Does anyone know the current status of ISO 13485, I know it was in the process of being revised, but I would like to know if it is a DIS or FDIS?

I didn’t even know it was being revised until I listened to the April FDA Teleconference yesterday on their website, and now I’m really curious what the future’s going to look like.

According to the current(?) BSI E-Magazine ‘Business Standards,’ ISO 13485 is a draft. A panelist on the FDA broadcast says they hope for an approved version in late 2002 or early 2003, at which time it will fully replace EN 46001.

According to the broadcast, and echoed in the BSI E-magazine article, medical device manufacturers (and maybe all regulated organizations) should start thinking about being certified to the new ISO 13485 instead of ISO 9001:2000. The reasoning seems to be that:

1) We have to stay compliant with all ISO 13485 requirements to sell in Europe, Canada and Australia (and maybe others soon). This includes some documentation requirements that have been dropped from ISO 9001:2000.

2) We do not have to be compliant with such ISO 9001:2000 requirements as:
a) Customer Satisfaction
b) Continual Improvement, etc.

3) Not all regulatory agencies (foreign and FDA) accept ISO 9001:2000 as meeting their requirements.

I’ve never thought about becoming registered to ISO 13485. Presumably it would fulfill the requirement for a quality system as described in Annex II (1) of the European Medical Device Directive.

My big concern is that there is a trend towards integration of ISO 9001 and ISO 14001, demonstrated both by the new 9001 revision and by combining the auditing requirements for both in the upcoming (about 2005) ISO 14969. I even anticipate registration to both management systems being a European CE requirement in about 5 years. If this happens, we’ll have to maintain certification to everything anyway so why not stay with 9001 and just keep 13485 in the scope?

The bottom line is that I’m looking for opinions from medical device futurists:

1) Will it be better to forget ISO 9001:2000 and register to ISO 13485?

2) Will it be better to stay with ISO 9001 (plus 13485) because it will incorporate ISO 14001, or because of the greater name recognition?

3) Other?

I know interest in this subject will be limited and I’ll appreciate any opinions.

Alf

Did you know that ISO 13485 superseded EN 46001 and ISO 13488 superseded EN 46002. I have also heard that ISO 13485 will not be adopting some of the changes to ISO 9K2K, such as Customer Satisfaction and Continual Improvement.

At the recommendation of our registrar (TUV Rheinland), we added ISO 13485 12/96 to the scope of our certificate along with ISO 9001 8/94 and EN-46001 9/96. Our current certificate was issued in March 2001.

Just to stir the pot a little and keep this subject alive, we're now about 80% certain that we'll be registering to ISO 13485:200x instead of 9001 on the next go-round. I don't know yet how it's going to work but it seems reasonable since, as a medical device manufacturer, we have to comply with 13485. And even though Customer Satisfaction, Continual Improvement, etc. are critical in a business sense, we don't want to be audited to those requirements.

I've always disliked seeing the ISO 9000 effort fragmented (if that's the right word) by parallel standards like QS, AS, TL, FS, etc., but I suspect that's going to continue to happen.

By the way, I haven't heard anything about SA 8000 for a year or two. Anybody know if that's picking up any steam or just fading away?

Alf

Alf,
Just out of curosity who is your notified body/registrar.

It looks like as if 13485/13488 will be released the 1st quarter of 2003 as a stand alone document.

Hi, ISO GUY

We're with BSI and they're recommending that medical device people go 13485. Check their e-magazine article at:

http://www.businessstandards.com/

This is also pretty much what I was hearing in the FDA webcast from last spring (although not as strongly worded).

Alf

Alf,
That's what I have been hearing and from the looks of thats the way we are going. This after I was being proactive and re-writting or QM for 9K2K when the draft was out LOL.

Also did you know that TUV PS is the only notified body/registrar that can issue an acredited certificate for 13485.

I've spent quite a few hours on a new Quality Manual myself. Fortunately, much of the new 13485 is the same as 9001:2000 so not all of those hours were wasted.

Thanks for the information about TUV. I've been wondering when the registrars would get themselves qualified for this. I'll bet BSI isn't far behind, but probably not all registrars will bother with it.

Alf

Marc-
In another thread you mentioned wanting to know a little bit about ISO 13485. Sometimes I feel like I only know ‘a little bit’ so, without going into irrelevant history, let me start with this (as I understand it):

[Note to Readers – If you’re not medical device people (and maybe if you are) this will be really boring.]

