ISO 13485:2016 QMS: Outsourced Processes

J

Jscivi

#1
Hello,
I am a biomedical engineer and I am currently starting a medical device start-up in Europe with a colleague and I am in charge of putting into place the QMS (ISO 13485:2016) of the company. I have little experience in that field (apart from some exposition in a previous start-up I worked for), but I have been reading a lot of various standards and quality manuals from other companies to get an idea on how it works. I am therefore happy to have found your forum!

To be brief, we develop a medical device (Class IIa, for CE Mark) that can be controlled by a smartphone-based application, that we are also developing.

We plan on sub-contracting the manufacturing of the medical device. Basically, we would only provide the products specifications of the device (but not the design of the internal electronics/mechanics) to the supplier. The supplier will be in charge of designing the electronics/mechanical systems + manufacturing + testing.
Our company will be mostly focused on the mobile application development.

My question is the following:


While developing the QMS, in particular defining the difference processes and procedures, how do we manage processes/procedures that will be undertaken by our supplier? In particular, what are the various scenarios if the supplier:
- Doesn’t have a QMS
- Has a QMS as per ISO 9001
- Has a QMS as per 13485

For example (Regarding manufacturing), if the supplier doesn’t have a QMS, do we need to write procedures regarding the manufacturing of the device and ask the supplier to comply to them (+ make audits)? And if he has a QMS, does that mean that we don’t need to write any procedures regarding manufacturing, and assume everything is good? Or do we still need to write a procedure and then make sure that the supplier's QMS complies with it?

Thank you in advance for your time and help! :bigwave:
 
Elsmar Forum Sponsor

yodon

Staff member
Super Moderator
#2
Re: QMS: Outsourced Processes

There's yet a 4th scenario (derivative of the 3rd):
- Has a QMS per 13485 but not registered through an accredited Notified Body
- Has a QMS per 13485 but IS registered through an accredited Notified Body

If not with an accredited NB (or any of the other scenarios), they would be subject to audit by your NB.

In all cases, you're ultimately responsible so you have to ensure all the required elements are fulfilled. The path of least resistance is having a CM that is registered with an accredited NB. (The field is shrinking so be aware!)
 

somashekar

Staff member
Super Moderator
#3
Re: QMS: Outsourced Processes

You cannot define the processes and procedures if you are not experienced in manufacturing activities. So you select someone who is, and who understand your requirement. Certainly he must have a QMS per ISO 13485, for its a medical device. Make sure he understands validation and is able to identify what process validations are essential in your device manufacturing. (Perhaps with your manufacturing consultant if you can). Evaluation and selection here is the top choice, as other controls are governed from here on.
Subject the prototype you get from him through your evaluation and be responsible to freeze the procedure. Your manufacturer must be bringing up any change going ahead with your prior communication and necessary re-validation having your approval. He must also be open to your audit (directly or through a third party) as well as be open to regulatory audit. Set up such a good contract manufacturing agreement. Identify his product release procedure and records approval have the competent persons identified.
 
Last edited:

Marcelo

Inactive Registered Visitor
#4
Re: QMS: Outsourced Processes

- Has a QMS per 13485 but not registered through an accredited Notified Body
- Has a QMS per 13485 but IS registered through an accredited Notified Body
I assume you wanted to say Certification Body. Certification bodies certificate QMSs. NBs are only related to compliance with European requirements.
 

Ronen E

Problem Solver
Staff member
Moderator
#6
Re: QMS: Outsourced Processes

I assume you wanted to say Certification Body. Certification bodies certificate QMSs. NBs are only related to compliance with European requirements.
Many (most?) NBs are also accredited certfication bodies, so the distinction becomes almost academic. I guess that the confusion comes from the use of the word "accredited". NBs (in their position as a NB, not as a CB) are not "accredited" but are instead "notified" by the Member State they are registered in.

I think that Don's advice to look for NB-certified CMs is good regardless, due to the MDD clause that states that a NB auditing a manufacturer (the spec developer in that case) needs to take into account assessments made under the CE framework of interim stages in the device's manufacture, i.e. any relevant assessment already done by a NB. The practical meaning of that clause is to avoid double auditing under the same rules, so if the CM is already certified by a NB it means another NB won't reaudit it without a solid cause.
 

