ISO 13485 IAF Medical Device Conformity Assessment System IAF-MDCAS

G

gramaley

FDA RECOGNITION OF ISO 13485 – THE REASONS FOR AND AGAINST
There has been a lot of pressure on the FDA to explore recognition of ISO 13485. After all, the FDA belongs to TC 210, which rewrote ISO 13485:2003 to address a lot of FDA requirements in Part 820. The FDA even conducts some ISO 13485 awareness training for new FDA inspectors. The FDA has stated that ISO 13485 covers at least 90% of the QSR. Given that the FDA is so far behind on performing QSR inspections, one must wonder why they had not adopted ISO 13485 as a recognized standard.

The FDA is concerned about the legitimacy of ISO 13485 audits, and for good reason. Not all ISO certificates are as credible as they should be. However, not performing inspections at all is a far worse threat to public health. That is why the FDA has to explore using ISO 13485 in some capacity.

GAO REPORT ON FDA FOREIGN INSPECTION – One inspection every 27 years!
The most recent Government Accountability Office's report on FDA inspections indicates that foreign medical device manufacturers get inspected on average; once in 27 years, and just once in 6 years for the highest risk devices. Foreign manufacturers who think US manufacturers have an upper hand in trade to our region are not aware of this reality. You can download and read the report yourself (Google “GAO report FDA inspections”). I don't have enough "post counts" on this website to provide any links. I apologize. Please add them.

FDA RESISTANCE TO ISO 13485 and FAILURE of the THIRD PARTY CAB PROGRAMS
There has long been a tremendous resistance by the FDA to using anything other than the Quality System Inspection Technique (QSIT) for “audits”. However, two noteworthy attempts to introduce FDA inspections through third party CABs have been attempted, but met with utter failure. The first attempt occurred under the EU/US MRA. The second attempt has occurred with Canada under the Pilot Multipurpose Audit Program (PMAP) In both cases European, Canadian and even US manufacturers that looked into these programs found that their regular CE or ISO 13485 CMDCAS audits were going to have several more days added to them to cover FDA Part 820 (Quality System Regulation). Under the EU/US MRA and now under PMAP, these audits appear at first to be one audit. In reality, they are two audits conducted at the same time; a QSIT inspection conducted together with either a "CE" QS audit or ISO 13485 CMDCAS audit. The first attempt by FDA to use third party auditors for QSIT occured in Europe and failed miserably. Of 5000 companies that were invited to use the Third Party system under the EU/US MRA attracted fewer than 10 companies.

FDA PMAP and PRESSURE ON INDUSTRY
In a more recent attempt with Canada, which is still ongoing, the FDA has created a list of 300+ companies that have ISO 13485 CMDCAS certificates, (which they got from Health Canada). The FDA contacted these companies; especially of they had not had a recent FDA inspection, and explained that they were overdue for an FDA inspection and eligible for to participate in the new Pilot Multipurpose Audit Program (PMAP). The benefit being they would not undergo a full blown FDA inspection using regular US FDA inspectors.

The target companies were offered an opportunity to escape the FDA’s regular inspection if they participated in PMAP. Keep in mind, most companies in Canada have never seen an FDA inspector, if the GAO report is true. As a result, less than a 6 companies volunteered to participate. When the FDA saw they weren’t attracting interest, they called the companies and told them they were going to get an FDA inspection. As many as 30 more companies then signed up out of the 300, but only under what was perceived to be an unveiled threat. FDA QSIT audits can range from 5-30 days, depending on a number of factors. PMAP audits are shortened to one week. However, many ISO 13485 certified companies are concerned they may not pass a QSIT audit. Many ISO 13485 companies do not specifically address Device History Record requirements and more robust “Complaint File” requirements that only exist in the QSR. Company’s that do address these sections in their ISO 13485 oriented QMS should do alright. Manufactures still continue to remain very uneasy with QSIT.

ISO 13485’s IMPACT ON ROUTINE FDA INSPECTIONS
ISO 13485 certification should greatly help the FDA adjust its inspection priorities. Routine inspection priorities should be impacted by a company’s ability to produce a credible ISO 13485 certificate. The FDA’s “risk-based” approach to setting inspection priorities should then shift FDA inspection resources to areas that pose a greater risk to public health. This would be aided if ISO 13485 certificates were more credible and the auditing more transparent.