First the UK created EN 46001/46002 to add significant requirements to ISO 9001/9002 for medical devices. Much of EN 46001/46002 reads “[paragraph#] x.xx.x of EN ISO 9001:1994 applies,” and only adds language where needed for the purpose. This cannot be used as a ‘stand-alone’ document since you have to have ISO 9001/9002 to get complete details.

Then ISO created an almost identical document (ISO 13485/13488) for the same purpose. This is the one the FDA chose to recognize and reference as they harmonized with ISO 9001/9002. Again, it’s not a ‘stand-alone’ document (so now I’m carrying around three sets of standards in my head, ISO 9001, ISO 13485 & FDA 21 CFR, part 820 – terrific!).

Now ISO 9001 has been re-written and re-organized AND added requirements such as measuring customer satisfaction and demonstrating continual improvement. This is where the FDA balked. Not only do they feel that it’s not in their province to regulate companies in these areas, they’re also upset that they spent all that time (and our money) harmonizing their regulations, just to have the rug pulled out from under them. What if they re-write their regulations again to harmonize and ISO 9001 changes drastically in 2005 (and I think it will but that’s another discussion)?

So someone, and I don’t know how this part went, re-wrote ISO 13485 as a complete, stand-alone standard. It’s very close to ISO 9001:2000 in form and content, except for eliminating things like customer satisfaction and continual improvement, and it has the medical device requirements built in – no additional documents (i.e. ISO 9001) required. Equally important, the FDA feels that they can depend on ISO 13485 to remain fairly constant and not veer off into left field like ISO 9001 has done and is likely to continue to do.

At this point, since US medical device manufacturers must comply with FDA and therefore must comply with ISO 13485, it doesn’t make much sense to add ISO 9001 to the mix, unless the name recognition is worth something.

One kink is that the new ISO 13485:200x is currently in the Committee Draft (CD) stage and not expected to approved for another year or so. Barely a year before ISO 9001:1994 goes away. We’ll have to do most of our preparation based on the CD version.

And then there’s Canada. They’re requiring registration to ISO 13485/488:1996 by January 1, 2003. As far as registrars go, currently I think only one, TUV is qualified to register to ISO 13485 in Canada, although several others have applied to the Canadian Medical Devices Conformity Assessment System for approval.

That’s about it. In the last few weeks I’ve upped my estimate to put us at about 95% sure to go with ISO 13485.

Interesting times ahead. And if you’ve actually read down to this point, corrections to this yarn are more then welcome.

Alf
:ko:

Thanks for the info. I want to keep a closer eye on the medical device industry. I can't say I'm totally ignorant of it, but I'm pretty close to ignorant about it.

I attended a Medical Device Update this week which was presented by my registrar, BSI. Here are some things I learned at that meeting.

BSI can now provide ISO 13485 and ISO 13488 registration under Standards Council of Canada (SCC) accreditation. RAB is reviewing its current position considering allowing ISO 13485 and ISO 13488 registration. These standards are not currently stand alones. ISO 13485 will be published as a stand alone early 2003.

ISO 13485:1996 / ISO 13488:1996 is required by Canada and satisfies Europe.

BSI recommends to clients that we get familiar with CD 13485-200X; conduct a gap analysis against CD 13485.

I believe when ISO 13485 is issued as a stand alone that it will become the "medical device" standard.

This statement of TUV PS being the only accredited Registrar for ISO 13485 is NOT correct. DNV is accredited in 22 different countries, as of today. In Norway, DNV is accredited by the NORSK AKKREDITERING Agency, and our scope of certification does include accredited certificates to ISO 13485. Further, DNV is a a Notifed Body for the Medical Device Directive, in addition to many other directives.

Mr ISO GUY should do his research more carefully, before stating that TUV PS is the only one accredited for such Standards.

:mad:

Regards,

Sidney Vianna

Wow Sidney I didn't mean to upset you so much. Yes, I did research the fact the TUV was currently the only ones that could issue and accredited cert. to 13485. Sidney, I also checked the DNV website in your profile and not to point out a mistake but if DNV can issue accredited certs to 13485, not COMPLIANCE with 13485 they why is it not listed on your website?

