In an increasingly regulated environment, such as the medical device industry, the implementation of a Quality Management System (QMS) is now a crucial issue to ensure compliance, especially with the ISO 13485 standard. Let’s discover (again) the key elements of this standard and the importance of defining a Quality Management System adapted to the specific needs of each company.
Brief overview of the ISO 13485 standard
ISO 13485, Medical Devices – Quality Management Systems – Requirements for Regulatory Purposes, is one of the international standards (e.g. like the IEC 62304 standard for medical device software), which specifies the requirements of a Quality Management System.
Based on the general criteria of ISO 9001:2000, ISO 13485 is a normative reference frame used to obtain the certification of a QMS at European level and it’s also a sine qua non condition for medical devices’ distribution across Europe and Canada.
This ISO standard can therefore be used by any type of organization involved at any point within the life cycle of medical device software, from design to development, to post-production maintenance and (re)selling.
Finally, ISO 13485 allows companies to define an approach that has multiple benefits: not only does it guarantee the quality and efficiency of processes, but it also proves the company’s commitment to a process of continuous improvement, which represents a credential of trust for customers and suppliers about the safety and reliability of the delivered products on the market.
What does a good Quality Management System (QMS) consist of?
A system adapted to the company’s reality
A Quality Management System (QMS) stems from a company’s set of policies, processes, activities, actors and also various tools whose purpose is to help an organization (or any other entity) to satisfy the requirements of all its stakeholders. Via the ISO 13485 standard, an organization proves its ability to consistently deliver effective and – more importantly – safe medical devices.
In most countries, Notified Bodies require the implementation of a QMS within companies operating in the medical device sector. However, the ISO 13485 regulation doesn’t define detailed requirements ; it is rather designed to encourage each organization involved to define their own requirements, depending on the specificities of their business and context.
In fact, it is fundamental that a Quality Management System reflects the company’s reality, which encompasses its culture, size and functioning as well as its managers and also developed products. This is actually how a Quality Management System can be truly effective! This way enterprises succeed in meeting their priorities more easily and ultimately achieve their objectives in terms of customer satisfaction and quality standards compliance.
The QMS according to the Deming wheel
The ISO 13485 standard stems from the ISO 9001 one, which is based on a “process approach”. Although there is no standardized management technique, companies often use the Deming wheel method (also known as “Plan, Do, Check, Act”). This is a recursive and rigorous quality approach based on 4 steps to be carried out sequentially (and therefore without any backtracking) in order to maximize the control and continuous improvement of both processes and developed products. Here is what the continuous improvement cycle consists of:
- Plan: define the system’s objectives, processes and resources needed to deliver results that meet requirements and identify/address risks and opportunities;
- Do: implement what has been planned;
- Check: monitor and measure the processes, products and services accomplished with respect to the requirements and planned activities as to report your results;
- Act: undertake actions to improve performance.
The 7 principles of Quality Management
A good Quality Management System is based on the following seven major principles or key success factors:
- 1. Customer focus: define, listen and satisfy customers’ needs and expectations.
- 2. Leadership: establish from the very beginning the strategy to reach your defined goals and give yourself the means to achieve them.
- 3. People’s engagement: find the appropriate way to encourage the involvement and commitment of teams, by valuing them.
- 4. Process approach: consider each company activity as an integral part of a broader process, reinforcing the efficiency and coherence of its functioning.
- 5. Continuous improvement: having a corporate culture focused on searching for improvement everywhere, at all levels of the organization.
- 6. Evidence-based decision-making: consider reliable data sources and define relevant key performance indicators (KPIs) that contribute to enhance decision-making.
- 7. Relationship management: ensuring that professional relationships are maintained with all third parties, such as suppliers, external providers and potential business partners.
The success of a quality management system implies that the policy that the company wishes to pursue – as well as the defined objectives resulting from it – are cristal clear from the outset. In fact, the QMS will depend on the managerial line of each company and, moreover, it will then rely on reference tools as to formalize and share any aspect of it within the organization.
Why should you implement a Quality Management System?
According to Gartner® – the world’s leading research and advisory firm in the field of advanced technology – the current dynamics related to the pandemic and the acceleration of the enterprises’ digitalization, as well as the regulatory framework, have revealed the flaws of a paper-based way of functioning; among other things, recurring compliance issues. Nowadays, giving oneself the means to capitalize on information in one single place as well as to improve the quality management system and remote auditing capabilities has become a major priority.
This is especially true when considering the medical sector – to put the focus back to the precise subject of this article. As you may guess, in this highly standardized industry, the performance, the quality and the safety of medical devices are actually of vital importance. The implementation of a quality management system becomes all the more crucial knowing that it is now a normative and legal requirement in many countries, both outside and inside Europe.
Specifically, ISO 13485 helps ensure that all organizations involved in the medical device software life cycle, at any level (i.e. design, development, delivery…) can easily:
- Optimize software project management at every stage,
- Improve team collaboration and productivity,
- Ensure data security on the long run, which means of any information inherent to the various projects thanks to a single digital repository for document management,
- Reduce potential anomalies and any issue that could influence the quality of deliverables through rigorous test management,
- Manage risks and requirements more effectively,
- Ensure full traceability to track any change made throughout the lifecycle of each medical device software,
- Prove compliance with legal and regulatory requirements as well as with customer and end-user needs more easily.
Ensuring the definition and implementation of an adapted Quality Management System (QMS) ultimately makes it possible to prepare and pass regular ISO 13485 compliance audits faster and easily. Also, it allows to obtain a certification of its QMS by a Notified Body – just in case it is required by the standard related to type of the medical device concerned.
Beyond the regulatory aspects, formalizing a quality management approach brings many other benefits to the company, such as: improving the organization’s image, optimizing both customers and stakeholders satisfaction, acquiring and/or reinforcing a competitive advantage in the market, etc.
What are the specific aspects of QMS in the medical device industry?
As an organization acting at some point in the lifecycle of medical device software – from design, to development, to installation and maintenance – it is now essential to rely on a Quality Management System as to demonstrate the effectiveness and safety of both the processes and the products delivered.
For medical device manufacturers, it is fundamental to adopt good practices in terms of quality management to ensure its high level of control, paying particular attention to the risk management system that has been further revised recently (ISO 13485:2016). If setting a QMS is nowadays essential to meet the conformity standards of the medical device industry, obtaining a certification for your quality management system is not a compulsory ISO 13485 requirement in case the product concerned is a class I medical device, which represents the least critical regulatory class.
By contrast, for all the other classes (IIa, IIb, III), medical device manufacturing companies must hold the ISO 13485 certificate as a proof of conformity. This certificate, which is valid for a maximum of three years from the date of issue, is used to specify the activities covered by the implemented Quality Management System and is also subject to annual inspections, in addition to the regular audits carried out by a Notified Body at least once every 5 years.
To conclude, the ultimate goal of the ISO 13485 standard is to ensure that each organization operating within the medical device industry provides a high level of control over the quality, reliability and safety of both the processes and the software (and therefore the products delivered), this way meeting any regulatory and customer requirements.