THE FUTURE OF ISO 13485 CERTIFICATION
At this moment a new ISO 13485 accredited certification program for medical device manufacturer is being developed. It is specifically designed as an Accredited Certification program for ISO 13485. It is being development at the International Accreditation Forum .iaf.nu. There is an article on the new IAF Medical Device Conformity Assessment System on the internet at MD&DI titled: “Nations May Soon Have Out-of-the-Box Auditing Option”. I’d appreciate it if someone could post a link to it for me, since I cannot. The program was recently re-titled MDCAS; from its previous name GMDCAS, for foreign language purposes. They are one and the same program.

THE INTRACTABLE LINK OF HEALTHCARE AND MEDICAL DEVICE TRADE
This is a concern for all medical device industry. Already we have witnessed ISO 13485-type QMS audits being required under national regulations (e.g. Canada, Japan, Taiwan, Brazil to name a few). Many more countries are heading in the same direction. This has had a real adverse impact on healthcare systems. Numerous safe and effective medical devices are now illegal in some of these countries. Preventing healthcare professionals from getting hold of vital tools they need to treat their patients has been grossly underestimated by regulators. Those that are responsible for protecting the public health have inadvertently caused unnecessary harm to the healthcare systems they have an obligation to protect. This adverse impact is multiplied several fold when smaller economies that are more heavily reliant on imported devices do the same, but nearly all countries import more medical devices than they export. It affects them all. This is a huge world health concern that is directly linked to a barrier to trade – failure to recognize ISO 13485 certificates.

IAF MEDICAL DEVICE CONFORMITY ASSESSMENT SYSTEM (MDCAS)
The IAF working group for the medical device is currently promoting awareness of the new accredited ISO 13485 certification program it is developing, yes, even before it is completed. We need to stem the tide of national versions of the same ISO 13485 certification systems that would undermine their healthcare objectives. I've had numerous conversations with representatives from many different countries and the prospects are excellent for the new IAF MDCAS accreditation program, especially in developing countries that want to adopt the GHTF guidance. We also have a great deal of direct support in our working group from BSI, TUV, LNE and UL. They are all participating in shaping this program for much the same reasons industry is concerned. CABs cannot continue to carry a separate accreditation for each and every country that wants one. An internationally accredited ISO 13485 certification program must first be developed. Harmonization is nothing without a system for Recognition. This is a system for recognition based on harmonized GHTF guidance and ISO standards.

MORE CREDIBILITY, MORE TRANSPARENCY, MORE ACCEPTANCE
Using the IAF MDCAS will allow greater transparency into ISO 13485 certified companies. Regulatory authorities that participate in the program by acknowledging ISO 13485 IAF MDCAS certificates in their medical device regulations will also have access to audit reports from ABs, CABs in addition to the audit report of the medical device manufacturer. All they must do to activate their participation is add the ISO 13485 IAF-MDCAS certificate to their medical device regulation and contact a participating ABs and CABs involved in the accreditation and certification activities. This program is commited to serving countries need a more credible ISO 13485 certificate to support their medical device regulations.

Further benefits from IAF MDCAS could be utilized as ISO 13485 auditors are more likely to speak the foreign tongue of the manufacturer’s personnel. How many Chinese, Swahili or Arabic speaking inspectors does the FDA have? The GAO report emphasizes this as one of the FDA’s greatest challenges. We all know it as an area of difficulty for many CABs as well. The IAF has more than 50 countries involved to provide a great deal more diversity in cultural and language barriers that are often too difficult to overcome during audits.

The new IAF Medical Device Conformity Assessment System will improve the credibility and transparency of ISO 13485 certification audits. This program will best serve medical device’s global demand for mutual acceptance of ISO 13485 certification. IAF MDCAS also enforces the guidance of the Global Harmonization Task Force SG-4. Medical Device Regulators must become more aware that using the existing ISO 13485 standard in a more broadly accepted and credible way, is the best way to sustain its healthcare system's need for medical devices, while adding protection for public health that does not deviate from what manufacturers have grown accustom to.

