ISO 13485 and CE certification strategy

[Galac]

My company has started the CE certification process under the new MDR 2017/745 regulation. We hope to be certified by the end of 2023.
Our ISO 13485:2016 certificate expires in Nov 2023.
What would be the advantages/disadvantages of an ISO 13485:2021 certification by a certification body on one hand and a CE certification by our NB on the other hand?
As CE certification implies a review of the QMS, obtaining ISO 13485 makes the SMQ reviewed twice, doesn't it?
What's your opinion please? Thank you.

 

[shimonv]

Better to have the ISO and CE audit performed by the same certification body, in your case a notified body. Otherwise, you'll end up dealing with two somewhat overlapping audits that will cost you more. I don't see any real advantage in separating the ISO from the CE certification process.

Cheers,
Shimon

 

[Ed Panek]

We try to unify any regulatory work with the same supplier. More work=more $$=more responsiveness

 

[EmiliaBedelia]

My company has started the CE certification process under the new MDR 2017/745 regulation. We hope to be certified by the end of 2023.
Our ISO 13485:2016 certificate expires in Nov 2023.
What would be the advantages/disadvantages of an ISO 13485:2021 certification by a certification body on one hand and a CE certification by our NB on the other hand?
As CE certification implies a review of the QMS, obtaining ISO 13485 makes the SMQ reviewed twice, doesn't it?
What's your opinion please? Thank you.

It sounds like you are asking why you want both 13485 and CE certification... The answer is that not all regions accept one or the other. ISO 13485 is very widely accepted worldwide. CE certification is specific to the EU and would not necessarily bridge to other jurisdictions. However you do need CE certification to meet the requirements of Annex XI so that is not optional for the EU.
Yes this means you have 2 QMS certifications that are largely similar - as mentioned above, however, if you use the same body for CE and ISO (and MDSAP, if you go for that), they will be able to cover the requirements more efficiently and minimize your cost/effort.

 

[Galac]

It sounds like you are asking why you want both 13485 and CE certification... The answer is that not all regions accept one or the other. ISO 13485 is very widely accepted worldwide. CE certification is specific to the EU and would not necessarily bridge to other jurisdictions. However you do need CE certification to meet the requirements of Annex XI so that is not optional for the EU.
Yes this means you have 2 QMS certifications that are largely similar - as mentioned above, however, if you use the same body for CE and ISO (and MDSAP, if you go for that), they will be able to cover the requirements more efficiently and minimize your cost/effort.

Dear Emilia,

You have understood my questions well and indeed, my point was to see to what extent we can gain in efficiency and cost/time. I have this feeling with our NB that they question several times things that they have already reviewed and validated several times and that with each new auditor, we sometimes end up with different opinions. I am surprised, for example, that during our ISO 13485 audits we have very few remarks and that suddenly for the MDR, they find about twenty "Critical" NCs concerning our QMS. It is as if they were devaluing the audit work they have done over the past years. I don't know if I'm making myself clear.
Don't think I'm denigrating the work of the NBs, I just regret the lack of consistency and common sense sometimes.
Anyway, I was wondering if there was a way to streamline the QMS audits.

But I completely agree with you about ISO13485, insofar as we are deploying internationally, I don't see how we could do without this certificate.

Thank you very much for taking the time to reply.

 

[Sidney Vianna]

Yes this means you have 2 QMS certifications that are largely similar

Not really. A CE Mark is a designation of product attestation of conformity. It might have a component of a quality system in its conformity assessment process, but a CE Mark is NOT a system certification.

 

[EmiliaBedelia]

Not really. A CE Mark is a designation of product attestation of conformity. It might have a component of a quality system in its conformity assessment process, but a CE Mark is NOT a system certification.

You are correct, but I'm not referring to product CE marking, I am referring to the quality management certificate which is issued by the NB specifically in reference to the QMS (ie, per MDR Annex IX). The NB issues a EU quality management certificate when they inspect the QMS, even if the manufacturer is using a harmonized standard to fulfill the requirements of the regulation. I'm specifically referring to that certificate.

Dear Emilia,
I am surprised, for example, that during our ISO 13485 audits we have very few remarks and that suddenly for the MDR, they find about twenty "Critical" NCs concerning our QMS.

In my experience NBs have been extremely stringent about MDR - it's not a knock on your existing QMS, it is just that this is a whole new ball game.
From a logistical perspective, my NB is generally pretty efficient about combining audits - we will often have a giant 4-5 day audit with several auditors that covers MDD, MDR, and MDSAP all in one. Yes, it is definitely a challenge, but the auditors don't really like doing duplicative work either so I've generally found the NB to be helpful in coordinating as much as possible (your mileage may vary depending on how cooperative your NB is in general).

 

[Sidney Vianna]

I am surprised, for example, that during our ISO 13485 audits we have very few remarks and that suddenly for the MDR, they find about twenty "Critical" NCs concerning our QMS. It is as if they were devaluing the audit work they have done over the past years. I don't know if I'm making myself clear.
Don't think I'm denigrating the work of the NBs, I just regret the lack of consistency and common sense sometimes.

Certification to ISO Management System Standards has been commoditized and trivialized for 20+ years now. Accreditation has been devalued and certification is pretty much an assured outcome with many bad actors with questionable ethics who employ bozos as auditors (apologies to bozos out there). Therefore, the results of such audits are highly questionable and, despite IAF's propaganda of "certified once, recognized everywhere" are just empty words blowing in the wind subjected to strong gusts.

Notified Bodies, on the other hand, are under tremendous level of scrutiny by the Authorities and, since a number of high profile legal cases, like the PIP debacle in France, they are managing their risks very carefully, including leaving markets, when no proper other mitigation channels are available. Anyone somewhat knowledgeable about the current context for NB’s know the challenge in recruiting people with high degree of technical competence. When you ARE part of a REGULATORY approval process, risks are much higher compared to voluntary conformity assessment services....