ISO13485:2016 and Subsidiary Company

Lupop77

Registered
Hello, does anyone have experience or advice on subsidiary companies and ISO certification?

We have just added a second office/distribution facility as a subsidiary, parent company is UK based and sub is based outside of UK and EU. I'm struggling to identify if our ISO 13485:2016 certificate automatically covers the second site and if it does, would they then have to maintain their own QMS and have external audits etc or do they continue to be covered by ours? I assume they would have to receive copies of SOP's and document records etc?

They won't actually be manufacturing any devices and I'm in the process of identifying if they will even handle devices with regards to storage and distribution, if they don't I would simply exclude them from any medical activity however if they are handling medical devices, am I still able to exclude them?

This is a new area for me and a first for us as a company so falls out of my area of expertise, any feedback would be greatly appreciated, thankyou.
 
Elsmar Forum Sponsor

shimonv

Trusted Information Resource
Hi Lupop77,
Until the cloud settles and you have more information about the activities intended for the second office, I will say this:
From QMS prospective, assuming it is required, you have two main options:
(1) Separate QMS with all that's involved (setup, certification, auditing, etc). This is most unlikely because it's a headache and quite expensive.
(2) Turning you exiting ISO 13485 certificate into a multi-site certificate, i.e. the second office operates under your existing QMS with some adjustments where necessary. This is the more reasonable and efficient option. Your certification body will provide you with all the information you need.

Good luck,
Shimon
 

ChrisM

Quite Involved in Discussions
Your existing ISO13485 will not automatically cover your second office; certification relates to sites and the addresses are stated on the certificate.
Your first step is to identify the scope of activities undertaken at this newly acquired office. Someone senior in your QA structure should have been involved in the process of acquiring these premises to discuss the implications on your certification (and your way of conducting business, having made the acquisition.......)
 

Lupop77

Registered
Hi Lupop77,
Until the cloud settles and you have more information about the activities intended for the second office, I will say this:
From QMS prospective, assuming it is required, you have two main options:
(1) Separate QMS with all that's involved (setup, certification, auditing, etc). This is most unlikely because it's a headache and quite expensive.
(2) Turning you exiting ISO 13485 certificate into a multi-site certificate, i.e. the second office operates under your existing QMS with some adjustments where necessary. This is the more reasonable and efficient option. Your certification body will provide you with all the information you need.

Good luck,
Shimon

Thank you for your help, I actually think we might move more towards asking the second site to achieve the certification themselves and run a separate QMS with assistance from our office - the amount of medical device activity they actually manage is so small I'm recommending we look to discontinue the applicable product lines for them and they can concentrate on non-medical, that way 9001 might be more suitable and achievable for them.
 

Lupop77

Registered
Your existing ISO13485 will not automatically cover your second office; certification relates to sites and the addresses are stated on the certificate.
Your first step is to identify the scope of activities undertaken at this newly acquired office. Someone senior in your QA structure should have been involved in the process of acquiring these premises to discuss the implications on your certification (and your way of conducting business, having made the acquisition.......)

Thank you for answering one of my main queries which is if our certificate is automatically transferred to them, the site doesn't have anyone experienced in Q&A so I'd worry about simply putting ISO on them as an instant. I think 9001 might be better suited to them so I'll be raising this and making the recommendation for them to run their own QMS with assistance where needed from our UK office.
 
Top Bottom