Grant Ramaley
Chairman
Regulatory Affairs and Standards Committee
Dental Trade Alliance

Convener for IAF Working Group
ISO 13485 Medical Device Conformity
Assessment System (IAF-MDCAS)
 
Last edited by a moderator:

Sidney Vianna

Post Responsibly
Leader
Admin
The FDA is concerned about the legitimacy of ISO 13485 audits, and for good reason. Not all ISO certificates are as credible as they should be. However, not performing inspections at all is a far worse threat to public health. That is why the FDA has to explore using ISO 13485 in some capacity.
Grant, welcome to The Cove. Excellent information. This information "vindicates" my broader position concerning Regulatory Agencies and CREDIBLE Management System Certification, subject of the Should Regulatory Agencies require Accredited Certification in their Respective Areas thread.

There is an article on the new IAF Medical Device Conformity Assessment System on the in MD&DI titled: “Nations May Soon Have Out-of-the-Box Auditing Option”. I’d appreciate it if someone could post a link to it for me, since I cannot.
(broken link removed)
Nations May Soon Have Out-of-the-Box Auditing Option


Erik Swain


An International Accreditation Forum (IAF) working group is developing a program that would accredit conformity assessment bodies that perform audits. This move is significant because it could allow developing nations to have a medical device–plant auditing system without reinventing the audit process. In fact, says the working group’s chairman, if the United States adopts the program, it could allow FDA to close the gap on inspection of foreign plants. (The Government Accountability Office [GAO] recently released a report stating that FDA only audits foreign medical device plants once every 27 years on average.) But it is unlikely that FDA would relinquish too much of its inspection duties.
The Global Harmonization Task Force (GHTF) has been working with developing countries to implement medical device regulatory systems. But if each of these countries requires its own inspection, that could drive small companies’ products from those markets, says Grant Ramaley, chair of IAF’s Global Medical Device Conformity Assessment System (GMDCAS) working group.
“As it stands now, it is an eventuality that more countries will inadvertently suffer from loss of legal access to medical devices” when they try to implement their own regulations, says Ramaley. He is also director of regulatory affairs at Aseptico Inc. (Woodinville, WA) and chairman of the Dental Trade Alliance’s Regulatory Affairs and Standards Committee.
For example, he says, “Aseptico sold $17,000 worth of product to Chile in 2005. This is typical for most small manufacturers. Would we then invite a Chilean audit, simply to keep such a tiny market open? The answer is a resounding no. Multiply that ‘no’ among small medical device manufacturers, and you can envision the healthcare crisis that would result [in these markets].”
It does not make sense for manufacturers to submit to separate audits for every single country in which they want to sell, especially if most of those nations are using ISO 13485 as the basis for their national standard, he explains. At the same time, he says, conformity assessment bodies that perform the audits are not interested in spending the time and money to maintain individual accreditations with so many smaller countries.
A better way, he says, would be to have one inspection cover a plant’s quality system compliance, which would determine its suitability to export to multiple countries. In turn, one accreditation would enable third-party conformity assessment bodies to perform duties for multiple countries.
And that is what the GMDCAS is attempting to accomplish. Members of the working group held their second meeting in March. It will be at least another year before anything is published, Ramaley says. Both the GHTF and AdvaMed have endorsed the creation of a single quality management certification accepted everywhere.
Ramaley even contacted Marcia Crosse, author of the GAO report. He wanted to get her feedback on the working group’s undertaking, because FDA has been unable to inspect so many foreign plants.
“There is a definite benefit to public health if we can have inspections regularly,” he says. The current FDA inspection system is failing on that front. Can the GMDCAS point to a better way?


Copyright ©2008 Medical Device & Diagnostic Industry
 
Last edited:
M

MIREGMGR

There has been a lot of pressure on the FDA to explore recognition of ISO 13485. After all, the FDA belongs to TC 210, which rewrote ISO 13485:2003 to address a lot of FDA requirements in Part 820. (...) The FDA has stated that ISO 13485 covers at least 90% of the QSR. Given that the FDA is so far behind on performing QSR inspections, one must wonder why they had not adopted ISO 13485 as a recognized standard.
Many ISO 13485 companies do not specifically address Device History Record requirements and more robust “Complaint File” requirements that only exist in the QSR. Company’s that do address these sections in their ISO 13485 oriented QMS should do alright. Manufactures still continue to remain very uneasy with QSIT.