I am not pushing TUV PS the only reason my company uses them is because at the time they were the only ones that could cert. for 13485. Things may have changed since then but I am not aware of them. Once again I didn't mean to upset you and DNV.

:(

I want to butt in here for a minute to say to everyone - the info in this thread is very, very much appreciated and (I believe) very needed.

I also want to say I wrote Sidney this last weekend and pointed out this thread and asked if it is true. I also specifically asked if he would like to respond on behalf of DNV. I have followed Sidney since 1996 in the ISO Discussion Listserve. I value his input.

ISO Guy - Sidney's last line was quite pointed (and I'll admit doesn't lend it's self to good communications within the context of a text based internet message board such as this one), however I want to assure you we all here in the forums respect you, your information and your overall participation. As everyone here well knows -> I can be as pointed - from time to time - as Sidney was in his post.

I apologise for any hard feelings. I feel I am in part responsible because of my e-mail to Sidney. Sidney may have interpreted my e-mail to him as a challange which set the stage for the negative remark. I know Sidney well enough through the ISO Listserve that I can say if there is one thing he hates it's incorrect information and misinformation.

Now - back with the discussion.

Marc, I understand where you are coming from. I did re-search the topic and did not feel that I was giving "mis-information". I do not work for TUV so I have no reason to push thier services.

Yes - I realize that and that is why I posted my post - so everyone knows where this all came from.

I was finally able to get my hands on a draft copy of 13485:2003. I had heard rumblings that 13485 was not going to go along with Customer Satisfaction and Continual Improvement well after looking at the draft I can say thats not true, they just word it differently (in reading 13485 along side of 9K2K). I would say that 13485:2003 is 95% the same as 9K2K and that is a conservative estimate! IMHO one of the major differences is that section 6.4 Enviornment for 13485 there are more things you need to address or be concerned about. I am in the process of putting something toghther internally, but I will be suggesting that the company I work for not drop ISO 9000 and use 13485 as a stand alone because they are the same!!!! What the heck if you can say we are ISO 13485 and ISO 9001 Certified why not!!!!:bonk:

Howdy, ISO GUY-

I agree that ISO 13485 is substantially the same as 9001:2000, maybe even 95% (aside from medical device requirements), and the way they ‘word it differently’ makes a world of, um, difference. Examples:

4.1
ISO 9001:2000
“…maintain a quality management system and continually improve its effectiveness…”

ISO 13485:200x
“..maintain a quality management system and ensure its effectiveness…”


5.1
ISO 9001:2000
“…implementation of the quality management system and continually improving its effectiveness by…”

ISO 13485:200x
“…implementation of the quality management by…”


5.3(b)
ISO 9001:2000
“…and continually improve the effectiveness of the quality management system,”

ISO 13485:200x
“…and to maintain the effectiveness of the quality management system,”


6.1(b)
ISO 9001:2000
“to enhance customer satisfaction by meeting customer requirements.”

ISO 13485:200x
“to meet regulatory and customer requirements.”


As you know from having gone through the documents, there’s a lot more to the story than my few selected quotes, and any company that doesn’t continually improve and satisfy their customer will be toast anyway. But I don’t want to be audited to those kind of requirements: and I don’t want someone else deciding how much it takes to be compliant. Heck, one of the other threads spent a considerable amount of time talking about how registrars, and auditors within the same registrar, can’t agree on interpretations of the standard. Requirements like these would really give them something to sink their teeth into.

Another consideration is, as we’ve mentioned before, the FDA says they’re going with ISO 13485, partly because they don’t want to be in the position of regulating to requirements like these and partly because they think that ISO 9001 will continue to evolve in a direction that they don’t want to go.

Your argument is good, but given the same facts I draw a different conclusion. In the end, it’s just a matter of each company deciding which course is best for them.

Best of luck with your efforts.

Alf

Alf,
I completely agree with your statement that it is all in how it is worded and your quotes are accurate. However, when I read the CD that I have if you look at 5.6.1 Management Review “ This review shall include assessing opportunities for improvement and the need for changes to the quality management system, including the quality policy and quality objectives.”

5.6.2 Review input g.) “ recommendations for improvement”

To me that looks like continual improvement, what do you think?

