Chapter 1: Setting up a Quality Management System
10
• the resources needed for design and development,
including personnel competence
• design inputs that include usability requirements
and standards
• how design inputs are verified and validated,
including statistical techniques and rationales for
sample sizes
• design transfer and design change procedures
Clause 7.4 contains specific requirements on approving
(including planning and evaluating) and monitor-
ing suppliers and maintaining records a risk-based
approach is required (including the extent of purchased
product verification).
Clause 7.5 has a number of new requirements
and clarifications for implementing defined labeling
and packaging operations. Organizations must analyze
service records and document the statistical basis for
process validation, including sample size.
Processes that cannot be verified should be vali-
dated. Specific requirements for packaging validation
and planning and documentation are also included.
A Unique Device Identifier (UDI) system is specified
if required by relevant regulatory requirements. The
standard also contains specific requirements for device
packaging and product preservation during distribution.
Clause 7.6 includes addressing feedback for both
production and post-production information.
Measurement, Analysis and Improvement
Clause 8 has a feedback process requirement for risk
management and statistical analysis, tools and tech-
niques to determine the need for feedback data to be
escalated into CAPA. Clause 8.2 includes procedures to
document complaints, including both production and
post-production information. This clause also con-
tains further details on minimum complaint handling
requirements. For example, in the EU, organizations
currently are required to perform trend analysis of
complaints, and some complaints may trigger a report
to the EU. Another new requirement is for internal
audits to explicitly answer whether the QMS conforms
to regulatory standards.
Under section 8.3, organizations are responsible
for documenting requirements for non-conformities.
Sections 8.4 and 8.5 stipulate that data analysis include
valid statistical techniques and inputs from audits and
service reports.
There is a new requirement for equipment and
personnel to be identified and recorded for product
monitoring. The standard contains more detailed non-
conforming product requirements, depending on whether
the nonconformity was detected before or after delivery,
and considerations for escalating to CAPA. Corrective
actions should be commensurate with the risk and taken
without undue delay. Process and product data should
be reviewed to identify inputs to the CAPA process.
Analysis should be an input to management review.
In summary, the revisions to the standard address
the following:
• regulatory requirements emphasized throughout
the standard at all levels of the organization and
product lifecycle
• risk management used throughout the standard,
with actions and decisions commensurate with risk
• planning activities required for more processes
• additional design verification, validation and trans-
fer requirements
• more-detailed requirements on outsourced pro-
cesses and supplier control
• feedback analyzed statistically to determine escala-
tion to CAPA
• additional nonconforming product requirements
and CAPA escalation considerations
• specific design and development file contents and
technical documentation
The documentation level required for an ISO 13485
QMS is higher than that for a typical ISO 9001 QMS,
due to the risk of products an ISO 13485 system covers
(medical devices) and the traceability requirements for
issues after products have been placed on the market.
10
• the resources needed for design and development,
including personnel competence
• design inputs that include usability requirements
and standards
• how design inputs are verified and validated,
including statistical techniques and rationales for
sample sizes
• design transfer and design change procedures
Clause 7.4 contains specific requirements on approving
(including planning and evaluating) and monitor-
ing suppliers and maintaining records a risk-based
approach is required (including the extent of purchased
product verification).
Clause 7.5 has a number of new requirements
and clarifications for implementing defined labeling
and packaging operations. Organizations must analyze
service records and document the statistical basis for
process validation, including sample size.
Processes that cannot be verified should be vali-
dated. Specific requirements for packaging validation
and planning and documentation are also included.
A Unique Device Identifier (UDI) system is specified
if required by relevant regulatory requirements. The
standard also contains specific requirements for device
packaging and product preservation during distribution.
Clause 7.6 includes addressing feedback for both
production and post-production information.
Measurement, Analysis and Improvement
Clause 8 has a feedback process requirement for risk
management and statistical analysis, tools and tech-
niques to determine the need for feedback data to be
escalated into CAPA. Clause 8.2 includes procedures to
document complaints, including both production and
post-production information. This clause also con-
tains further details on minimum complaint handling
requirements. For example, in the EU, organizations
currently are required to perform trend analysis of
complaints, and some complaints may trigger a report
to the EU. Another new requirement is for internal
audits to explicitly answer whether the QMS conforms
to regulatory standards.
Under section 8.3, organizations are responsible
for documenting requirements for non-conformities.
Sections 8.4 and 8.5 stipulate that data analysis include
valid statistical techniques and inputs from audits and
service reports.
There is a new requirement for equipment and
personnel to be identified and recorded for product
monitoring. The standard contains more detailed non-
conforming product requirements, depending on whether
the nonconformity was detected before or after delivery,
and considerations for escalating to CAPA. Corrective
actions should be commensurate with the risk and taken
without undue delay. Process and product data should
be reviewed to identify inputs to the CAPA process.
Analysis should be an input to management review.
In summary, the revisions to the standard address
the following:
• regulatory requirements emphasized throughout
the standard at all levels of the organization and
product lifecycle
• risk management used throughout the standard,
with actions and decisions commensurate with risk
• planning activities required for more processes
• additional design verification, validation and trans-
fer requirements
• more-detailed requirements on outsourced pro-
cesses and supplier control
• feedback analyzed statistically to determine escala-
tion to CAPA
• additional nonconforming product requirements
and CAPA escalation considerations
• specific design and development file contents and
technical documentation
The documentation level required for an ISO 13485
QMS is higher than that for a typical ISO 9001 QMS,
due to the risk of products an ISO 13485 system covers
(medical devices) and the traceability requirements for
issues after products have been placed on the market.