ISO 13485:2016 Self Certification for Class I (annex 9) Stand-Alone Software?

[keldez]

Hello,
I'm shopping around for a notified body for our Class I (annex 9) stand-alone software. I was just told by the NB I just spoke to that they would need to perform an initial audit and then put us on an annual schedule for ISO 13485 certification.
My understanding (which may be wrong) is that for a Class I device, you only need to self-certify with a NB (ie no scheduled audits, no 3rd party certification required). Is this correct? Are maybe some NBs different than others in what THEY need for you to be their "client"?
Any insight on this would be appreciated. I don't fear an audit.. it's just not what I expected. Thanks!

 

[mihzago]

I assume that you mean that you want to self-certify for CE marking in Europe, in accordance with Annex VII of the MDD, but that applies only to Class I non-measurable and non-sterile.
If that would be the case then you wouldn't necessarily need ISO13485 certification, but having it is one of the ways to comply with the requirements of Annex VII of the MDD.

In such case you also wouldn't have to notify anyone (i.e. Notified Body), you simply self-certify by drawing up a Declaration of Conformity.


Since you identified rule 9 (again I assume this is in accordance with MDD), then you are at least Class IIa, in which case self-certification does not apply and you need to get a Notified Body involved, because you need an EC cert.
Most Notified Bodies will also require you to have an ISO 13485 cert.

To obtain an ISO cert you must complete your certification audits, which are then followed by annual surveillance assessment.

 

[Ronen E]

Hello,
I'm shopping around for a notified body for our Class I (annex 9) stand-alone software. I was just told by the NB I just spoke to that they would need to perform an initial audit and then put us on an annual schedule for ISO 13485 certification.
My understanding (which may be wrong) is that for a Class I device, you only need to self-certify with a NB (ie no scheduled audits, no 3rd party certification required). Is this correct? Are maybe some NBs different than others in what THEY need for you to be their "client"?
Any insight on this would be appreciated. I don't fear an audit.. it's just not what I expected. Thanks!

Hi,

I don't know in what context you contacted the NB. Perhaps their answers referred to devices that actually come under some NB scope. Class I devices normally don't, unless they are sterile (obviously N/A to software) or have a measuring function. If your software was properly classified as class I (rule 12, beacuse stand-alone software which is a medical device is considered an active device) your exchange with a NB regarding this device means it must have a measuring function. In this case you can't just self-certify and there are requirements applicable beyond Annex VII's scope (see Annex VII s. 5).

If, on the other hand, your software is indeed class I without a measuring function, you can self-certify and register with a Competent Authority (not a NB), no NB intervention would be required, no ISO 13485 is necessary and no audits should be excepted on account of this device.

 

[keldez]

Thanks!
I contacted the NB because I honestly thought I had to be registered with one for a CE no matter the classification. I thought for a Class I (not Im), you would still give them your money to self certify.
I see where I messed up. First off, my device IS Class I (NO measuring function). I used the Annex 9 material for classification in my tech file even though everything (except rule 1 and 12) were N/A - probably went a little overboard. I should look at Annex VII again and include reference in my tech file. Sorry for the confusion there.
Looks like I need to look into Competent Authorities and register. Thanks for the help, guys!