Transcription
Slide 1 of 30ISO 13485:2016Scope of Stage 1 AuditsRob Packard, .com
Slide 2 of 30Goals of Stage 1 Audit Audit the documentation system – “Old Way”Evaluate location & preparedness for Stage 2Review status & understanding of requirementsCollect information on the scopeReview allocation of resources and review details ofStage 2 Provide a focus for planning the Stage 2 Evaluate if internal audit & management review areplanned, performed and fully implementedRob Packard, .com
Slide 3 of 30Why Risk-Based? 21 CFR 820 – 1 instance of the word “risk”ISO 9001:2008 – 3 instances of the word “risk”ISO 9001:2015 – 43 instances of the word “risk”ISO 13485:2003 – 4 instances of the word “risk”ISO 13485:2016 – 32 instances of the word “risk”“13485 Plus” is a guidance document that waspublished by the Canadian Standards Association inFebruary 2006. I have been recommending it overall other guidance documents for quality systemimplementation since 2010. It mentions the word“risk” 60 06Rob Packard, .com
Slide 4 of 30Annex A “Comparison of content between ISO 13485:2003 and ISO13485:2016” Changes to almost every single clause, but overallstructure is maintained Most changes are clarification Does not provide a side-by-side comparison table in TableA.1 as was provided in the DIS2 released in February 2015 Annex B provides two comparison tables between ISO13485:2016 and ISO 9001:2015, but italics text has beeneliminated within the Standard to identify differences.Rob Packard, .com
Slide 5 of 30Auditing ISO 13485:2016 Develop a regulatory checklist foreach of the 29 required processes Spread the pain by assigning aprocess owner to each process. Identify which procedures, formsand records are associated witheach process. Develop a quality system plan forupdating each process. Perform procedural audits 1st time.Expert tipRob Packard, .com
Slide 6 of 30Clause 0.1 - General Introduction – “meet customer and applicableregulatory requirements for safety andperformance.” Recommend adding language toQuality Policy during next management review. Documentation does not need to align with clausestructure of the international standard (helpful fororganization that want to maintain both ISO 13485and ISO 9001 certification).Note: red italics font indicates what’s new.Rob Packard, .com
Slide 7 of 30Clause 0.2 – Clarification of Concepts “As appropriate” is considered required if it isrequired for:– “compliance with applicable regulatoryrequirements,– the organization to manage risks.”Rob Packard, .com
Slide 8 of 30Clause 1 - Scope Application of Standard can be extended tosuppliers and service providers. Non-applicability can be extended to Clauses 6and 8 instead of just Clause 7.Rob Packard, .com
Slide 9 of 30Exclusions / Non-Applicability Clause 7.3 remains the only clause that can be excluded Within Clauses 6, 7 and 8 the following might be not applicable:–––––––––––6.4 – Work environment (e.g., software products)7.5.2 – Cleanliness of product7.5.3 – Installation7.5.4 – ServicingInclude justification for7.5.5 – Sterile Deviceseach area of non7.5.6 – Process Validationapplicability.7.5.7 – Sterilization Validation7.5.9.2 – Implantable Devices7.5.10 – Customer property7.6 – Calibration8.3.4 – ReworkCaution: Many clauses remain applicable, because they must beRob Packard, Presidentcontrolled as an outsourced com
Slide 10 of 30Clause 3 - Definitions 8 definitions in ISO 13485:200316 definitions in ISO 13485:201x (DIS2)20 definitions in ISO 13485:2016Definitions no longer included:–– New �– Active implantable medical deviceActive medical deviceConsider using a glossaryinstead of definitions ineach procedure.Authorized representativeClinical evaluationDistributorImporterLife cycleManufacturerMedical device family (not in DIS2)Performance evaluationPost market surveillanceProduct (not in DIS2)Purchased product (not in DIS2)Risk (same as ISO 14971:2007, but different from ISO 9001:2015)Risk managementSterile barrier system (not in DIS2)Expanded Definitions–––Complaint (added services)Labeling (added advertising and marketing information)Medical device (identifies possible definition differences)Rob Packard, .com
Slide 11 of 30Clause 4Rob Packard, .com
Slide 12 of 30Clause 4 Changes 29 Required Procedures instead of 19Clause 4.1 – Significant changesClause 4.2.1. – expanded general requirementsClause 4.2.2 – no changesClause 4.2.3 is new – Medical device fileClause 4.2.4 – minor addition to match QSRClause 4.2.5 – no changesHopefully harmonization with MDDRob Packard, Presidentwww.MedicalDeviceAcademy.comwill be improved due to 4.2.3.rob@13485cert.com
Slide 13 of 30Clause 4.1 - General Clause 4.1.1 – addition of regulatoryrequirements Clause 4.1.2 – addition of a risk-based approach Clause 4.1.3 – reformat of 4.1 and addition ofrecordsAdd risk-based approach to all processes in yourquality system documentation section of your qualitymanual (i.e., Clause 4.1.2). Tabular structure is ideal.Rob Packard, .com
Slide 14 of 30Clause 4.1 - General Clause 4.1.4 – Changes to quality managementsystem processes shall be:a) “evaluated for their impact on the qualitymanagement system,b) evaluated for their impact on medical devicesproduced under this quality management system,c) controlled in accordance with the requirements ofthis International Standard and applicableregulatory requirements.”Your quality plan for the change toISO 13485:2016 must address this.Rob Packard, .com
