Scope of Certification for a Design Organization with Outsourced Mfg. - ISO 13485

[rwend07]

We are a "design house" for Class I and Class IIa products. We design the project, get them contract manufactured, then inspect and distribute the final device.

I've tried searching for guidance on scope statements for 13485 certification, but all I have come up with is Canadian/MDSAP scope guidelines. My specific concern is that we do not do any in-house manufacturing, however MDSAP/CMDR requires that "manufacturing" is included in the scope statements.

Is there a similar requirement for ISO 13485? I don't want our CB to come in and expect to see a bunch of SOPs revolving around manufacturing when we perform no processing/manufacturing/packaging/etc in house. Can we have a scope that does not include the word "manufactures"?

 

[yodon]

Are you the "manufacturer of record?" If so, I think you have to cover that in the scope but it doesn't mean you can't contract that out. I think.

 

[Sidney Vianna]

We are a "design house" for Class I and Class IIa products. We design the project, get them contract manufactured, then inspect and distribute the final device.

Paragraph 4.1.5 of ISO 13485:2016 stipulates that your organization is responsible for the outsourced processes and the level of control you have to exercise onto the external party must be commensurate to the risks involved. Further, your control onto the contract manufacturers must include written quality agreements. The IAF MD9 Document stipulates that the certification body might have to deploy auditors with competence in assessing the adequacy of control over outsourced processes.

As for the scope of certification, in situations such as this, I always recommend the truthful and transparent path. Phrase your scope of certification along the lines of:

The Design and Outsourced Manufacturing of....​

In my opinion, that would satisfy the requirements of paragraph 8.2.1 of the IAF MD 9 document, hyperlinked above, which reads

8.2 Certification documents MD 8.2.1

The CAB shall precisely document the scope of certification. The CAB shall not exclude part of processes, products or services (unless allowed by regulatory authorities) from the scope of certification when those processes, products or services have an influence on the safety and quality of products.

 

[DannyK]

We are a "design house" for Class I and Class IIa products. We design the project, get them contract manufactured, then inspect and distribute the final device.

Will your company name be on the label?

If yes, the scope should say " Design and manufacture...."

You are responsible for manufacturing even if you do not perform the manufacturing and the auditor will be looking for evidence on how you control manufacturing and release products.

I have audited many clients with the same situation.

 

[rwend07]

Paragraph 4.1.5 of ISO 13485:2016 stipulates that your organization is responsible for the outsourced processes and the level of control you have to exercise onto the external party must be commensurate to the risks involved. Further, your control onto the contract manufacturers must include written quality agreements. The IAF MD9 Document stipulates that the certification body might have to deploy auditors with competence in assessing the adequacy of control over outsourced processes.

As for the scope of certification, in situations such as this, I always recommend the truthful and transparent path. Phrase your scope of certification along the lines of:

The Design and Outsourced Manufacturing of....​

In my opinion, that would satisfy the requirements of paragraph 8.2.1 of the IAF MD 9 document, hyperlinked above, which reads

This is more of what we were trying to do. Were certainly not trying to skirt around any of our responsibilities, but we also want to make it clear we don't do any in house manufacturing. I have no problem specifying exactly what we do, I just want to make sure the scope of our audit is suitable considering our actual role.

 

[rwend07]

Will your company name be on the label?

If yes, the scope should say " Design and manufacture...."

You are responsible for manufacturing even if you do not perform the manufacturing and the auditor will be looking for evidence on how you control manufacturing and release products.

I have audited many clients with the same situation.

Yes, our name will be on the label, and we do maintain control over our contract manufacturers. It just seems a bit "innacurate" (for lack of a better term) for our scope to simply state "manufacturer".

 

[Haresh]

Will your company name be on the label?

If yes, the scope should say " Design and manufacture...."

You are responsible for manufacturing even if you do not perform the manufacturing and the auditor will be looking for evidence on how you control manufacturing and release products.

I have audited many clients with the same situation.

Dear Danny,
I just want to know , suppose you are OEM and you have design & development and you wish to do manufacturing and servicing at contract manufacture end. But servicing scope is not mentioned in contract manufacturer ISO 13485 certificate. So, my question is that does servicing scope is required if they do servicing for you.

 

[DannyK]

Haresh,
It would be better if the contract manufacturer has "servicing" in their scope.
There is no requirement for the contract manufacturer to have "servicing" in their scope.
Your company has to demonstrate how you control the servicing process.
For example, you could provide a servicing procedure and service report forms for the contract manufacturer to complete.
It is also recommended to audit the process to ensure they are following it.
The controls that you implement with the contract manufacturer should be proportionate to the risks.

I hope this helps.

Danny

 

[yodon]

Interesting question. If the CM does not have service in their scope but takes on a service project, they are, technically, in violation of their QMS. Their contract review should reject the request. And on your side, you would be subject to a nonconformity in your outsourcing/purchasing for not qualifying a provider with service in their scope.

Technically, I'd say you'd be on thin ice. Whether anything comes of it, though, would be up to whomever is looking.

 

[Haresh]

Haresh,
It would be better if the contract manufacturer has "servicing" in their scope.
There is no requirement for the contract manufacturer to have "servicing" in their scope.
Your company has to demonstrate how you control the servicing process.
For example, you could provide a servicing procedure and service report forms for the contract manufacturer to complete.
It is also recommended to audit the process to ensure they are following it.
The controls that you implement with the contract manufacturer should be proportionate to the risks.

I hope this helps.

Danny

Thanks Danny for your valuable information.
Still, I just wish to know can it create non-conformity to legal manufacturer though their contract manufacturer does not have servicing scope in ISO 13485:2016 Certificate