Startup Company - Implementation of ISO 13485

Ed Panek

QA RA Small Med Dev Company
Leader
Super Moderator
Well then. Define your Quality Manual and determine any exclusions from the standard. If you are not doing production, service, installation or sterile devices you can exclude them. Determine your quality policy and metrics you will use to track your performance. Then go thru the standard and create SOPs and forms to use to demonstrate that you follow the standard correctly and you can demonstrate it with data taken during work done.

At some point though to become certified you need to hire a certifying body and pay them. I would first hire a consultant to audit your work so far and get some feedback. Chances are you will fail the audit with many findings...that's normal. make corrections using your CAPA system and do it again.
 

nickie

Starting to get Involved
@Ed Panek we have someone who will give us a friendly ear and point us in the right direction but actually paying a consultant is beyond our means now. It's a frustrating position because we are on a see-saw where we are on the point of imminent destruction if we do not manage our cash over the next few months very efficiently. We are committed to the quality process but the main resources we are going to be able to dedicate at the moment is time over outward spend. A good example of this is instead of actually buying the ISO standards we went to the library to study them and saved cash in the process. The more things we can do like this the better until we get a first sale and hopefully use that to raise some investment.
 

Ed Panek

QA RA Small Med Dev Company
Leader
Super Moderator
Don't tell an auditor that. One of the requirements for ISO 13485 is that you have provided the resources to implement the QMS.

6 Resource management
6.1 Provision of resources
The organization shall determine and provide the resources needed to:
a) implement the quality management system and to maintain its effectiveness;
b) meet applicable regulatory and customer requirements.
 
M

Mr_medtech

@Ed Panek Hmmm this is a tricky one because I would honestly say we have put a lot of resource into this so far. We did read and appreciate the resources section, my interpretation of this is that resource is relative depending on the size and stage of the company you have.

Given the little resources we do have and how early we are as a company, we have this is taking up a lot of our man hours and we have definitely put budget aside to implement a QMS and work to the standard.

I understand that implementation needs resources, it does not say anywhere in the standard though that only those with a threshold level of financial resource should attempt to work to the standard. I hope this does not come across as obtuse, and I also understand the point you are making in terms of at the end of the day it's going to come down to what an auditor thinks and life isnt fair! It's quite frustrating for a small company that has a clinically relevant medical device to grapple to effectively have a bunch of barriers to the market. I do understand why the standard is there though. We are also looking at this from the perspective of once we are over these hurdles it gives us some defensibility as a company.
 

Ed Panek

QA RA Small Med Dev Company
Leader
Super Moderator
Im not saying you aren't meeting this requirement. The auditor is not going to ask you directly about 6.1 He is going to review the QMS and see if you met this by observation. He may review your management review to see how you reviewed resources provision. NEVER state you are struggling or cant afford or will do this later. If you tell an auditor you are struggling to implement ISO 13485 he could write a finding. Major is systemic problems. If just a part of your QMS is struggling from resources he could make just an OFI or a minor.


Some auditors will work with you though. If your sales are low you probably don't have many records to audit. He could just check to see if the infrastructure for 13485 is in place and come back in 6-12 months when there are actual records to audit.

Im in that status now in a start up. We have passed FDA and ISO 13485 audits but we have very few sales. That means very few records which are easy to review and make sure are correct. When you have thousands of records that's not possible.
 
M

Mr_medtech

ok @Ed Panek - much appreciated and really informative response. You have hit upon something that i think is a key point for everyone going through this for the first time - an audit is like a black box for us right now. We are going to get an external expert to audit us and do a GAP analysis with us to check where we are vs where we need to be once we get a bit closer to the market. Right now we have zero sales and it's doubtful we will sell a unit in the next 6 months but we want to think ahead and get all the infrastructure in place and start getting the evidence we have the processes in place and are seeking to improve them.
 

Ed Panek

QA RA Small Med Dev Company
Leader
Super Moderator
Make sure you are upfront with your potential NB (Certifier) about your status. If he says he wants to audit your DHR and you really haven't had much production tell him that so he can adjust his audit agenda. Make sure you have a table to references the standard to your QMS. Make sure your QM is clear about what you do and exclusions. Make sure you are using your CAPA system regularly. Even if you think its not needed write CAPAs. It shows you use the system. Make sure your risk SOPs and controls are in good shape and you review ALL risks including risks to your business. Make sure your suppliers are under control and you have documented their risks to your product. Make sure you have channels set up to capture ALL CUSTOMER FEEDBACK and its analyzed. You should have document controls. You should have a ECO/CN to show him. Since you are young he may focus on Design and Development so make sure you can provide evidence you meet all of those requirements.
 

racglobal

Involved In Discussions
I wanted to add that taking a course from a CB is not a bad idea. Getting certified by BSI produces a certificate that you have been effectively trained by passing their exam on the QMS and internal audit or lead audit exam (the latter if you choose to be the lead auditor training other internal auditors in your company). In your case, you can be the lead auditor who will be qualified to train the second employee in your company to do internal audits. During a real audit, you will be asked to produce the qualifications of the people running RA/QA in your company. My experience is that having a certificate of qualification will be helpful if you don't choose to work with any external consultants on your QMS. Since consultants are expensive over the long run, it's worth the investment to take a BSI course or something along those lines. Think of it as not just a qualification to pass the audit, but as an investment in yourself.
 
M

Mr_medtech

@Ed Panek ok so this was actually my original thought process around getting a course from a CB like BSI. I definitely agree that i would see this as an investment in myself and the company: if it's worth spending the resource on, i'm happy to do so!

One other point I would like to ask is about SOPs for design and development in relation to Agile. I'm not sure what process you are as a startup company - from what i can see with other SOPs people tend to at least cite that they are using waterfall. For us we want to use agile methodology adapted with some stage gating and obviously making sure we have plenty of supporting documentation as our design and development process. I have not been able to find an SOP with this approach to get a bit of inspiration. Again, i'm also not sure what an auditor would think. From what i can see "The FDA Does Not Prescribe Waterfall and in Fact Recognizes Agile as a Consensus Standard" so at least in theory this looks like it should be fine.
 

Berni

Starting to get Involved
The main problem is that medical devices are everything but cheap. We were in almost the same situation than you a few years ago and we pay a lot in consulting to make us the skeleton of our QMS. But there is nothing that we couldn't learn by yourself. Nevertheless, we save some precious time. You should decide what to do with your resources. Buy time or keep the money for other things.
 
Top Bottom