Ronen E

Problem Solver
Staff member
Moderator
#7
Hello,
I am a biomedical engineer and I am currently starting a medical device start-up in Europe with a colleague and I am in charge of putting into place the QMS (ISO 13485:2016) of the company. I have little experience in that field (apart from some exposition in a previous start-up I worked for), but I have been reading a lot of various standards and quality manuals from other companies to get an idea on how it works. I am therefore happy to have found your forum!

To be brief, we develop a medical device (Class IIa, for CE Mark) that can be controlled by a smartphone-based application, that we are also developing.

We plan on sub-contracting the manufacturing of the medical device. Basically, we would only provide the products specifications of the device (but not the design of the internal electronics/mechanics) to the supplier. The supplier will be in charge of designing the electronics/mechanical systems + manufacturing + testing.
Our company will be mostly focused on the mobile application development.

My question is the following:


While developing the QMS, in particular defining the difference processes and procedures, how do we manage processes/procedures that will be undertaken by our supplier? In particular, what are the various scenarios if the supplier:
- Doesn’t have a QMS
- Has a QMS as per ISO 9001
- Has a QMS as per 13485

For example (Regarding manufacturing), if the supplier doesn’t have a QMS, do we need to write procedures regarding the manufacturing of the device and ask the supplier to comply to them (+ make audits)? And if he has a QMS, does that mean that we don’t need to write any procedures regarding manufacturing, and assume everything is good? Or do we still need to write a procedure and then make sure that the supplier's QMS complies with it?

Thank you in advance for your time and help! :bigwave:
Hello Jscivi and welcome to the Cove :bigwave:

With regards to the contract manufacturer's QMS, I assume you meant "has no doumented QMS". In the most general sense, a QMS is a collection of policies, processes and practices. Almost all contemporary manufacturers have a QMS within that broad meaning. A manufacturer in the medical industry which has absolutely no QMS would be rare (however, if you do find such one I would definitely avoid it!).

Further, I would advise you to also avoid manufacturers that have a documented, uncertified QMS (either standard), unless the manufacturers possessing the subject-matter knowledge, equipment, expertise etc. that are required specifically for your type of device are rare (in that case you'll obviously have to compromise). Some of them might actually be good, but in your position you don't have the ability to verify that they're compliant and that their quality practices suffice, and the ride will be rougher. Having a certified QMS will be a better starting point (not meaning in any way that it will guarantee a smooth ride).

In my opinion a certification to ISO 13485 is not essential. Definitely the MDD and ISO 13485:2003 don't currently require that of suppliers. Having an ISO 13485 certification might be an advantage over an ISO 9001 one, but not an overwhelming one so you have to evaluate the situation as a whole. The important thing is that the manufacturer has a QMS certified by a reliable, accredited/notified organization.

Regarding your relationship with the manufacturer -

As a specification developer, your QMS doesn't need to go into the nuts and bolts of processes you outsource. As already highlighted, the ultimate responsibility is yours so you must evaluate the outputs and ensure that the official (MDD) requirements are met. What I normally do when I construct QMSs for specification-developer start-ups (your situation is quite common) is place the controls over the contract manufacturer's processes in the Purchasing Control procedure, usually under a dedicated section (apart from the general controls that apply to all suppliers). Process Control / Manufactuing Control procedures are typically very light in such cases. When design is also outsourced but it's a unique/proprietary design (ie it's not an OBL situation, where you actually purchase a ready-made design owned by the CM) I include Design Control procedures even though you don't do it yourself, because it's a critical component and you need to have the design documentation anyway. This will ensure that individual design outputs (eg Design Input) are reviewed for adequacy and approved in real time and the design history is captured in full.

You may be invovled in creating / adjusting the Work Instructions, if you have any meaningful input and the CM is receptive of that, but that is not a must. After all, you hire them because they have the expertise and experience, and you don't. I would also not take the position of "policing" the routine activities at the manufacturer's premises. You do need a strong supplier evaluation and selection process and you need to follow through to ensure that you choose the right CM. Don't go to sleep after that - periodic monitoring and even on-site auditing are legitimate and important; just don't overdo it.

