Chapter 1: Setting up a Quality Management System
8
ISO 13485:2003 ISO 13485:2016
8.2 Monitoring and Measurement 8.2 Monitoring and Measurement
8.2.1 Feedback 8.2.1 Feedback
***8.2.2 Complaint Handling
***8.2.3 Reporting to Regulatory Authorities
8.2.2 Internal Audit 8.2.4 Internal Audit
8.2.3 Monitoring and Measurement of Processes 8.2.5 Monitoring and Measurement of Processes
8.2.4 Monitoring and Measurement of Product 8.2.6 Monitoring and Measurement of Product
8.2.4.1 General requirements ***
8.2.4.2 Particular requirement for active implantable devices
and implantable devices ***
8.3 Control of Nonconforming Product 8.3 Control of Nonconforming Product
***8.3.1 General
***
8.3.2 Actions in response to nonconforming product detected
before delivery
***
8.3.3 Actions in response to nonconforming product detected
after delivery
***8.3.4 Rework
8.4 Analysis of Data 8.4 Analysis of Data
8.5 Improvement 8.5 Improvement
8.5.1 General 8.5.1 General
8.5.2 Corrective Action 8.5.2 Corrective Action
8.5.3 Preventive Action 8.5.3 Preventive Action
Table 1-3. Comparison of ISO 13485:2003 and ISO 13485:2016 (cont.)
found in areas with a direct impact and therefore greater
risk (e.g., contamination control, design inputs and
outputs, validation, equipment installation and servicing).
Additional points would be given for repeat observations.
The standard has many additions, some new
requirements, some expansions and clarifications, and
provides increased clarity on the interrelationships
among clauses and requirements. There is an increased
focus on meeting regulatory requirements, and the defi-
nitions have expanded. Sub-clause numbering has been
changed to facilitate alignment with the MDSAP. Since
the MDSAP is built on multiple regulations from the
five participating countries, a manufacturer who com-
plies with the MDSAP automatically complies with the
regulations for the five participating countries.
National regulatory authorities, including FDA,
will have to consider how these ISO 13485 revisions
may affect their national regulatory schemes. Significant
changes to each auditable clause are summarized below.
QMS
Clause 4 now includes requirements for a risk-based
approach when developing QMS processes and docu-
menting organization roles, with regulatory implications
for those in the supply chain, such as manufacturers,
authorized representatives, importers or distributors.
There also are new requirements for keeping records to
demonstrate compliance with regulatory requirements
and for monitoring and controlling outsourced pro-
cesses commensurate with risk. Special requirements
for control over outsourced processes are provided in
8
ISO 13485:2003 ISO 13485:2016
8.2 Monitoring and Measurement 8.2 Monitoring and Measurement
8.2.1 Feedback 8.2.1 Feedback
***8.2.2 Complaint Handling
***8.2.3 Reporting to Regulatory Authorities
8.2.2 Internal Audit 8.2.4 Internal Audit
8.2.3 Monitoring and Measurement of Processes 8.2.5 Monitoring and Measurement of Processes
8.2.4 Monitoring and Measurement of Product 8.2.6 Monitoring and Measurement of Product
8.2.4.1 General requirements ***
8.2.4.2 Particular requirement for active implantable devices
and implantable devices ***
8.3 Control of Nonconforming Product 8.3 Control of Nonconforming Product
***8.3.1 General
***
8.3.2 Actions in response to nonconforming product detected
before delivery
***
8.3.3 Actions in response to nonconforming product detected
after delivery
***8.3.4 Rework
8.4 Analysis of Data 8.4 Analysis of Data
8.5 Improvement 8.5 Improvement
8.5.1 General 8.5.1 General
8.5.2 Corrective Action 8.5.2 Corrective Action
8.5.3 Preventive Action 8.5.3 Preventive Action
Table 1-3. Comparison of ISO 13485:2003 and ISO 13485:2016 (cont.)
found in areas with a direct impact and therefore greater
risk (e.g., contamination control, design inputs and
outputs, validation, equipment installation and servicing).
Additional points would be given for repeat observations.
The standard has many additions, some new
requirements, some expansions and clarifications, and
provides increased clarity on the interrelationships
among clauses and requirements. There is an increased
focus on meeting regulatory requirements, and the defi-
nitions have expanded. Sub-clause numbering has been
changed to facilitate alignment with the MDSAP. Since
the MDSAP is built on multiple regulations from the
five participating countries, a manufacturer who com-
plies with the MDSAP automatically complies with the
regulations for the five participating countries.
National regulatory authorities, including FDA,
will have to consider how these ISO 13485 revisions
may affect their national regulatory schemes. Significant
changes to each auditable clause are summarized below.
QMS
Clause 4 now includes requirements for a risk-based
approach when developing QMS processes and docu-
menting organization roles, with regulatory implications
for those in the supply chain, such as manufacturers,
authorized representatives, importers or distributors.
There also are new requirements for keeping records to
demonstrate compliance with regulatory requirements
and for monitoring and controlling outsourced pro-
cesses commensurate with risk. Special requirements
for control over outsourced processes are provided in