Fast ISO13485:2003 Implementation - What would you do first?

K

Katydid

Help!!! I just received a directive that I can't change. Per the owner, we will change our surveillance audit on September 26th from ISO9001:2000 to be a registration to ISO13485:2003. The managers here don't mind if we end up with some majors as long as at the end of the corrective action period we have the certificate to ISO13485:2003. :frust:

What would you do first? I found the Internal Quality Management System Audit Checklist (ISO 13485:2003/ISO 9001:2000) checklist in the links, but is there anything that might get me focused on the most critical areas first?

My biggest problem I forsee is that we do not employ Risk Management. Do we have to do this for all of our products, or can we do it on a broader scale?

Also, If you had the option, would you remove the continuous improvement and customer satisfaction from your system to make it easier, or if your system was working, would you just leave it.

Here is my general gameplan, any input would be appreciated:

1) Gap analysis (that's why I need a quick checklist)
2) Fill as many gaps as possible in next 3 weeks - Including changing quality
policy and objectives
3) Train, train, train for at least a week
4) Try to fit in an internal audit and a Management Review prior to
September 26th.

YIKES, can you tell this task has me on edge this afternoon. :mad: I just need some calming words and direction before I loose focus on the goal, a 6 1/2 week transition to ISO13485:2003. By the way, I ordered ISO13485, ISO14971, ISO TR 14969, and ISO 19011 today, but I am guessing I won't be able to digest it all before I need to start writing/implementing/auditing/ etc. our new system. HELP!!!

Thanks so much for listening! :thanks:
 
A

Aaron Lupo

Katydid said:
Help!!! I just received a directive that I can't change. Per the owner, we will change our surveillance audit on September 26th from ISO9001:2000 to be a registration to ISO13485:2003. The managers here don't mind if we end up with some majors as long as at the end of the corrective action period we have the certificate to ISO13485:2003. :frust:

What would you do first? I found the Internal Quality Management System Audit Checklist (ISO 13485:2003/ISO 9001:2000) checklist in the links, but is there anything that might get me focused on the most critical areas first?

My biggest problem I forsee is that we do not employ Risk Management. Do we have to do this for all of our products, or can we do it on a broader scale?

Also, If you had the option, would you remove the continuous improvement and customer satisfaction from your system to make it easier, or if your system was working, would you just leave it.

Here is my general gameplan, any input would be appreciated:

1) Gap analysis (that's why I need a quick checklist)
2) Fill as many gaps as possible in next 3 weeks - Including changing quality
policy and objectives
3) Train, train, train for at least a week
4) Try to fit in an internal audit and a Management Review prior to
September 26th.

YIKES, can you tell this task has me on edge this afternoon. :mad: I just need some calming words and direction before I loose focus on the goal, a 6 1/2 week transition to ISO13485:2003. By the way, I ordered ISO13485, ISO14971, ISO TR 14969, and ISO 19011 today, but I am guessing I won't be able to digest it all before I need to start writing/implementing/auditing/ etc. our new system. HELP!!!

Thanks so much for listening! :thanks:
Click to expand...


First off, the challenge they have given you is not as difficlt as it seems. If already have an ISO 9001 and FDA compliant system in place it should be smooth sailing. There are a few additional requirments in 13485 that you will need to implement, but I don't think there is anything that will prevent you from being ready for your Sept. audit. As far as the CI and CS portion, IMHO I would leave it in as it is good business practice. If you have any questions feel free to ask here or private message me.
 
K

Katydid

Thanks for the pep talk Aaron. :) I guess my biggest worry is the whole Risk Management requirement. If I can't get that system going quickly so that I have evidence to audit, I don't think it will work at all. What do you think would be the best approach to show risk management compliance in a short time? :confused:

The good news, is at least we are using some SPC in the plant. When I read the requirements, it sounds as if they are implying we would need it on all of our products. Can we just single out certain ones and have that be enough, can we just refer to some of our Management Measurable statistics, or what do you think the auditor will be looking for? If we do single out only certain products, do I need something stating that the risks are low enough on other products that we don't require it? Do I have to do FMEA's on everything???

By tomorrow, I will have digested this whole idea more, but since I am fairly new to medical (about 1 year) and I have never worked with ISO13485, it is a little scarier than my comfortable home in ISO9001!
 
