Small Company Implementing ISO 13485 Timeline/Process/Steps Advice

[asantcom]

Hi all, providing some context on our company: We are a super small nonprofit (3 engineers/ quality people on technical side, about 5 doctors/researchers on the implementation side). 1 Quality person establishing QMS, and delegating to engineers. We hold IP on our designs and do all design work, we outsource manufacturing/production/distribution. We develop electricity-free, high-quality, ultra-low-cost respiratory devices for babies in developing countries (primarily funded/ supported by Gates foundation, UNITAID, WHO, UNICEF, etc.). Our market is mostly Latin America and Sub-Saharran Africa. Usually, ISO 13485 certificate is required for these in-country regulatory approvals (necessary for sustained presence in-country). As we are a public benefit company, our budget is extremely small. Thus, traversing the ISO 13485 land has been a challenge. This forum and some ad-hoc support from consultants have been really helpful. I have several questions:

• We established document and control procedures, e-signature procedures, and several other SOPs, and some records (i.e. created a purchasing SOP and generated all supplier evals). What should the sequence of events be? We have not developed a quality manual yet. Any advice here would be great
• Do documents NEED an effective date? This is complicated because we are developing records in parallel with developing SOPs/ qual man. Can we replace the effective date by creating a revision history table and saying when the 1st one was created? Confused on what is required.
  • Small problem here. We already developed some records (supplier evaluations) that have different effective dates, and signed these. Is it wrong to have effective dates finalized on these evals, if we haven't established a quality manual yet? Should we hold off on ALL signatures until ALL sops have been generated? What can I do about the records that already have signatures?

Thank you so incredibly much.

 

[I_Moy]

Hi @asantcom , the structure of everyone quality management systems differs, some have their quality manual as essentially a list of all of their SOPs and some have details of the processes within the quality manual. Multiple approached can be applied but that will dictate when you must put your quality manual in place (where its essentially a list of all other SOPs I've tended to implement it last, and where it has details I have implemented it first and refined it as my QMS grows).
All documents do need an effective date, however, records created before this effective date are still records. All records should be signed and dated at the time of creation. Do you mean that the form that was used to create the record already had an effective date but the associated SOP was not yet released? I would need to see your doc control SOP and your document release process to see how best to document this but it can be dealt with - my advice would be to ensure you are signing and dating all records at time of completion, when you release your SOP you should be documenting other affected documents, the associated forms are affected documents and you can detail why they are sufficient as they are or that they need to be updated.
I hope this helps some?

Ide

 

[asantcom]

Hi @asantcom , the structure of everyone quality management systems differs, some have their quality manual as essentially a list of all of their SOPs and some have details of the processes within the quality manual. Multiple approached can be applied but that will dictate when you must put your quality manual in place (where its essentially a list of all other SOPs I've tended to implement it last, and where it has details I have implemented it first and refined it as my QMS grows).
All documents do need an effective date, however, records created before this effective date are still records. All records should be signed and dated at the time of creation. Do you mean that the form that was used to create the record already had an effective date but the associated SOP was not yet released? I would need to see your doc control SOP and your document release process to see how best to document this but it can be dealt with - my advice would be to ensure you are signing and dating all records at time of completion, when you release your SOP you should be documenting other affected documents, the associated forms are affected documents and you can detail why they are sufficient as they are or that they need to be updated.
I hope this helps some?

Ide

Just sent you a private message, thank you so much!

 

[John Broomfield]

Hi all, providing some context on our company: We are a super small nonprofit (3 engineers/ quality people on technical side, about 5 doctors/researchers on the implementation side). 1 Quality person establishing QMS, and delegating to engineers. We hold IP on our designs and do all design work, we outsource manufacturing/production/distribution. We develop electricity-free, high-quality, ultra-low-cost respiratory devices for babies in developing countries (primarily funded/ supported by Gates foundation, UNITAID, WHO, UNICEF, etc.). Our market is mostly Latin America and Sub-Saharran Africa. Usually, ISO 13485 certificate is required for these in-country regulatory approvals (necessary for sustained presence in-country). As we are a public benefit company, our budget is extremely small. Thus, traversing the ISO 13485 land has been a challenge. This forum and some ad-hoc support from consultants have been really helpful. I have several questions:

• We established document and control procedures, e-signature procedures, and several other SOPs, and some records (i.e. created a purchasing SOP and generated all supplier evals). What should the sequence of events be? We have not developed a quality manual yet. Any advice here would be great
• Do documents NEED an effective date? This is complicated because we are developing records in parallel with developing SOPs/ qual man. Can we replace the effective date by creating a revision history table and saying when the 1st one was created? Confused on what is required.
  • Small problem here. We already developed some records (supplier evaluations) that have different effective dates, and signed these. Is it wrong to have effective dates finalized on these evals, if we haven't established a quality manual yet? Should we hold off on ALL signatures until ALL sops have been generated? What can I do about the records that already have signatures?

Thank you so incredibly much.

Avoid the temptation to write perfect procedures.

Instead make sure you’re familiar with the standard and engage top management in determining the processes essential for their organization to be successful. You may need to prompt them with the names of processes you’ve drawn from your understanding of the standard. Ask them then to name the owner of each process. You may then work with each process owner to capture the process as it actually works in a deployment flowchart linked to existing forms and instructions.

Please note that most processes are cross functional involving more than one department.

For more information you may search this site for some of my posts on developing process based management systems.

BTW, you should end up with system documentation that is mostly already implemented.

 

[regularengineer]

One question here (which I hope is also helpful to @asantcom): how do you go about selecting the entity that can perform the ISO 13485 audit and certification?

 

[Sidney Vianna]

One question here (which I hope is also helpful to @asantcom): how do you go about selecting the entity that can perform the ISO 13485 audit and certification?

There are numerous threads here on the subject. Search “choosing a registrar” “selecting a registrar”, etc. some of the threads have been started over 20 years ago, but the principles are still valid.