?

1. Regulatory Compliance: Conducting conformity assessment ensures that a company´s QMS aligns with these regulatory requirements.
2. Product Quality: Implementing and assessing conformity to these standards enhances product quality, leading to greater customer satisfaction, fewer product recalls, and improved brans reputation.
3. Legal and Liability Protection: ISO 13485 Conformity Assessment is vital for medical device companies to meet regulatory requirements, ensure patient safety, maintain product quality, manage risks, access global markets, foster improvement, and protect against legal and liability issues.

Part 2: How the audit process is carried out:

1. Audit requirements _ Audit Plan: Firstly, an audit plan is carried out under ISO 13485, to take into account all the points regulated by the standard.
2. Collection of evidence and evaluation_ Audit activities : Subsequently, the activities of meetings with the company are carried out, evidence is collected according to the audit plan and it is evaluated whether the evidence collected is in accordance.
3. Audit findings_ Audit report: As a last step, non-conformities are described according to categories and points to improve in an audit report. Such nonconformities must be resolved by the company.

Part 3: What were the top 5 non-conformities as presented:

Number 1 – ISO 13485 Clause 7.1 – Planning of product realization including risk management

• Issue #1: Records of risk management not updated during life cycle of product.
• Issue #2: PMS data not feeding into Risk Management & Clinical Evaluation.
• Issue #3: Risk management process not aligned to ISO 14971:2019, including applicable Annex (e.g. ZA/ZB for EU Regs).
• Issue #4: No risk management process in place.

Key takeaway: Must ensure that you establish robust links to change management, PMS, and design inputs.

Number 2 – ISO 13485 Clause 8.2.4 – Internal audit

• Issue #1: Records of internal audits not complete (reports, plans, CAPAs).
• Issue #2: Risk-based approach not applied to planning of audits or Internal audit schedule not maintained.
• Issue #3: No timely follow-up of actions resulting from internal audits.
• Issue #4: No records of internal auditor competence to applicable regulation(s).
• Issue #5: Internal auditor not impartial.

Key takeaway: Must ensure that you can show evidence of a risk-based approach to internal audits, covering regulatory requirements, by trained auditors, and with timely follow-up.

Number 3 – ISO 13485 Clause 7.5.6 – Validation of processes for production and service provision

• Issue #1: Records of process validation and production software validation not maintained.
• Issue #2: Re-validation process not defined.
• Issue #3: Not utilizing a risk-based approach or defining statistical techniques/sample size rationales in validation activities.
• Issue #4: No demonstrable links to change management process.
• Issue #5: Equipment qualification records not held (especially installation and operational qualification for new equipment).

Key takeaway: Must ensure that you can demonstrate robust process links to change and risk management processes.

Number 4 – ISO 13485 Clause 8.2.6 – Monitoring and measurement of product

• Issue #1: Test/verification records not maintained.
• Issue #2: Acceptance criteria not defined or not aligned with design specification.
• Issue #3: Traceability to individuals performing tests.
• Issue #4: Monitoring and measuring of product process not defined & no demonstrable link to non-conforming product process.

Key takeaway: Must ensure that you have adequate monitoring and measuring for product conformity during manufacture and its conformity to design specification.

Number 5 – ISO 13485 Clause 7.5.1 – Control of production and service provision

• Issue #1: Incomplete or insufficiently completed batch release/production records.
• Issue #2: Inadequate monitoring and measuring during manufacturing process.
• Issue #3: No records of qualification of infrastructure.
• Issue #4: Insufficient documentation to ensure product conformity to specification.

Key takeaway: Must ensure that you can show sufficient control and records to demonstrate conformity to specification.

Conclusion: Reasons to outsource internal audits with Asphalion:

1. High Experience in Medical Devices
2. Highly qualified personnel
3. Independence of the company
4. Confidentiality
5. Cost optimization
6. Helps with the continuous improvement of the company

Internal Audits MedTech FLYER