Surprisingly, this is a real and topical question. At every MedDev or MedTech oriented exhibition this is the off-stage topic, actually more like the main grippe session. The 2016 ISO version requires a lot more emphasis on risk management and embedding risk management into the quality system processes. But really there are two issues in play with respect to the implementation of ISO13485: 2016.
The transition from ISO13485:2003 to 13485:2016
The first reactions were typical such as “argh!”, “Another update to the Standards”,” Sure, there has not been "updates" since 2003, but do we really need this?”, “Won’t those bureaucrats ever retire!” and “How much additional work is this going to that have not been in the plan?” …I’ll reserve these issues for a follow-up article.
The second and more sinister issue is, didn’t they fire a bunch of NBs (Notified Bodies) last year, reducing their numbers and thereby making it much more difficult and expensive for the smaller companies to find a NB who will approve their ISO13485:2016 “upgrade”?
Yep, they did. Fired about ½ of them. The problem is as bad as now many countries no longer even have one NB, making language and affordability a real concern.
The issue facing the MedTech startup today is that even if they wanted to switch to 13485:2016, they won’t be able to, as NBs are “following” the big bucks and focus primarily on getting the big players updated by the deadline. Fair? Nope. Will it be costlier? Yep. Will you be able to get it on time? Likely not…
The problem is further compounded by the fact that many of the remaining NBs are, as of today, not even certified to certify applicant companies for 2016 – i.e. the certifiers still need to be certified before you can be certified.
Now enter the MedTech Startup, who much like university students (and some are…), is likely going to wait until the last minute to cram for an exam and then update to 2016 – they are going to put the pain off for as long as possible -thinking 2019 is still a distant future.
The deadlines for ISO13485:2016 are as follows:
- Organizations have 3 years (starting in March 2016) to transition from ISO 13485:2003 to ISO 13485:2016.
- In the first two years, both accreditations are available for organizations.
- After the second year, only ISO 13485:2016 accreditation will be given (less than 1 year to go).
- And after the third year, ISO 13485:2003 will not be valid.
This means the end of the world is March 1st, 2019.
Time for A Fresh Look at Your Certification?
So, in the face of this perfect storm, what to do?
On the one hand, only a few NBs are able to currently certified for 2016, but if you are in a position to go for it, then you should go for it now.
For companies looking to make the move from 2003 to 2016, starting your move now and booking your “compliance slot” with an NB is a good idea. Be prepared to be disappointed and to pay a bit more. But better to pay now than wait until reservations are at a premium.
There is the possibility that more NBs will come online and certainly, more will be certified to certify for 2016. This could help, but this is still a risk.
Should ISO extend the deadline by 1 year? Sure. Will they? Not yet. Should they do it now? No. Any decision now will only push the crowd out, because why do something timely when you can wait.
“Essentially, ISO 13485:2016 is very similar
to FDA-QSR 21 CFR 820.”
These are the unpleasant facts, but there is a more strategic reason to do it now – essentially, ISO 13485:2016 is very similar to FDA-QSR 21 CFR 820.
So, for strategic market positioning, the best time to bite the bullet is now, get it over with and at the same time, if you have not already, implement applicable FDA’s QSR. Let’s face it America is still a big market.
And for those of us already focused on FDA, this ISO is pretty familiar. And if you really want to make it that much simpler, use a product like qmsWrapper, a project and quality management system that does both – NOW!
What is brilliant about qmsWrapper, is that it has implemented both the ISO 13485:2016 and the equivalent FDA QSR’s for Class I, Class II and DeNovo, and Class I, Class IIa and IIb requirements into the QMS processes. Completing one is done to the standard of both. If the FDA requires more detail, then it is added to the ISO process as well. Really, that’s a small, insignificant price to pay to do compliance, being compliant with 2 standards by satisfying and joining the same and similar requirements. This dual approach can turn even the newbie QMS manager, into a compliance hero.
Such an approach will very likely assure you of going to the head of the line as NBs will see you as ready and so less of a burden to their resources, meaning they could more easily plug-into their schedule. In the worst-case scenario, you’d be ISO pending, but FDA compliant.
And is that really a bad thing?
In the next article, I’ll take a closer look at the similarities between ISO 13485:2016 and FDA QSRs.