In short:
1. Put a lot of attention into the initial establishment of relationship with the right manufacturer (and have a backup ready).
2. Once the contract is set up let them do their work and contribute when asked for it. Intervene only if serious breakdowns occur.
3. Monitor the outputs (all key documentation) and audit the manufacturer's performance on a periodic basis.

I hope I covered the main aspects, let me know if something doesn't make sense to you or seems to be missing.

Cheers,
Ronen.
 
J

Jscivi

#8
Hello,
Thank you all for your responses. In particular Ronen for the clarifications and recommendation when selecting the Supplier in terms of its QMS.

It actually responds to my main questions. I might repost another question in the near future if I have other questions.

Thank you again to you and all the others.

Have a great day!
 

pkost

Trusted Information Resource
#9
I think the status of the subcontractor is somewhat irrelevant.

From the description provided, OP will be "manufacturer" as defined by the directive and therefore responsible for product.

OP must develop a specification for the subcontractor, detailing his requirements. OP must the assure himself that his subcontractor is capable of meeting the requirements to his satisfaction. This is achieved by:
1. Defined Product specification
2. Supply/Technical agreements
3. Supplier assessment
4. Supplier performance review (ongoing)

The supplier assessment can be a number of methods depending on the risk of the supplier; it can be cursory based on the contractor holding appropriate certifications i.e. 13485 or 9001. Or it could be a site audit by OP.

In defining processes for your QMS state how you control the processes through oversight and governance
 
#10
Hello guys,
:bigwave:
Need some guidance here.
We are a Class I medical device start up firm. We have outsourced our industrial design (plastics) to a contract manufacturing vendor, which is ISO 9001 certified. They are fairly co-operative in sharing their manufacture control documents for the plastic and mechanical parts (final assembly and testing will still be done in our premises.
What additional type of controls and documentation should we put place in place (at our end and vendor end) so that we are able to satisfy quality requirements as per ISO13485 norms? Or do we absolutely have to manufacture from only ISO 13485 certified vendors?