Al Rosen

Al Rosen

Leader
Super Moderator
Katydid said:
Thanks for the pep talk Aaron. :) I guess my biggest worry is the whole Risk Management requirement. If I can't get that system going quickly so that I have evidence to audit, I don't think it will work at all. What do you think would be the best approach to show risk management compliance in a short time? :confused:

The good news, is at least we are using some SPC in the plant. When I read the requirements, it sounds as if they are implying we would need it on all of our products. Can we just single out certain ones and have that be enough, can we just refer to some of our Management Measurable statistics, or what do you think the auditor will be looking for? If we do single out only certain products, do I need something stating that the risks are low enough on other products that we don't require it? Do I have to do FMEA's on everything???

By tomorrow, I will have digested this whole idea more, but since I am fairly new to medical (about 1 year) and I have never worked with ISO13485, it is a little scarier than my comfortable home in ISO9001!
Click to expand...

I don't believe you can just say that the risks are low enough on a product so it doesn't require risk management. You need to identify the risks and justify not requiring risk reduction. Each product or similar products require risk analysis, evaluation and control. The risk is not just with failure modes but the risks associated with normal use.
 
K

Katydid

Al Rosen said:
I don't believe you can just say that the risks are low enough on a product so it doesn't require risk management. You need to identify the risks and justify not requiring risk reduction. Each product or similar products require risk analysis, evaluation and control. The risk is not just with failure modes but the risks associated with normal use.
Click to expand...


So we do need documented risk analysis on each product? I am asking because we run thousands of part numbers with extremely different configurations in quantities of 5 to 100. We are completely a job shop with the exception of two dedicated lines. Any suggestions on a manageable method?
 
Al Rosen

Al Rosen

Leader
Super Moderator
Katydid said:
So we do need documented risk analysis on each product? I am asking because we run thousands of part numbers with extremely different configurations in quantities of 5 to 100. We are completely a job shop with the exception of two dedicated lines. Any suggestions on a manageable method?
Click to expand...
Try to keep it to similar products. Although you might have different part numbers, all scalpels would be treated as having the same risks and you would have one risk management file for scalpels.
 
K

Katydid

Aaron Lupo said:
Katy-

What exactly do you make?
Click to expand...


We make a wide variety of medical devices including implants and surgical instruments. Each implant is easy to group by family, we only have about 10 of them. The instruments, on the other hand, are made for many different customers and are used for wide varieties of applications. Most are on the "Custom" end of things with up to 200 different components per instrument and are used as a tool for the surgeon who is perfoming an orthopaedic replacement surgery. We do have a few families, but we make so many customs that would be impossible to group, from cement guns, to lag screws, to inserters, to cannulated awls, to impact pliers, to dead blow hammers, to wrenches, to calipers..... all with small quantities, and varying applications. I am just not sure the most efficient way to :ca: since each job we run may have its own fixtures, programs, let alone process flow. We also outsource the tincoat, annodize, heat treat, electropolish, etc. operations. These I have validation for, if that helps.
 
D

Doug Tropf

Quite Involved in Discussions
Katy,

We seem to be on similar paths. My company is a medical device contract sterilizer (ETO) and we have just started transitioning from ISO9001 to ISO13483:2003.

I am presently reworking our QM and have found ISO/TR 14969 to be very helpful.

I too am struggling with risk management since we don't actually design or produce any product. ISO 14971 was somewhat helpful but still leaves alot of grey areas as to how to actually apply risk management to our type of operation.

I guess I should feel fortunate, compared to you, as we are targeting to get everything ready for certification by the end of the year.

Good luck with your transition, if I come across anything that might be helpful I'll send it your way.

Doug Tropf
 
You must log in or register to reply here.

Similar threads

Danielkim
ISO13485 Customer Satisfaction Survey?
Replies
8
Views
595
Danielkim
Danielkim
R
ISO13485 for Non-Device Medical Image Storage Software
Replies
2
Views
357
rjwelty
R
J
ISO 13485 - Control of Records (4.2.5) question
2
Replies
10
Views
687
Tidge
T
T
Finally got a proper quality job - now do I know enough to do it?
2 3
Replies
27
Views
1K
toniriazor
T
D
QMS Overload
2 3 4
Replies
37
Views
2K
Sidney Vianna
Sidney Vianna
Top Bottom