ISO13485:2016 - Exemption vs. Not Applicable

Mortalis

Involved In Discussions
Good morning,

Our CB auditor said something during his last audit about separating out the exempted requirements from those that are not applicable.

Trying to differentiate without having access to a definitions standard am I correct to say that "exemptions" are for when a whole section does not pertain to a company? For example...7.3 Design. And "Not applicable" is for a section that does pertain but there is a portion of the requirement section that does not pertain. For example, our company doesn't utilize UDI in the 7.5.8 Identificaiton as we do not manufacture medical devices.

Comments?
 
M

mwb0585

Hi Mortalis,
My understanding is that design controls can be excluded if regulatory requirements allow it. For example, FDA does not require design controls for some devices (class 1 and some class 2, I believe). So if you were a manufacturer that was in this position, you could exclude design control. This may have been what your CB auditor meant when he said exemption.

As for non-applicables: there will be some parts of clause 6, 7, or 8 that are not applicable to an organization, based on the type of work they perform. In this case, the organization needs to provide justification for why it is not applicable, and document it somewhere. As you mentioned, your company doesn't deal with UDIs. So document that determination somewhere.

I imagine a common way of accomplishing this is in the quality manual. We have a separate section that details any clauses that are not applicable, and provides the rationale as to why.

Good luck.
MB
 

Marcelo

Inactive Registered Visitor
Trying to differentiate without having access to a definitions standard am I correct to say that "exemptions" are for when a whole section does not pertain to a company? For example.

There's no definitions for those, but you do not need definitions, because how to apply them is written in 1.2.

MR's comments are on the spot.

Exclusions can only happen if applicable regulatory requirements allow you to do so. The FDA example is the case that this requirements was created originally to solve. Please note that you would have to use worst case here, so for example if you sell your device in the US and another country, and the US regulation permit that you exclude design controls, but the other country regulation does not permit it, you would still have to include it in your QMS.

The non-applicability requirement originally was created due to some requirements in clause 7 being dependable on the nature of the device (example, particular requirements for implantable medical devices - in this case, if your device is not sterile, the requirement would be non-applicable to your QMS).

In the 2016 revision, we expanded the scope of the standard (originally, the scope was only the manufacturer, although the standard do not explicitly said that) to organizations in any stage of the medical device lifecycle. During one of the drafts it was noted that some organizations may not be under certain requirements of not only clause 7, but also 6 and 8, due to the activities they perform. So the non-applicability option was expanded.
 
Last edited:

Mortalis

Involved In Discussions
We are a contract manufacturer of components. We do not manufacture finished devices. We receive prints from our customers that detail the product and its requirements they are purchasing from us.

We take design and development as an exclusion. Have since being certified. Since this is the only allowable "exclusion", the authors of the standard having been written for finished devices understand some portions will not/may not apply to non finished device medical manufacturers. That is why they allow "not applicable" statements with justification?

We utilize a matrix table in the QM to state the design and development exclusion as well as the portions that are not applicable with the justification(s). The auditor's statement seemed to implicate that there should be two separate and distinct matrix tables, one for the exclusion and one for the not applicables.

I understand the sterilization and UDI portions as possible not applicable. Can any statement in the standard that references "medical device" or "finished device" be deemed not applicable to a component manufacturer?
 

Marcelo

Inactive Registered Visitor
We take design and development as an exclusion. Have since being certified.

Well, it happens a lot, a lot of non-manufacturers were certified to the old standard, even when the standards was not applicable to them. This is also one of the reasons we put a bigger scope. But please note that excluding D&D without regulatory requirements allowing you to do so does not fulfill the standard requirements.

Since this is the only allowable "exclusion", the authors of the standard having been written for finished devices understand some portions will not/may not apply to non finished device medical manufacturers

Unfortunately, the "authors of the standard" (which includes me) could not find all possible combinations of the impact that the change in scope would create. We did notice some problematic combinations in the last few meetings, but then it was too late to change (and the project was under the risk of being reset). Please note that, due to expansion of the scope, the standards is not "written for finished devices" anymore.

That is why they allow "not applicable" statements with justification?

The cases discussed during development were more on the general side, for example, a firm which performs maintenance of device, one that performs decommissioning at end-of-life, etc.

Can any statement in the standard that references "medical device" or "finished device" be deemed not applicable to a component manufacturer?

Unfortunately, no. You would have to analyze every requirement and verify if they are applicable or not.
 

Ronen E

Problem Solver
Moderator
Marcelo,

Your input here is extremely important and much appreciated. It's highly beneficial - to this discussion and also for future ones - to have one of the standard's authors available for clarifying issues and also commenting on both the authors' intentions and eventual shortcomings (which are sometimes, as you've explained, not intentional but a result of technical constraints).

Thanks!
Ronen.
 

Ronen E

Problem Solver
Moderator
The auditor's statement seemed to implicate that there should be two separate and distinct matrix tables, one for the exclusion and one for the not applicables.

If that is actually the case, I think that it's not only non-essential and non-constructive; it's absurd. What difference does it make it there are two matrices or just one, as long as the standard's requirements have been met and the documentation provides reasonable access to the justification?

Form over content. :nope:
 

Mortalis

Involved In Discussions
If that is actually the case, I think that it's not only non-essential and non-constructive; it's absurd. What difference does it make it there are two matrices or just one, as long as the standard's requirements have been met and the documentation provides reasonable access to the justification?

Form over content. :nope:

Ronen,
Just like most other auditors I've dealt with over the years, each one has to leave their mark on the Quality System they are auditing. This one in particular has certain things he wants to see and will not take any other way about it. And since it's not that big a deal we acquiesce and move on.

Marcelo,
Thank you for your insight. My wife is on the TL and TS committees and was in invaluable resource for me while I was implementing and then working in the TS system I put into place a few years ago.
 
J

JulesQ

Well, it happens a lot, a lot of non-manufacturers were certified to the old standard, even when the standards was not applicable to them. This is also one of the reasons we put a bigger scope. But please note that excluding D&D without regulatory requirements allowing you to do so does not fulfill the standard requirements.



Unfortunately, the "authors of the standard" (which includes me) could not find all possible combinations of the impact that the change in scope would create. We did notice some problematic combinations in the last few meetings, but then it was too late to change (and the project was under the risk of being reset). Please note that, due to expansion of the scope, the standards is not "written for finished devices" anymore.



The cases discussed during development were more on the general side, for example, a firm which performs maintenance of device, one that performs decommissioning at end-of-life, etc.



Unfortunately, no. You would have to analyze every requirement and verify if they are applicable or not.
Marcelo,

I am currently adopting ISO13485: 2016 for our company. We're a component supplier to the Medical Device sector and also an OEM supplier. We currenly exempt ourselves from D&D, but I'm now wondering with the expansion in scope, should we include D&D with respect to the components we design and manufacture, even though the initial concept may come from the customer. Your expertise is greatful.
 
J

JulesQ

We are currently implementing ISO13484:2016 and am looking for some thoughts and guidance around the area of Design and development, we currently exempt ourselves from it, but with the scope change should we be considering it. Currently manufacture components for the medical device sector and are also an OEM medical device manufacturer. Appreciate any input
 
Top Bottom