Slide 15 of 30Clause 4.1 - General Clause 4.1.5 – Controls for outsourced processes“shall include written quality agreements.”Supplier quality management process must requirea written quality agreement and controlledtemplates are recommended for each supplier type.Rob Packard, .com
Slide 16 of 30Clause 4.1 - General Clause 4.1.6 – Validation of software used inquality system require procedures.I am asked if this is required frequently.Now it’s required.Rob Packard, .com
Slide 17 of 304.2.4 - Control of Documents This clause was 4.2.3. Clause 4.2.4h) - prevent deterioration or lossof documents, and“Storage in fireproof cabinets may not be expectedroutinely in most locations, but controls to ensureintegrity of records and protection fromearthquake would be expected of some Californiamanufacturers.”Rob Packard, .com
Slide 18 of 30Clause 5Rob Packard, .com
Slide 19 of 30Clause 5 Changes Clause 5.1 – no changeClause 5.2 – added regulatory requirementsClause 5.3 – no changeClause 5.4.1 – added regulatory requirementsClause 5.4.2 – no changeClause 5.5.1 – no changeClause 5.5.2 – minor changes to wordingClause 5.5.3 – no changeClause 5.6.1 – added documentation of intervalClause 5.6.2 – added complaint handling and reportingClause 5.6.3 – added changes to address new and revisedregulatory requirementsRob Packard, .com
Slide 20 of 30Management Review InputsI will be revising templateClause 5.6.2and procedure again toa) Feedbackreflect differences betweenb) Complaint handlingDIS2 and Final version.c) Regulatory reportingd) Auditse) Monitoring & measurement of processesf) Monitoring & measurement of productg) Corrective actionsh) Preventive actionsi) Follow-up of actions from previous management reviewsj) Changes that could affect QMSk) Recommendations for Improvementl) New or revised regulatory requirementsRob Packard, .com
Slide 21 of 30Management Review Outputs Recommend documenting the next scheduledmanagement review and a justification forchanges (this was only in DIS2, but stillrecommended). Recommend documentation actions to addressnew and revised regulatory requirements asmanagement review action items (this is arequirement).Rob Packard, .com
Slide 22 of 30Clause 8 (just Stage 1)Clause 8.2.2 is new – Complaint handlingClause 8.2.3 is new – Regulatory reportingClause 8.2.4 – was Clause 8.2.2, but no changeClause 8.5.2 / 8.5.3 – reorg and added planningRob Packard, .com
Slide 23 of 30Common Deficiencies inComplaint Handling Procedure Failure to:– Capture all complaints– Include time limits for investigation and reportingdecisions– Extend the investigation to other potentiallyaffected product– Document reason for no investigation– Document reason for no corrective actionRob Packard, .com
Slide 24 of 30Reporting Regulations Canada Mandatory Problem Reporting– http://www.hc-sc.gc.ca/dhpmps/pubs/medeff/ guide/2011-devicesmateriaux/index-eng.php Europe Vigilance Reporting– hments/1/translations/en/renditions/native US Medical Device Reporting (21 CFR 803)– pdf– pdfRob Packard, .com
Slide 25 of 30“Death by CAPA”We use a riskbased approachWe alwaysinitiate a e-a-riskbased-capa-process/Rob Packard, .com
Slide 26 of 30Corrective ActionClause 8.5.2 reviewing nonconformities (including customercomplaints), determining the causes of nonconformities, evaluating the need for action to ensure thatnonconformities do not recur, planning and documenting action needed verification that corrective actions do not have adverseeffects reviewing corrective action taken and its effectiveness recording of the results of any investigation and of actiontakenRob Packard, .com
Slide 27 of 30Preventive ActionClause 8.5.3 determining potential nonconformities, evaluating the need for action to ensure thatnonconformities do not recur, planning and documenting action needed verification that corrective actions do not haveadverse effects reviewing corrective action taken and itseffectiveness recording of the results of any investigation and ofaction takenRob Packard, .com
Slide 28 of 30Key Elements of CAPA Forms Provide Enough Room“15 Tips for Creating an Effective CAPA Form”Date clude a /CAPA SourceDescription of IssueInvestigator Assigned & Target Due DateInvestigation of ProblemContainmentCorrection(s)Investigation of Root CauseCorrective Action Plan & Target Due DatePreventive Action Plan & Target Due DateFRM-009, CAPA ReportActions Implemented(sold with CAPA Procedure)Plan for Verification of Effectiveness eness ignature & Closure DateRob Packard, .com
Slide 29 of 30Plan-Do-Celebrate-Check-Act Activities Controls Documentation Resources Objectives Deploy andconformwith eACT Analyze/review Decide/change ImproveeffectivenessCHECK Measure andmonitor forconformity andeffectivenessRob Packard, .com
Slide 30 of 30Q&Arob13485rob@13485cert.comRob Packard 1.802.281.4381Rob Packard, .com
ISO 13485:2003 –4 instances of the word “risk” ISO 13485:2016 –32 instances of the word “risk” “13485 Plus” is a guidance document that was published by the Canadian Standards Association in February 2006. I have been recommending it over all other guidanc