Also the customer satisfaction aspect, if your customers are not happy they will go elsewhere if they can. That’s why IMHO you need to measure your customer satisfaction as well as dissatisfaction or how else do you know where you need to improve. (

You are right a company needs to continually improve in order to succeed is that not the whole point of being in business

ISO GUY-

I think we pretty well agree on everything here, including a point that you brought up previously: If you can say that you're registered to both - why not do it?

One of the issues we're still struggling with is the ISO 9001 name recognition. Even though we can say that ISO 13485 does everything we need, hardly anyone knows what it is. There's still a possibility that our marketing folks around the world will object to losing that sales tool. That's why we haven't made the absolutely final decision yet.

Alf

Let me see if I get this understanding of IOS 13485. This is all new to me.
The place I work is a rubber MFG for medical and Automotive.
I want to set our goals and systems for TS16949, ok Now I hear I need ISO 13485 to be compliant with Medical????????:confused: :smokin:
Is this for internal use medical products or extrnal products.
Here is my site with most of our products www.kokokuintech.com
:truce: :truce: Help me understand if I am going to be required.

Hi, Greg-

I'm buggin' out early today but I just saw your post and wanted to give at least a quick answer.

Not necessarily (how's that?)

A lot depends on where you sell your medical device products. If you're selling in Canada you need to have ISO 13485 included in your ISO 9001 registration scope by January, 2003. If you conform to EN 46001 you're about 90% there already.

If you're selling in Europe you need to conform to the Medical Device Directive (MDD) that requires that you, in turn, conform to a recognized quality system (my wording may not be precise, I'm in a hurry). Currently, ISO 9001/2 is about the only one that's really recognized.

In a year or so, you'll have the option of using either ISO 9001 or ISO 13485 to meet the MDD requirements (ISO 13485 doesn't have the infamous Customer Satisfaction and Continual Improvement additions). BUT - you'll still have to have ISO 13485 for Canada. That's why a lot of us are turning away from ISO 9001 in favor of ISO 13485.

If you like, we can pick this up again in a few days. The grandkids are coming over and I haven't even started decorating the tree.

Merry Christmas!

Alf


Hey, Greg-

What about the FDA? I was halfway out the door when I realized we hadn't mentioned the FDA. They use ISO 13485 as a medical device add-on so your company should already be familiar with, and conforming to, the additional requirements. Just add my above statements to this.

Alf

An FYI for anyone this affects.

There now appears to be a newly updated version of ISO 13485 available (ISO DIS 13485). Global Engineering Documents shows it as a 02/21/02 dated document so it must be the one I've been waiting for. I haven't seen or heard anything about it yet so have no idea what kind of changes might there. What concerns me is that the usual ISO pattern is to follow-up the DIS version with an FDIS and then the 'approved' version (i.e.; more changes to come?).

Anyone - please let me know if you have any info on this.

Thanks.

Alf

AG,
Yes that is the same copy I have 02/21/02, the previous one was 06/15/01. I have compared the two documents and they are 99.99% the same not much has really changed since the June release. What they did was not "require" as many procedures the last release 06/15/02 "required 21". I don't see very many changes happening before the final release.

Thanks, ISO GUY-

That's exactly the answer I was hoping for. I heard from the beginning that the final version wasn't expected to change much from the CD version. Maybe that prediction will hold up.

Alf

ISO GUY-

I just got a chance to look through the ISO/DIS 13485 and, for the record, I agree with your opinion of it. The few changes there are (doesn't require a procedure for identifying training needs, does require procedures for design control, etc.) are really moot for us since the FDA requires both anyway.

Hopefully it will be smooth sailing to the final version now.

Alf

Yes it will be interesting to see what the FDA does. they are supposed to try and follow 13485 but we will see what happens when the FDA does thier revision.

We had an FDA audit yesterday and I am not very happy with the auditor they sent at this point. The auditor didn’t ask question and was very accusatory. But what do you expect from Government, they don't usually hire competent people.

An FDA audit? Verrrry Interesting.

They're so understaffed and over-extended that I don't expect to see them for awhile (but then we're Class 1. It would probably take a serious complaint to bring them in). Presumably you're making Class 2/3 product.

I do have to say that the last investigator I dealt with was pretty reasonable. He was definately digging to get to the bottom of an issue but I never felt like there was a bulls-eye painted on my back.

I have noticed that many of the better [connected] ones get sucked into Industry at several times the government salary (or so the story goes).

Hope your next experience is a better one (and far, far in the future).

