ISO 13485 Certification Scope

TheMunster

Registered
I work for a small company that is in the process of establishing our ISO 13485 certification. We are entirely virtual. We design the class 3 medical device, send the specifications to a CMO who manufacturers the device, tests it, sterilizes it, and ships directly to our distribution centers. We do not modify, relabel, or touch the devices at all prior to implant. Since our company name and logo are on the label, we need to maintain that we are the "manufacturer" as defined by the standard. Which path forward would be more applicable for us?

1. List process control, process validation, etc. as non-applications in the Quality Manual by stating our expectations will be documented in a Quality Agreement with our suppliers? This way we maintain responsibility but I don't have to write a slew of SOPs we are not going to use.
2. Suck it up and write the SOPs for what my companies expectations are. Even if we are not executing the process, we need to write down how we would.
 

yodon

Leader
Super Moderator
No need to write SOPs you don't use. Acknowledging that you outsource it but still maintain responsibility should be sufficient.

You might be challenged if your CMO is not holding 13485 certification (with your needs in scope).
 

William55401

Quite Involved in Discussions
Through supplier controls, you exercise oversight of the CMO. Your quality agreement needs to be robust. What role does your org play in approving manufacturing process changes? When must the CMO notify you of a process change? What is your oversight for CMO process validation (including sterilization)? What role does your firm play in batch release / DHR review? How are customer complaints handled? How does that information flow between organizations? Think about each element of the standard and decides how it applies (or not) and get it into the quality agreement.
 

ChrisM

Quite Involved in Discussions
Ideally your CMO should have ISO13485 certification. Irrespective of this, you should maintain oversight, maybe by getting them to keep you updated with nonconformances/reject information, rework tasks undertaken etc plus you may wish to have a copy of some or all of their internal process documentation, and impose a requirement that you have to approve any "significant" changes to any of their internal processes/procedures/work instructions. You could also have a brief conference call every couple of weeks with some of their key staff such as representatives of their manufacturing and quality departments, to make sure you are aware of what is going on, be it "everything is normal" or "we have a few issues, which are....."
 
Top Bottom