Disclaimer: I'm a member of ISO TC 210 Wg 1, which is responsible for the development and maintenance of ISO 1384, but the opinions in my posts are always my own.
For some time I've been toying with the idea of discussing some of what I think are possible misunderstandings that I see in the application of ISO 13485.
I will use this thread to include them as I remember them, and to enable discussions.
Topic 1: ISO 13485 details how things should be done. Difference between requirements and how to fulfill them.
This is a possible misunderstanding of the definition of a requirement and the way standards are written.
A requirement is a "need or expectation that is stated, generally implied or obligatory". This is more related to an objective, an expected result.
If you think in terms of a "what" that defines the intended result, and a "how" that defines a way to achieve the results, requirements would be a "what".
The standard most of the time does not define a "how"to achieve the results.
This means that the way to achieve the result is left to the organization.
On the other hand, there's some implications of the "what"that are not totally clear, and usually missed in the implementation and evaluation of the standard.
For example, there's a requirement that "The organization shall validate any processes for production and service provision where the resulting output cannot be """or is not""" verified by subsequent monitoring or measurement "
(the """or is not""" part is new in the 2016 version).
What are the implications of this requirement to be fulfilled?
- The organization needs to identify those processes that fit the description
- Any process that the organization identify as above shall be validated
How do we fulfill the requirement?
One way to fulfill the requirement is to follow the following steps:
1 - Define a process/procedure review all the organization processes for production and service provision to verify a criteria
2 - Define the criteria as "processes where the resulting output cannot be or is not verified by subsequent monitoring or measurement"
3 - Apply the procedure and criteria
4 - Have a list of identified processes that fit the criteria
5 - Validate these processes
6 - Apply the procedure and criteria anytime a new process is added or a current process is modified.
These steps and activities would in principle fulfill the requirement.
Unfortunately, most of the organizations I know simply identify (not in a systematic way) some processes that they know are usually considered "special" (which is the term usually used for the processes that require validation) such as soldering, sterilization, etc., and validate those, and that's the way they to fulfill the requirement.
For some time I've been toying with the idea of discussing some of what I think are possible misunderstandings that I see in the application of ISO 13485.
I will use this thread to include them as I remember them, and to enable discussions.
Topic 1: ISO 13485 details how things should be done. Difference between requirements and how to fulfill them.
This is a possible misunderstanding of the definition of a requirement and the way standards are written.
A requirement is a "need or expectation that is stated, generally implied or obligatory". This is more related to an objective, an expected result.
If you think in terms of a "what" that defines the intended result, and a "how" that defines a way to achieve the results, requirements would be a "what".
The standard most of the time does not define a "how"to achieve the results.
This means that the way to achieve the result is left to the organization.
On the other hand, there's some implications of the "what"that are not totally clear, and usually missed in the implementation and evaluation of the standard.
For example, there's a requirement that "The organization shall validate any processes for production and service provision where the resulting output cannot be """or is not""" verified by subsequent monitoring or measurement "
(the """or is not""" part is new in the 2016 version).
What are the implications of this requirement to be fulfilled?
- The organization needs to identify those processes that fit the description
- Any process that the organization identify as above shall be validated
How do we fulfill the requirement?
One way to fulfill the requirement is to follow the following steps:
1 - Define a process/procedure review all the organization processes for production and service provision to verify a criteria
2 - Define the criteria as "processes where the resulting output cannot be or is not verified by subsequent monitoring or measurement"
3 - Apply the procedure and criteria
4 - Have a list of identified processes that fit the criteria
5 - Validate these processes
6 - Apply the procedure and criteria anytime a new process is added or a current process is modified.
These steps and activities would in principle fulfill the requirement.
Unfortunately, most of the organizations I know simply identify (not in a systematic way) some processes that they know are usually considered "special" (which is the term usually used for the processes that require validation) such as soldering, sterilization, etc., and validate those, and that's the way they to fulfill the requirement.
Last edited: