ISO13485:2016 - Exemption vs. Not Applicable

Mortalis

Involved In Discussions
#1
Good morning,

Our CB auditor said something during his last audit about separating out the exempted requirements from those that are not applicable.

Trying to differentiate without having access to a definitions standard am I correct to say that "exemptions" are for when a whole section does not pertain to a company? For example...7.3 Design. And "Not applicable" is for a section that does pertain but there is a portion of the requirement section that does not pertain. For example, our company doesn't utilize UDI in the 7.5.8 Identificaiton as we do not manufacture medical devices.

Comments?
 
Elsmar Forum Sponsor

mwb0585

Starting to get Involved
#2
Hi Mortalis,
My understanding is that design controls can be excluded if regulatory requirements allow it. For example, FDA does not require design controls for some devices (class 1 and some class 2, I believe). So if you were a manufacturer that was in this position, you could exclude design control. This may have been what your CB auditor meant when he said exemption.

As for non-applicables: there will be some parts of clause 6, 7, or 8 that are not applicable to an organization, based on the type of work they perform. In this case, the organization needs to provide justification for why it is not applicable, and document it somewhere. As you mentioned, your company doesn't deal with UDIs. So document that determination somewhere.

I imagine a common way of accomplishing this is in the quality manual. We have a separate section that details any clauses that are not applicable, and provides the rationale as to why.

Good luck.
MB
 

Marcelo

Inactive Registered Visitor
#3
Trying to differentiate without having access to a definitions standard am I correct to say that "exemptions" are for when a whole section does not pertain to a company? For example.
There's no definitions for those, but you do not need definitions, because how to apply them is written in 1.2.

MR's comments are on the spot.

Exclusions can only happen if applicable regulatory requirements allow you to do so. The FDA example is the case that this requirements was created originally to solve. Please note that you would have to use worst case here, so for example if you sell your device in the US and another country, and the US regulation permit that you exclude design controls, but the other country regulation does not permit it, you would still have to include it in your QMS.

The non-applicability requirement originally was created due to some requirements in clause 7 being dependable on the nature of the device (example, particular requirements for implantable medical devices - in this case, if your device is not sterile, the requirement would be non-applicable to your QMS).

In the 2016 revision, we expanded the scope of the standard (originally, the scope was only the manufacturer, although the standard do not explicitly said that) to organizations in any stage of the medical device lifecycle. During one of the drafts it was noted that some organizations may not be under certain requirements of not only clause 7, but also 6 and 8, due to the activities they perform. So the non-applicability option was expanded.
 
Last edited:

Mortalis

Involved In Discussions
#4
We are a contract manufacturer of components. We do not manufacture finished devices. We receive prints from our customers that detail the product and its requirements they are purchasing from us.

We take design and development as an exclusion. Have since being certified. Since this is the only allowable "exclusion", the authors of the standard having been written for finished devices understand some portions will not/may not apply to non finished device medical manufacturers. That is why they allow "not applicable" statements with justification?

We utilize a matrix table in the QM to state the design and development exclusion as well as the portions that are not applicable with the justification(s). The auditor's statement seemed to implicate that there should be two separate and distinct matrix tables, one for the exclusion and one for the not applicables.

I understand the sterilization and UDI portions as possible not applicable. Can any statement in the standard that references "medical device" or "finished device" be deemed not applicable to a component manufacturer?
 

Marcelo

Inactive Registered Visitor
#5
We take design and development as an exclusion. Have since being certified.
Well, it happens a lot, a lot of non-manufacturers were certified to the old standard, even when the standards was not applicable to them. This is also one of the reasons we put a bigger scope. But please note that excluding D&D without regulatory requirements allowing you to do so does not fulfill the standard requirements.

Since this is the only allowable "exclusion", the authors of the standard having been written for finished devices understand some portions will not/may not apply to non finished device medical manufacturers
Unfortunately, the "authors of the standard" (which includes me) could not find all possible combinations of the impact that the change in scope would create. We did notice some problematic combinations in the last few meetings, but then it was too late to change (and the project was under the risk of being reset). Please note that, due to expansion of the scope, the standards is not "written for finished devices" anymore.

That is why they allow "not applicable" statements with justification?
The cases discussed during development were more on the general side, for example, a firm which performs maintenance of device, one that performs decommissioning at end-of-life, etc.

Can any statement in the standard that references "medical device" or "finished device" be deemed not applicable to a component manufacturer?
Unfortunately, no. You would have to analyze every requirement and verify if they are applicable or not.
 

Ronen E

Problem Solver
Staff member
Moderator
#6
Marcelo,

Your input here is extremely important and much appreciated. It's highly beneficial - to this discussion and also for future ones - to have one of the standard's authors available for clarifying issues and also commenting on both the authors' intentions and eventual shortcomings (which are sometimes, as you've explained, not intentional but a result of technical constraints).

Thanks!
Ronen.
 

Ronen E

Problem Solver
Staff member
Moderator
#7
The auditor's statement seemed to implicate that there should be two separate and distinct matrix tables, one for the exclusion and one for the not applicables.
If that is actually the case, I think that it's not only non-essential and non-constructive; it's absurd. What difference does it make it there are two matrices or just one, as long as the standard's requirements have been met and the documentation provides reasonable access to the justification?

Form over content. :nope:
 

Mortalis

Involved In Discussions
#8
If that is actually the case, I think that it's not only non-essential and non-constructive; it's absurd. What difference does it make it there are two matrices or just one, as long as the standard's requirements have been met and the documentation provides reasonable access to the justification?

Form over content. :nope:
Ronen,
Just like most other auditors I've dealt with over the years, each one has to leave their mark on the Quality System they are auditing. This one in particular has certain things he wants to see and will not take any other way about it. And since it's not that big a deal we acquiesce and move on.

Marcelo,
Thank you for your insight. My wife is on the TL and TS committees and was in invaluable resource for me while I was implementing and then working in the TS system I put into place a few years ago.
 
#9
Well, it happens a lot, a lot of non-manufacturers were certified to the old standard, even when the standards was not applicable to them. This is also one of the reasons we put a bigger scope. But please note that excluding D&D without regulatory requirements allowing you to do so does not fulfill the standard requirements.



Unfortunately, the "authors of the standard" (which includes me) could not find all possible combinations of the impact that the change in scope would create. We did notice some problematic combinations in the last few meetings, but then it was too late to change (and the project was under the risk of being reset). Please note that, due to expansion of the scope, the standards is not "written for finished devices" anymore.



The cases discussed during development were more on the general side, for example, a firm which performs maintenance of device, one that performs decommissioning at end-of-life, etc.



Unfortunately, no. You would have to analyze every requirement and verify if they are applicable or not.
Marcelo,

I am currently adopting ISO13485: 2016 for our company. We're a component supplier to the Medical Device sector and also an OEM supplier. We currenly exempt ourselves from D&D, but I'm now wondering with the expansion in scope, should we include D&D with respect to the components we design and manufacture, even though the initial concept may come from the customer. Your expertise is greatful.
 
#10
We are currently implementing ISO13484:2016 and am looking for some thoughts and guidance around the area of Design and development, we currently exempt ourselves from it, but with the scope change should we be considering it. Currently manufacture components for the medical device sector and are also an OEM medical device manufacturer. Appreciate any input
 
