This blog, “How to Reconcile the Upcoming ISO 13485 and 9001 Standards” provides recommendations about how companies should implement these two standards.
In 2003, the current version of ISO 13485 was released. This standard was written following the same format and structure of the general quality system standard at the time (i.e., ISO 9001:2000). In 2008, there was an update to the ISO 9001 standard, but the changes were extremely minor, only clarified a few points, and the periodic review of ISO 13485 in 2008 determined there was not a need to update 13485 at that time.
On December 1-5 the working group for revision of ISO 13485 (i.e., TC 210 WG1), met at AAMI’s Standards week (http://bit.ly/AAMI-Standards-Week) to review the comments and prepare a first Draft International Standard (DIS). We should have some updates on the progress of the DIS later in December, but hopefully the news will not be a delay of publication until 2016. The following is a summary of the status prior to last that meeting.
New Standards Being Released
In 2015, there will be a new international version of ISO 9001 released. This new version will have dramatic changes to the standard–including the addition of a new section on risk management and adoption of the new High Level Structure (HLS) changing from 9 sections to 11. The ISO 13485 standard is also anticipated to have a new international version released in 2015, but the ISO 13485 standard will maintain the current HLS with 9 sections. Timing of the ISO 9001:2015 release and the ISO 13485:2015 release will likely be around the same time. Both standards are expected have a three-year transition period for implementation. The combination of the three-year transition and lessened requirements in the new version of ISO 9001 for a structured quality manual should allow most manufacturers to wait until the ISO 13485 release before they begin drafting a quality plan for compliance with the new standards. Some of my clients have already indicated that they may drop their ISO 9001 certification when it expires, instead of changing their quality system to comply with the ISO 9001:2015 requirements. However, my clients will not have the ability to allow their ISO 13485 certification to lapse. Will Health Canada be updating GD210 (http://bit.ly/GD210Guidance) and continue to require ISO 13485 certification for medical device licensing? What should companies do?
First, I recommend that companies purchase copies of the new versions when they are published. Second, companies will need to train their management teams and auditors on the differences between the current and the new standards to enable a gap analysis to be completed. Any manager that is responsible for a procedure required by the current version of the standard should receive training specific to the changes to understand how they will meet the requirements for documented information. Most companies will need to improve their risk management competency. I recommend that companies begin drafting their quality plans and enter discussions with their certification body for quality system changes in 2016 to obtain certification of compliance with new versions of the standards in 2017. Further, I recommend that clients keep the current structure of their quality system, because the ISO 13485 standard will continue to use the current HLS and it will help everyone remember where to locate information.
There is also specific text currently in the introduction of the DIS version of ISO 9001 (highly likely to remain unchanged) that outlines it is not the intent of the standard to imply the need to align your quality management system to the clause structure of the standard. Companies that keep their ISO 9001 certification should consider including cross-references between the two standards in their quality manual.
There are also European National (EN) versions of each standard (e.g., EN ISO 13485:2012 – http://bit.ly/EN-ISO-13485-2012-Release). The EN versions are harmonized with the EU directives, but the content of the body or normative sections of the standards are identical. Historically, the differences were explained in Annex ZA and that was the last Annex in the EN version of the standard. In 2009 the harmonization annex for ISO 14971 (i.e., the medical device risk management standard) was split into three parts to match up with the three directives for medical devices (i.e., the MDD, AIMD and IVDD). The new annexes (i.e., ZA, ZB and ZC) were moved to the front of the EN version of the standard. The changes to ISO 14971 consisted of a correction and the change to Annex ZA. In 2012, there were new harmonization annexes created for ISO 13485 to follow the same format that was used for the EN ISO 14971 annexes. It is expected that these “zed” annexes will be released with a new EN version of the standard shortly after the international standard is published.