What Else is Needed for ISO 13485:2003 certification?


Quite Involved in Discussions
Good Morning Covers,

I've been tasked with getting our company certified to 13485:2003. We are currently certified to 9001:2008. We will be dropping the 9001 certification.

We are a medical plastics compounder (we make the plastic pellets per customer spec in which the final customer makes the pellets into medical devices - we do NOT make medical devices).

I've been conducting gap analysis and have come up with a list of changes / processes our company will need. Granted, we have been audited to 13485 by our customers dozens of times, regardless of our 9001 certification, so we have A LOT of those extra bells and whistles already in place. Things like, preventive maintenance, incoming inspection, etc.

I am asking if you all could read the below outline and let me know if I am missing anything from these sections that we may need in place. These are the areas we are lacking, in my opinion. I would also like to say that I am currently the only QMS employee in our company of 65 employees. Thanks in advance!

This is the list I have come up with:

Changes to Our System for ISO 13485:2003 Certification

Exclusions of the ISO 13485:2003 Standard: – Cleanliness of product and contamination control – We do not clean the product prior to shipping. – Installation Activities – We do not install anything. – Servicing Activities – We do not service. – Particular requirements for sterile medical devices – We do not conduct sterilization. – Particular requirements for sterile medical devices (Validation of Process) – We do not conduct sterilization.

• Risk management
o The management team needs to evaluate each of our processes (mixing, extrusion, packaging, shipping) and identify the risks associated with each.
o The causes of the risks need to be identified.
o The controls to reduce the likelihood of the risks need to be identified.
o Risks are to be identified as Critical, High, Moderate, or Low. These identifiers are chosen based on the impact to the product.
 I think we have this in place mostly – but it needs to be put down on paper. I would like to send out an email to all department heads and ask that they think about the risks that are associated with the process they over-see. I would then like to hold a meeting to put it all down on paper.
o Need to write a procedure on this.

o The company must be up to date on current, national and international regulations. The regulations need to be communicated to all staff. At this time, Process Engineer is the only employee who understand the regulations
 I am requesting that Process Engineer document the process he follows to stay up to date on the regulations and which ones he follows.

Records (4.2.4)
o The standard states that records are to be kept for the life-time of the product. As this continues, we need to think about where the records can be stored as we are running out of room.
 Would this be addressed in the expansion?

Validation of Computer Software (7.5.2)
o ERP System (Discussed with Project Manager – he will write a report)
o PLC’s for Extruders – (Discussed with Production Manager)
o Need to document Validation that the PLC’s are communicating accurate information (RPMs, Temp, Feeders, Pressure – Pressure currently is not being verified)
o A procedure needs to be written on how we perform Validation of Computer Software.

Work Environment (6.4)
o This clause if more detailed than 6.4 in ISO 9001:2008.
o Health Records, cleanliness of clothing and personnel, environmental monitoring.
o Need to write a procedure on this.

Product Preservation (7.5.5)
o Need to conduct Gap analysis on inspection, receiving, inventory process with Production Manager to identify changes to be made from current procedure.
o Is FIFO being practiced?
 Meeting to discuss with Inventory when to pull multiple lots for a job and when not to, so we can use up older lots of material first.
o Who else can conduct the Purchasing process? Who has authority?
o Shelf-life process for materials need to be reviewed and updated as necessary.

• Feedback System (8.2.1)
o We need to determine a process for a feedback system, which will provide early warning of quality problems and for input into the corrective and preventive action processes, and regulatory information.
 This may be part of the ERP system soon – Need to document it.

Reworked Material
o Standard states that if product is to be reworked one or more time – the documentation and approval process must be followed again.
 This needs to be defined in the procedure. Currently it is not described.

Customer Complaints
o If Corrective Action or Preventive Action are not needed, the reason must be recorded.
 This is being done, but the procedure needs to be updated to reflect it.

Resources Needed
• Another authorized employee to conduct Purchasing.
• Another employee to conduct Regulatory reviews.
• Another employee to authorize returns / replacements / credits.
• Another employee to conduct Quality System Management – Customer complaints, CARs, PARs, Audits, etc.
• Procurement / QSM to attend Supplier Auditor Training Course.
• Possible Risk Management Training for all Top Management.
• Cross training for any Manager who does not already have a back-up.


Involved In Discussions
Nice overview!
Please realize that in march 2016, the 3rd edition of ISO 13485 is published. I propose you to extent your gap analysis and go for ISO 13485:2016 certification.
Top Bottom