ISO13485 application: May Subcomponents or Non-Medical Products be Excluded?

Eamon

Involved In Discussions
I am working for a small company accredited to ISO 13485. Until this point, all of our products have been final, end-user products. All of our existing quality procedures, including a risk management checklist and FMEA, assume a final end-user product (as does ISO 14971).

We are going to supply a sub-component to be integrated into another company's product. The client company will be responsible for safety testing, regulatory approvals and risk management, although we will be supporting these activities as required.

Within our current procedures, the risk analysis would seem to be the most problematic, since it is directly mandated by ISO 13485. It seems to be impossible to evaluate risk without detailed knowledge of the end product's intended use, which we don't have full access to in this case. And it would seem to be a duplication of effort since the manufacturer of the end product is responsible for this in any case.

Since we are not going to be ultimately responsible for some of these activities, I am wondering whether we should revise our procedures so that certain products can be excluded from the scope of ISO 13485.

Alternately, I am wondering what sort of risk analysis can be done with incomplete knowledge of the full context of the end use of the component we're designing.

I know answers have been posted which touch on these issues, but I'm particularly interested in knowing what sort of language would go into our procedures to allow the exclusion of certain products from the full ISO 13485 process. I am assuming that the procedure for excluding a product would be covered in the Quality Manual as given by 4.2.2 (a): "the scope of the quality management system, including details of and justification for any exclusion and/or non-application (see 1.2)". I have seen a post in this forum (which I'm not currently able to link to) which implies that a product could be excluded from the scope of ISO13485, but what criteria would typically allow this and how would such an exclusion typically be handled by quality system procedures?

Would an exclusion be justified as a matter of holding, in certain cases, that "regulatory requirements permit exclusions of design and development controls" (in section 1.2)? Can this clause be applicable on a product-by-product basis? Does anyone work with a quality manual which allows specific products to be excluded from the full ISO 13485 process?

Any thoughts from anyone who has considered this issue before would be most appreciated.
 

somashekar

Leader
Admin
Re: ISO13485 application: can subcomponents or non-medical products be excluded?

We are involved in both medical devices and optic modules manufacturing for other requirements such as security systems etc. These have been clearly defined in our scope of manual as ISO 13485 scope and ISO 9001 scope, and likewise addresed in the system management. Our cert also clearly indicates these.
 

DannyK

Trusted Information Resource
Re: ISO13485 application: can subcomponents or non-medical products be excluded?

If your subcomponent is considered a medical device, you cannot exclude it from your system.
The best way to deal with this issue is to have a responsibility matrix, which will detail what your company and your customer are responsible for each different application.

You still should be able to provide risk management, but some of the information could reference the customer's risk management since you may not have alll the technical information.
 

Marcelo

Inactive Registered Visitor
Re: ISO13485 application: can subcomponents or non-medical products be excluded?

In relation to the risk management side of your question, as you point out ISO 13485 and ISO 14971 are focused on risk management of the final, medical device product, and in this way the applicable risk management is completely tied to the final product intended use.

I think there´s two point to consider gere. First, products (systems) are made of sub-systems. The device manufacturer has to take into consideration the individual risks of subsystems (they have to identify all hazard situations related to the device) to know the overall risk of the system. In this case, a lot of these sub-systems risks really have in principle nothing to do with the end-user or patient, meaning they´re could be sub-systems from any other kind of equipment. In this way, a component or sub-system could be risk managed without know the final product intended use. I would suggest, for simplicity´s sake, to define the intended use of your component or subsystem, and then manage risks related to them.

This approach is in concordance with the second point, which is a trend in the medical device industry called "system parity" (quality system or risks management system) in which manufacturers have to rely on the quality system or risk management system of their supplier, and even incorporate some of them, to complete it´s own quality or risk management sytem. Here is a link on quality and other systems parity.
 
Last edited:
T

treesei

Re: ISO13485 application: can subcomponents or non-medical products be excluded?

We mainly make components for other device OEMs. We make a small quantity of own finished device. It is true that w/o sufficient info of the finished device the risk assessment of the component cannot be done to the same level for a finished device. Many times, the requirements for the quality system of a component supplier are laid by the OEM and often they are in between 9001 and 13485. For example, if the OEM owns the design, then you will be exempt from 13485's design control requirements. You can reflect such exempt in your quality manual. This "modified 13485" approach may be cheaper than putting your sub-component business under a separate 9001. ANd the customer may like it better.
 
Top Bottom