Thread starter Similar threads Forum Replies Date
K ERP System Software Validation - ISO13485 2016 4.1.6 Design and Development of Products and Processes 8
A ISO13485:2016 name and ownership changes questions ISO 13485:2016 - Medical Device Quality Management Systems 2
D ISO13485:2016 7.5.6 Process Validation Responsibilities ISO 13485:2016 - Medical Device Quality Management Systems 1
D Customer Audit Finding ISO13485:2016 7.6 ISO 13485:2016 - Medical Device Quality Management Systems 7
CPhelan Do you require MDSAP for CE Marking of a Medical Device or is ISO13485:2016 with clinical data sufficient? CE Marking (Conformité Européene) / CB Scheme 5
S PPT for ISO13485:2016 Employee Training (Request) ISO 13485:2016 - Medical Device Quality Management Systems 0
Q ISO13485:2016 4.2.4 Control Of Documents - Lifetime of the Medical Device ISO 13485:2016 - Medical Device Quality Management Systems 3
S ISO13485 2016 - What the upshot is of failing to upgrade on a medical diagnostic device ISO 13485:2016 - Medical Device Quality Management Systems 1
H ISO13485:2016 Measurement System - Methods General Measurement Device and Calibration Topics 4
G ISO13485:2016 Cl. 7.5.1 - Production and Service Provision - Medical Device Repairs ISO 13485:2016 - Medical Device Quality Management Systems 3
M Looking for Cross reference of AS9100:2016 to ISO13485 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
K Implementing ISO13485:2016 in the Middle of a New Device Project ISO 13485:2016 - Medical Device Quality Management Systems 1
T ISO13485:2016 Clause 6.3 - Infrastructure ISO 13485:2016 - Medical Device Quality Management Systems 1
R ISO13485:2016 Clause 4.2.3 - Changes in Technical File Requirements ISO 13485:2016 - Medical Device Quality Management Systems 18
M Address change for a company with CE/ISO13485 EU Medical Device Regulations 2
A Document "Correspondence IATF 16949 vs ISO13485" available? IATF 16949 - Automotive Quality Systems Standard 0
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
N Can a (class I) medical device be manufactured in a GMP certified site with no ISO13485? EU Medical Device Regulations 18
V Iso13485 certification vs CE technical audit ISO 13485:2016 - Medical Device Quality Management Systems 3
R How to improve a Validation program and procedures to FDA (21 CFR part 820) & ISO13485 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
S Nonconformance to a Note in ISO13485 clause 6.2 Human Resources Effectiveness ISO 13485:2016 - Medical Device Quality Management Systems 13
C ISO13485 exclusions for design and automation company ISO 13485:2016 - Medical Device Quality Management Systems 2
R ISO13485/ISO9001 Convenient Document Management System Document Control Systems, Procedures, Forms and Templates 3
R ISO9001 & ISO13485 QMS for 2 types of products ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
M ISO13485 Documentation packs (manual, procedures, forms etc) ISO 13485:2016 - Medical Device Quality Management Systems 3
C ISO13485/9001 clause 6.3 (Infrastructure) ISO 13485:2016 - Medical Device Quality Management Systems 3
T ISO13485 cert expired - Product still CE Marked CE Marking (Conformité Européene) / CB Scheme 1
V Revised ISO std vs ISO13485:2003 - Help Please!!! ISO 13485:2016 - Medical Device Quality Management Systems 4
C Is there a strong market out there for ISO13485 certification? ISO 13485:2016 - Medical Device Quality Management Systems 11
B Must a Design Outsourcing Company have ISO13485? ISO 13485:2016 - Medical Device Quality Management Systems 3
L ISO13485 past practice labeling vs customer requirement Other ISO and International Standards and European Regulations 2
S CMDCAS ISO13485 - Bilateral agreement with SAI global to conduct Certification Audits ISO 13485:2016 - Medical Device Quality Management Systems 7
quality1 Multiple Quality Standards - AS9100 and ISO13485/9001 Cross Reference Matrix Quality Manager and Management Related Issues 3
C ISO13485 Incoming Receiving Parts Verification ISO 13485:2016 - Medical Device Quality Management Systems 13
Q ISO13485 Section 7.5.1.1 and 7.5.2.1 for a Distributor ISO 13485:2016 - Medical Device Quality Management Systems 2
W Setting up from scratch - Looking for help (ISO9001 / ISO13485) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
B Outsource Production Line need ISO13485 Certificate ISO 13485:2016 - Medical Device Quality Management Systems 1
somashekar Clause 7.5.5. as in the text and in the Annex B (ISO13485:2003) ISO 13485:2016 - Medical Device Quality Management Systems 1
U Do we have to have foreign legal documents? (ISO13485 4.2.3 document control) ISO 13485:2016 - Medical Device Quality Management Systems 3
0 Medical Device Distribution Centre and Implementing ISO13485 ISO 13485:2016 - Medical Device Quality Management Systems 1
C Writing a Sterilization Procedure when the Process is Subcontracted - ISO13485 Quality Management System (QMS) Manuals 1
J ISO13485 Certification Scope - Registering a Subset of our Products ISO 13485:2016 - Medical Device Quality Management Systems 9
J ISO13485 Clause exclusions for a Medical Software Company ISO 13485:2016 - Medical Device Quality Management Systems 9
P How to streamline different documents in a multi plant ISO13485 QMS ISO 13485:2016 - Medical Device Quality Management Systems 8
D FDA Guidance on Interim Use of ISO13485 for Medical Device Manufacturer ISO 13485:2016 - Medical Device Quality Management Systems 3
S Implementing ISO13485 in a new startup company - Neurological devices ISO 13485:2016 - Medical Device Quality Management Systems 12
E Career Plan - ISO13485 Lead Auditor Course/IRCA certified ISO9001 Lead Auditor Course Professional Certifications and Degrees 4
S Scope of ISO13485 and the term 'Related Services' ISO 13485:2016 - Medical Device Quality Management Systems 1
P What's the difference between ISO13485 and FDA/QSR? ISO 13485:2016 - Medical Device Quality Management Systems 16
C Presentation Invitation on ISO13485 from the Distribution Side ISO 13485:2016 - Medical Device Quality Management Systems 1

Similar threads

Top Bottom