My focus necessarily is on my employer and our customers, not world affairs, but the above quotes present some issues that could affect us.

For the record, we're FDA registered and ISO 13485 certified, and we sell in many nations. We have a number of very large multinational OEM customers, who by and large are ISO 13485 certified and are FDA registered in regard to their US operations.

Maybe I'm naive, but as a device maker with plants in two nations, my strong impression is that FDA rules and guidances are the gold standard insofar as our products' safety and effectiveness are concerned. The FDA's rules generally make sense for most of our 5000 varied products, in most regards. 13485 and the MDD are less strong, for instance in regard to supervisory attention to sterile disposables, and how radiolucency as a diagnostically important product parameter is handled. Your analysis additionally identifies 13485's lesser focus on device history files and post market surveillance/action as potential weaknesses.

So, a question:

Everyone thinks that convergence is a desirable goal, but why should the FDA move toward 13485/MDD if a technical comparison provides some degree of support for an argument that the FDA approach is more technically rigorous?

Yes, there are many more audit resources available in the 13485 system...but then that system costs companies money for participation. If the FDA imposed mandatory charges for its services, it probably could afford to enlarge its service provision considerably.
 
Last edited by a moderator:
G

gramaley

The need for IAF-MDCAS was not originally intended to replace the FDA's QSR, but to help developing countries that do not have fully developed medical device regulations of their own, but wish to create one that is harmonized with the GHTF guiding principles. The FDA's inability to inspect foreign manufacturers indicates that this ISO 13485 based certification program could help them as well. Although the FDA inspections are certainly the most impartial and rigorous, it is of little value if the inspections are not being done.

The problem is that many smaller ministries of health look at the FDA as the "gold standard" as well, but have no idea how big of a challenge it is to provide adequate surveillance activities.

Every attempt to create nationally based inspections has led to problems with trade and ultimately has had some negative impact on the healthcare systems as the new regulation is enforced. There are simply too many medical device firms around the world for any one regulator to monitor them all.

This problem is much greater for smaller economies. Smaller economies do not provide much of an incentive to the average medical device manufacturer. I can speak of the US dental market which makes 2/3 of its profits in the US and 1/3 of it profits from 170 other countries. When one of these slivers in the financial pie chart demand higher compliance costs, it is easy to understand why some manufacturers reject it. If the cost is coupled with an additional Quality System Audits, the response becomes much louder. The "off the shelf" ISO 13485 IAF MDCAS certificate is meant to be used by foreign regulators and gives them the same level of transparency as of the system was under their exclusive control.

With an estimated 140 countries having no effective way to monitor a medical device manufacturer's QMS (as suggested by GHTF), there are two choices they have currently. The third item is what IAF-MDCAS will offer.
OPTIONS

1) Accept existing FDA or other related Quality System Certs. This simply exports the responsibility of surveillance to regulatory authorities in the EU or US. This is a common practice today and works well for industry. It does however require the country adopting this approach to give up any visibility or decision making regarding what goes on in the factory.

2) They create their own national Quality System Regulation, based on FDA GMPs or ISO 13485. (e.g. JGMP, BGMP, CMDCAS,) This provides much greater visibility into the manufacturers facility and improves government accountability of the CABs, but it is wildly unpopular with medical device industry. As 80% of medical device manufacturers are small and most small companies reject this approach, at least half of all medical devices would immediately be a risk of losing their legal status under this approach. Larger companies hate having to get audited too, but they simply throw money at their regulatory department to get it done, since greater profits are at stake. In the end, these countries can only legally obtain products from the biggest companies.

3) Adopt an off the shelf ISO 13485 IAF-MDCAS accredited certificate as part of a new medical device regulation. As it is off-the-shelf, costs to industry are more attractive especially since it is designed to be acceptable for more than one country. It also provides the national regulators with access to audit reports, but does not require the manufacturer to make any changes from the existing ISO 13485 standard.

