In an increasingly regulated environment, such as the medical device industry, the implementation of a Quality Management System (QMS) is now a crucial issue to ensure compliance, especially with the ISO 13485 standard. Let’s discover (again) the key elements of this standard and the importance of defining a Quality Management System adapted to the specific needs of each company.

Brief overview of the ISO 13485 standard

ISO 13485, Medical Devices – Quality Management Systems – Requirements for Regulatory Purposes, is one of the international standards (e.g. the IEC 62304 standard for medical device software), which specifies the requirements of a Quality Management System. Based on the general criteria of ISO 9001:2000, ISO 13485 is a normative reference frame used to obtain the certification of a QMS at the European level, and it’s also a sine qua non condition for medical devices’ distribution across Europe and Canada.

This ISO standard can be used by any type of organization involved at any point in the lifecycle of medical device software, from design to development, to post-production maintenance and (re)selling.

Finally, ISO 13485 allows companies to define an approach that has multiple benefits: not only does it guarantee the quality and efficiency of processes, but it also proves the company’s commitment to a process of continuous improvement, which represents a credential of trust for customers and suppliers about the safety and reliability of the delivered products on the market.

Advices from Gartner® on why you should implement a QMS tool

In most countries, Notified Bodies require the implementation of a QMS within companies operating in the medical device sector. Note that the ISO 13485 standard is actually designed to encourage each organization involved to define their own requirements, depending on the specificities of their business and context. However, if it doesn’t define detailed requirements, it’s mandatory for medical software devices to try and upgrade their quality assurance system.

Giving the acceleration of innovation in the healthcare market, capitalizing on information in one single place as well as improving the quality management system and remote auditing capabilities has become a major priority for these newly cyber-physical companies. They can no longer rely on old-fashioned systems.

According to Gartner® – a company that delivers actionable, objective insight to executives and their teams – the current dynamics related to the pandemic and the acceleration of the enterprises’ digitalization, as well as the regulatory framework, have revealed the flaws of a paper-based way of functioning: among other things, recurring compliance issues.

This is especially true when considering the medical device sector. As you may guess, in this highly standardized industry, the performance, quality, and safety of medical devices are actually of vital importance. The implementation of a Quality Management System becomes all the more crucial knowing that it is now a normative and legal requirement in many countries, both outside and inside Europe.

Quality Management System

What are the specific aspects of QMS in the medical device industry?

As an organization acting at some point in the lifecycle of medical device software – from design to development, to installation and maintenance – it is now essential to rely on a Quality Management System to prove the effectiveness and safety of both the processes and the products delivered.

For medical device manufacturers, it is fundamental to adopt good practices in terms of quality management to ensure high levels of control, paying particular attention to the risk management system that has been recently further revised (ISO 13485:2016). If setting a QMS is nowadays essential to meet the conformity standards of the medical device industry, obtaining a certification for your quality management system is not a compulsory ISO 13485 requirement in case the product concerned is a class I medical device, which represents the least critical regulatory class.

By contrast, for all the other classes (IIa, IIb, III), medical device manufacturing companies must hold the ISO 13485 certificate as a proof of conformity. This certificate, which is valid for a maximum of three years from the issue date, is used to specify the activities covered by the implemented Quality Management System and is also subject to annual inspections, in addition to the regular audits carried out by a Notified Body at least once every 5 years.

QMS benefits for the medical device software lifecycle

Specifically, ISO 13485 helps ensure that all organizations involved in the medical device software lifecycle, at any level (i.e. design, development, delivery…) can easily:

  • Optimize software project management at any level,
  • Improve team collaboration and productivity,
  • Ensure data security on the long run, which means of any information inherent to the various projects thanks to a single digital repository for document management,
  • Reduce potential anomalies and any issue that could influence the quality of deliverables through rigorous Test Management,
  • Manage risks and requirements more effectively,
  • Ensure full traceability to track any changes throughout the lifecycle of each medical device software,
  • Prove compliance with legal and regulatory requirements as well as with customer and end-user needs more easily.

Ensuring the definition and implementation of an adapted Quality Management System (QMS) ultimately makes it possible to prepare and pass regular ISO 13485 compliance audits more easily, faster. Also, it enables companies to obtain the QMS certification by a Notified Body – just in case it is absolutely required by a specific standard related to the type of medical device concerned.

Beyond all these regulatory aspects, formalizing a quality management approach can bring so many other benefits to the business, such as: improving the organization’s image, optimizing both customers’ and stakeholders’ satisfaction, acquiring and/or reinforcing a competitive advantage in the market, etc.

To conclude, the ultimate goal of the ISO 13485 standard is to ensure that each organization operating within the medical device industry provides a high level of control over the quality, the reliability, and the safety of both the processes and the software (and therefore the products delivered), this way meeting any regulatory and customer requirements.

Read on