Alf

Howdy boys and girls,
I have decided to go for the TS16949 certification. As well as the ISO14001 here at the KU. This will get me started and well on the way to covering all that we manufacture here in the world of rubber. I have recieved an early copy of the second edition for TS and will plan to be certified by December 2002 (both programs)
:smokin: Thanks for the input. I will still try to verify the other.

Originally posted by Alf Gulford
An FDA audit? Verrrry Interesting.

I do have to say that the last investigator I dealt with was pretty reasonable. He was definately digging to get to the bottom of an issue but I never felt like there was a bulls-eye painted on my back.

I have noticed that many of the better [connected] ones get sucked into Industry at several times the government salary (or so the story goes).

Hope your next experience is a better one (and far, far in the future).

Alf

Alf the reason we were audited was becuase a client we did work for over 2 years ago asked them to audit us. The lady auditor was fair, however she had no sense of time or reason. I will be in about 9 and not show up until after 10. Get this she said she had to do her morning workout before she comes in. I thought they were only supposed to be in during "normal business hours", she often stayed until after 6 and we close about 4:30. tlk about putting peoples lives on hold! She als had no industry experience in the Medical field which made it more difficult. We received a 483 which is always fun. I also hope they do not come back before I get out of here!

I think I understand your frustration now.

Nobody in their right mind is going to complain and draw more attention to themselves but it would be nice if someone in the FDA cared enough to follow up on some of the investigators.

Maybe the FDA should send out 'customer surveys' to find out how you like their service:vfunny:

Alf

I have a quick question. How does 13485 relate to 820? Anyone know?

DB they are very similar and with the new revision the FDA will try to harmonize 820 with 13485.

Dave:

I am unclear on the specificity of your question, i.e., "how are 13485 and 820 related?"

Nevertheless, 820 is the U.S. device cGMPs upgraded in '96 by FDA using input from the device industry to incorporate design controls and other key elements from ISO 9001.

On the other hand, 13485 is the European regulatory requirements for devices (EN 9001+ particular requirements for medical devices.)

To assist companies that market globally, an international committee, the Global Harmonization Task Force (GHTF) which has reps from the FDA, European regulatory bodies and both countries device industries came up with several guidance documents posted on the GHTF.org website. These guidance documents shows how to be globally compliant.

I caution you; however, not to rely exclusively on the GHTF documents since both 820 and 13485 has their own industry compliance guidance.

You can download the QMS guidance here: http://www.ghtf.org - Link was: /sg3/inventorysg3/sg3-n99-8.doc.

It has some excellent guidance for maintaining compliance to 820 and 13485 in a single QMS.

Dave, I hope this helps you figure out the interrelationship of 820 and 13485.

Best regards,

Jerome Council, ASQ-CQA, CQA-Biomedical Auditing

I'm new!

We are just geting into FDA and ISO13485 stuff . . .

I noticed a couple posts talking about a DIS copy of ISO13485. Where can I get a copy of this?

Ron
:confused:

Ron:

Point your browser to https://www.aami.org/ and "Search" standards.

Both the existing '96 standard and the committee draft (CD 13485, i.e., the outcome from the folks tasked to develop, review, solicit input, and finalize the new standard) can be purchased at AAMI's website.

Best wishes,

J.Council, ASQ CQA, CQA-Biomedical Auditing

Thanks for helping me find a copy of ISO13485:200? (free no less - well free when I also joined AAMI)
I also bought the ISO13488:1996. We may go that route to get that cert on our advertising banner

Just so I give info and not just get it - - -

I found a URL that shows registrars that are able to accredit for the stricter Canada requirements for ISO13485. If you want to do medical business in Canada you must go through one of their "qualified" registrars.

The URL is http://www.scc.ca - The link was: /standards/cmdcas/registrars_e.html

I'm putting this up because I read a few older discussions about what US based companies could register to ISO13485.

I got into the DNV (can they or can't they register to ISO13485) discussion also. Right from the DNV office in Houston. They can register to ISO13485 but they give you a certificate with "a Norwegian accreditation mark - they are a member and signatory to the IAF (International Accreditation Forum)" They are balking at paying Canada the $50,000.00 that Canada wants to authorize them for Canada ISO13485.

Trying to find my way through this medical maze is :frust:

Ron

Also see:

http://elsmar.com/Forums/showthread.php?t=6513