REGARDING SCOPES FOR ISO 13485 Conformity Assessment
ISO 13485 has matured a great deal, and there are "Scopes" for certification that include particular categories of devices. IS0 13485 does have particular auditing requirements for; devices requiring sterilization, implanted devices and others. IAF-MDCAS "Scopes" are being developed in a new IAF Mandatory Document for the application of ISO 17021. This will require that CABs have certain competencies before they are allowed to audit particular product categories. This occurs at the 17021 level, not at the ISO 13485 level. You are right that it is very important.

The FDA can provide the best inspection in the world, if they feel the need. They have called in outside experts and scientists from Universities whenever it has been determined necessary. This certainly an exception to normal FDA routine QSIT inspections. The scopes for competencies related to certain categories of medical device will be included in the IAF-MDCAS program and should provide auditors that are more generally familiar with your category of device. The best auditors for your specific technology will more likely be your internal auditors.

I apologize for long-windedness. Its difficult for me to try and explain something well and short at the same time.
 

Sidney Vianna

Post Responsibly
Leader
Admin
Mr. Ramaley, any news on the IAF MDCAS effort? I believe that some of the battles being fought in the Aerospace sector, with our attempts to promote the concept of an Industry Controlled Accredited Quality Certification Program to the regulators, such as the FAA, EASA, etc. could be used as lessons learned in the Medical Device Sector.

One of the current IAQG initiatives is to gain broader acceptance of the ICOP Scheme with Civil Aviation Authorities and other regulatory stakeholders. Maybe the IAQG and the IAF-MDCAS should communicate more closely.
 
M

MIREGMGR

Some related info:

1. Sources say that US FDA expects to formalize its Voluntary Audit Submission Program (VASP) this Fall. VASP accepted volunteer submissions several months ago to test the intended procedures, and supposedly will review those submissions by June. Under VASP, a low risk device maker may submit two years' ISO13485 audit reports by an FDA-accepted auditing body. If those audits did not identify any nonconformances and if the submitter is otherwise not subject to FDA concern, they will be exempted from QSIT 1 survellance audit for the next year.

2. As noted in a current thread here at Elsmar, an Australian source has said that the next GHTF meeting will be the last one, as the project is ending.
 

Sidney Vianna

Post Responsibly
Leader
Admin
Under VASP, a low risk device maker may submit two years' ISO13485 audit reports by an FDA-accepted auditing body. If those audits did not identify any nonconformances and if the submitter is otherwise not subject to FDA concern, they will be exempted from QSIT 1 survellance audit for the next year.
Thanks. I went to this (broken link removed) and read:
Specifically, a device manufacturer, whose establishment has been audited under one of the regulatory systems implemented by the Global Harmonization Task Force (GHTF) founding members[1] using ISO 13485:2003 “Medical devices – Quality management systems – Requirements for regulatory purposes,” may voluntarily submit the resulting audit report to FDA. If, based on that report, FDA determines there is minimal probability -- in light of the relationship between the quality system deficiencies observed and the particular device and manufacturing processes involved -- that the establishment will produce nonconforming and/or defective finished devices,[2] then FDA intends to use the audit results as part of its risk assessment to determine whether that establishment can be removed from FDA’s routine work plan for one (1) year.
Who are the GHTF Founding Members?
The GHTF founding members auditing systems include: the Canadian Medical Devices Conformity Assessment System; the European Union Notified Body accreditation system; the Therapeutics Goods Administration of Australia Inspectorate; and the Japanese Medical Device Ministry of Health, Labour and Welfare system.
So, if the GHTF is ending, will that affect the FDA VASP effort?
 
M

MIREGMGR

(...) if the GHTF is ending, will that affect the FDA VASP effort?

I don't think so. My understanding is that VASP has nothing to do with US FDA's relationship with GHTF, or FDA's view of ISO13485, or even their current relationship with the EU in light of the ongoing AdvaMed-encouraged sob stories Congress is hearing from medical device investors about how cozy the EU medical device investment environment is compared to that in USA.

Rather, VASP is a technique for practically managing US FDA's insufficient QSIT resources by implementing an industry-funded filter to exclude likely-rule-abiders from the raw inspection candidate list, so as to increase the percentage of FDA-funded inspections that find significant violations. Congress likes regulatory expenditures to have good result statistics. The reference to GHTF Founding Members was only a polite way of limiting participation to those national regulatory systems that the FDA considers to be rigorous and uncorruptible, so that the system can't be gamed. I expect that FDA will amend the rule to accomplish the same effect.
 
