In an increasingly regulated environment, such as the medical device industry, the implementation of a rigorous quality process, the so called Quality Management System (QMS), is now a crucial issue to ensure compliance, especially with the ISO 13485 standard. Let’s discover (again) the key elements of this quality standard and the importance of defining a Quality Management System adapted to the specific needs of each company. 

Brief overview of the ISO 13485 standard

ISO 13485, Medical Devices – Quality Management Systems – Requirements for Regulatory Purposes, is one of the international standards (e.g. the IEC 62304 standard for medical device software), which specifies the requirements of a Quality Management System. Based on the general criteria of ISO 9001:2000, ISO 13485 is a normative reference frame used to obtain the iso certification of a quality management system (qms) at the European level, and it’s also a sine qua non condition for medical devices’ distribution and selling to customers across Europe and Canada.

This iso standard can be used by any type of organization involved at any point throughout the entire lifecycle of medical device software, from design to development, to post-production maintenance and (re)selling.

Finally, ISO 13485 allows companies to define a system, an approach that has multiple benefits: not only does it guarantee the quality and efficiency of processes, but it also proves the business commitment to a process of continuous improvement, which represents a credential of trust for customers and suppliers about the safety and reliability of the delivered software product on the market.

Advices from Gartner® on why you should implement a QMS tool

In most countries, Notified Bodies require the implementation of a QMS within companies operating in the medical device sector. Note that the ISO 13485 standard is actually designed to encourage each organization involved to define their own requirements, depending on the specificities of their business and context. However, if it doesn’t define detailed requirements, it’s mandatory for medical software devices to try and upgrade their quality assurance system.

Giving the acceleration of innovation in the healthcare market, capitalizing on information in one single place as well as improving the quality management system and remote auditing capabilities has become a major priority for these newly cyber-physical companies. They can no longer rely on old-fashioned systems.

According to Gartner® – a company that delivers actionable, objective insight to executives and their teams – the dynamics related to the pandemic and the acceleration of the enterprises’ digitalization, as well as the regulatory framework, have revealed the flaws of a paper-based way of functioning: among other things, recurring compliance issues.

This is especially true when considering the medical device software sector. As you may guess, in this highly standardized industry, the performancequality, and safety of medical devices are actually of vital importance. The implementation of a Quality Management System (qms) becomes all the more crucial knowing that it is now a normative and legal requirement in many countries, both across Europe and abroad.

Quality Management System

What are the specific aspects of QMS in the medical device industry?

As an organization acting at some point in the lifecycle of medical device software – from design to development, to installation and maintenance – it is now essential to rely on a Quality Management System (qms) to prove the effectiveness and safety of both the processes and the products delivered.

For medical device manufacturers, it is fundamental to adopt good practices in terms of quality management to ensure high levels of control, paying particular attention to the risk management system that has been recently further revised (ISO 13485:2016). If setting a QMS is nowadays essential to meet the conformity standards of the medical device industry, obtaining an iso certification for your quality management system is not a compulsory requirement according to the ISO 13485 standard; this is the case if the product concerned is a security class I medical device, which represents the least critical regulatory class.

By contrast, for all the other classes (IIa, IIb, III), medical device manufacturing companies must hold the ISO 13485 certificate as a proof of conformity. This iso certificate, which is valid for a maximum of three years from the issue date, is used to specify the activities covered by the implemented Quality Management System and is also subject to annual inspections, in addition to the regular conformity audits carried out by a Notified Body at least once every 5 years.

QMS benefits for the medical device software lifecycle

Specifically, the ISO 13485 standard helps ensure that all organizations involved in the medical device software lifecycle, at any level (i.e. design, development, delivery, maintenance…) can easily:

  • Optimize software project management at any level,
  • Improve team collaboration and productivity,
  • Ensure data security on the long run, which means security of any information inherent to the various projects thanks to a single digital repository for document management and control,
  • Reduce potential anomalies and any issue that could influence the quality of deliverables through rigorous Test Management,
  • Manage risks and requirements more effectively,
  • Ensure full traceability to track any changes throughout the lifecycle of each medical device software,
  • Prove software compliance with legal and regulatory requirements, as well as with customers’ and end-users’ needs, more easily.

Ensuring the definition and implementation of an adapted Quality Management System (QMS) ultimately makes it possible to prepare and pass regular ISO 13485 compliance audits more easily, faster. Also, it enables companies to obtain the QMS certification by a Notified Body – just in case it is absolutely required by a specific standard related to the type of medical device concerned.

Beyond all these regulatory aspects, formalizing a quality management process can bring so many other benefits to the business, such as: improving the organization’s image, optimizing both customers’ and stakeholders’ satisfaction, acquiring and/or reinforcing a competitive advantage in the market, etc.

To conclude, the ultimate goal of the ISO 13485 standard is to ensure that each organization operating within the medical device industry provides a high level of control over the quality, the reliability, and the safety of both the processes and the software (and therefore the products delivered), this way meeting any regulatory and customer requirements.

Read on