Thanks
 
Thread starter Similar threads Forum Replies Date
M ISO 13485-2016 online certification ISO 13485:2016 - Medical Device Quality Management Systems 3
S Supplier Management ISO 13485: 2016- Which supplier needs to fill in a self assessment form? ISO 13485:2016 - Medical Device Quality Management Systems 6
D Definition of equipment for ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 1
M ISO 13485:2016 Complaint Definition Clarity Customer Complaints 2
C ISO 13485 :2016 - CAPA - Does every CAPA need to be checked by regulations? ISO 13485:2016 - Medical Device Quality Management Systems 9
P ISO 13485:2016 MDSAP Certification Fee Survey ISO 13485:2016 - Medical Device Quality Management Systems 6
K Contamination Control - Class Is medical devices (Clause 6.4.2 ISO 13485:2016 (E)) ISO 13485:2016 - Medical Device Quality Management Systems 12
H ISO 13485:2016 Gap Analysis by NB ISO 13485:2016 - Medical Device Quality Management Systems 7
S SOP for ISO 13485:2016 Quality related Software validation ISO 13485:2016 - Medical Device Quality Management Systems 9
JoCam Difference between Approval and Registration - ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 2
K ISO 13485:2016, Clause 4.2.3 Medical Device File ISO 13485:2016 - Medical Device Quality Management Systems 4
T Document control ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 5
A We are ISO 13485:2016 should we be audited to ISO 14971 ISO 13485:2016 - Medical Device Quality Management Systems 16
E Equipment Qualification - IQ/OQ per ISO 13485:2016 section 7.5.6 Process validation ISO 13485:2016 - Medical Device Quality Management Systems 7
S Clinical Evaluation - Is this an ISO 13485:2016 requirement? ISO 13485:2016 - Medical Device Quality Management Systems 4
L ISO 13485:2016 Clause 8.4 - Analysis of Audit Observations ISO 13485:2016 - Medical Device Quality Management Systems 8
S When is ISO 13485:2016 6.4.2 Contamination Control appropriate? ISO 13485:2016 - Medical Device Quality Management Systems 11
L Templates for three ISO 13485:2016 SOPs ISO 13485:2016 - Medical Device Quality Management Systems 8
C What falls under the 'Customer Property' according to ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 10
M Is it possible to get iso 13485:2016 certified as a one man band ISO 13485:2016 - Medical Device Quality Management Systems 1
F ISO 13485:2016 Quality Policy Requirements Other ISO and International Standards and European Regulations 13
M Contract Manufacturers and MDF Responsibilities, ISO 13485:2016, Clause 4.2.3 ISO 13485:2016 - Medical Device Quality Management Systems 3
J ISO 13485:2016 sample exam/test ISO 13485:2016 - Medical Device Quality Management Systems 3
M Informational Questionário – Análise crítica sistemática – ISO 13485:2016 (Portuguese-only) Medical Device and FDA Regulations and Standards News 0
M Informational ISO 13485:2016 under systematic review Medical Device and FDA Regulations and Standards News 5
C Updates on Documentation for outsourced OEM from ISO 13485:2003 to ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 4
GStough Informational SN EN ISO 9001:2015 and SN EN ISO 13485:2016 on Same Certificate? Registrars and Notified Bodies 7
E MDSAP Audit - Our QMS conforms to ISO 13485:2016 and FDA GMP Canada Medical Device Regulations 9
Ronen E Informational ISO 13485:2016 Transition Period End - 1 March 2019 ISO 13485:2016 - Medical Device Quality Management Systems 0
B ISO 9001:2015 vs ISO 13485:2016 for MDR Compliance EU Medical Device Regulations 4
T ISO 13485:2016 - Processes exempt from process validation ISO 13485:2016 - Medical Device Quality Management Systems 12
C Medical device manufacturing (class 2 ISO 13485:2016) - Is a Deviation allowed? Other Medical Device Related Standards 5
J EU ISO 13485:2016 Recertification Audit - Effect of 10 Minor Nonconformances EU Medical Device Regulations 2
E Template of a Management Review Agenda or Report in compliance with ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 6
J ISO 13485:2016 Section 6.2 - Documenting the process for establishing competence ISO 13485:2016 - Medical Device Quality Management Systems 6
Q Any good Checklists for ensuring SOPs cover ISO 13485:2016 and 21CFR 820? ISO 13485:2016 - Medical Device Quality Management Systems 3
H Transition to ISO 13485:2016 together with ISO 9001:2015 ISO 13485:2016 - Medical Device Quality Management Systems 12
B Classes/ Online Training on ISO 13485:2016 and FDA QSR Part 820 ISO 13485:2016 - Medical Device Quality Management Systems 5
T Software Validation Certificate (ISO 13485:2016) ISO 13485:2016 - Medical Device Quality Management Systems 19
D ISO: 13485:2016 Sec. 7.5.2 (C) - Requirements for cleanliness of product or contamination control ISO 13485:2016 - Medical Device Quality Management Systems 2
M Internal Audit Assessment Criteria - ISO 13485:2016 Internal Auditing 21
C Software validation (4.1.6 ISO 13485:2016) ISO 13485:2016 - Medical Device Quality Management Systems 20
L Does anybody have quiz's available? ISO 13485:2016 Training Material Training - Internal, External, Online and Distance Learning 2
G ISO 13485:2016 and regulatory requirements - Contract Manufacturing ISO 13485:2016 - Medical Device Quality Management Systems 22
S ISO 13485:2016 and GDRP EU 2016/679 ISO 13485:2016 - Medical Device Quality Management Systems 5
JoshuaFroud Interpretation of Clause 5.5.2 in ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 2
R CNC Software Validation requirements as per ISO 13485:2016 Other ISO and International Standards and European Regulations 8
A ISO 13485:2016 Applicable regulatory requirements ISO 13485:2016 - Medical Device Quality Management Systems 2
R ISO 13485:2016 Registration - NC on full cycle of internal audits ISO 13485:2016 - Medical Device Quality Management Systems 7
C Will anyone please share training material for ISO:13485:2016 for best practices Training - Internal, External, Online and Distance Learning 0

Similar threads

Top Bottom