Last edited by a moderator:
G

gramaley

As a matter of fact, there is some great news on the IAF program concerning accredited certification for ISO 13485. You'll notice I removed "MDCAS", for a reason. We had thought we needed "MDCAS" to put on a certificate, but since the IAF is planning to adopt ISO 13485 accreditatoin criteria under an IAF Multilateral Recognition Arrangement, the goal is to have the IAF MLA mark on certificates, as an alternative to using a "MDCAS" mark. The IAF mark has already been registered in many countries worldwide. There are more than 50 countries that participate at IAF, including three major regional groups, so it is very big.

The good news is, the new program passed through IAF balloting in January! We are now working on developing the program's fit into the IAF Multilateral Recognition Agreement, to make it more fit for meeting the IAF's vision of "Certified once, accepted everywhere". The IAF and ILAC MLA's are among the largest technical trade agreements in the world today, concerning certifications of all types. This is a very significant benefit to working with the IAF.

Will VASP have any effect on the IAF MDCAS? IAF MDCAS was never intended for use by FDA, although I think they will certainly benefit from it. In fact, certificates issued under VASP will eventually have to meet all of the IAF conditions that were just passed. Keep in mind that we used the GHTF guidance, and had help from SG-4 to develop the ISO 13485 MDCAS program. FDA even sent someone (at our invitation) to help. In the near future, you will not be able to get an "accredited" (more credible) certificate to ISO 13485, unless the CAB has met all the IAF Mandatory Document requirements for IAF MDCAS. Don't worry though, we didn't add anything to the audit, we just shored up how CABs and ABs operate, communicate and added a little, but necessary amount transparency.

So there may be a slimming down of ISO 13485 IAF MDCAS acronyms, which used to be "GMDCAS", which was modeled after "CMDCAS". Instead it will simply be an IAF based accredited certificate to ISO 13485. In affect, ALL accredited certs will abide by the IAF requriements, or they cannot participate in the IAF MLA.

The VASP program will be VASPly improved by IAF MDCAS . Sorry, I couldn't resist.
 
N

napoleon monroe

While this thread has gone a little cold, related activity has not. Grant has been very active with IAF and the accreditation program has progressed significantly. Grant may be out of the office for a week. In order to insure that we have benefit of this forum's insight, I am posting. (I'm just a business guy trying to help "harmonize" the systems in the interests of all involved. Grant and other Working Group Members are far better able to address the technical aspects.) Part of a draft summary to be included in our communications to trade and professional organizations follows:

SUMMARY:
On July 15, 2011, IAF issued the mandatory documents detailing a system which would set the requirements for audits. The documents were prepared by an international working group. FDA GHTF members participated in some of the working group meetings. When audits are conducted in accordance with the mandatory documents, regulatory bodies and industry are able to know that the audits are thorough, effective and meaningful.

In August 2011, IAF Members voted on a multilateral agreement. There were no negative votes.

Industry and the associations which represent industry have an interest in making quality systems certificates meaningful and less costly. Multilateral recognition avoids duplication of audit efforts and costs, and avoids differences in interpretation between auditors. We believe a number of regulatory bodies worldwide are prepared to accept the IAF ISO 13485 accreditation program. The IAF Member Certification Bodies (CBs) are often Notified Bodies as well.

Regulators and industries worldwide are struggling to meet their obligations in regulating and managing a globalized supply chain.

The US FDA has recognized the value of ISO 13485. The requirements of ISO 13485 and incorporate them. The FDA CDRH recently released the planned 2012 priority documents. The list included:
Global Harmonization or Standards Related Guidances
Appropriate Use of Consensus Standards in Premarket Submissions
Medical Device ISO 13485:2003 Voluntary Audit Report Submission Pilot Program”
FDA requested comments on the list. This is an opportunity to discuss the IAF ISO 13485 accreditation program with FDA.
:agree: Industry, regulators, IAF and their Members, national budgets, trade and professional associations and healthcare practitioners and consumers all can benefit from IAF ISO 13485.
Comments are welcome ant time. It would be helpful to have insights before we go to IAF in Bangkok in early November. Thanks.
 
Top Bottom