The author reviews the certification body selection process for ISO 13485 certification, MDSAP Certification, and CE Marking.
What is a Certification Body?
A certification body is a third-party company that is accredited by an organization like the ANSI-ASQ National Accreditation Board (ANAB) or Standards Council of Canada (SCC) to perform certification audits against ISO Standards, such as ISO 9001 or ISO 13485. Accreditation bodies verify the conformity of certification audits to the ISO/IEC 17021 Standard. Some certification bodies are not accredited or may be self-accredited. Still, you will need a certification body that is accredited to meet the regulatory requirements of Health Canada and European Competent Authorities.
Certification body selection for your company is a critical step on the journey toward ISO 13485 certification. When I first joined one of my previous companies, I was assigned the task of implementing ISO 13485 to comply with the Canadian Medical Device Regulations (CMDR) under the Medical Device Single Audit Program (MDSAP). First, I discovered that the company already had two certification bodies. The company initially received an ISO 9001 certificate from one certification body, and then a few years later, an ISO 13485 certificate was issued by another certification body. Unfortunately, neither certification body was recognized by Health Canada. Therefore, when I joined the company, and we were seeking a Canadian Medical Device License, we had to find a third certification body. This time, I selected a registrar recognized by Health Canada. Then I was able to transfer our ISO 9001 certificate to the new registrar and eliminate the other two certification bodies.
When conducting certification body selection, you will find that there are different names for the term, depending on the country to which you are seeking your certificate. For some of the biggest markets, they are named as follows:
- Europe – notified bodies
- Canada – registrars
- Japan – registered certification bodies
- Australia – conformity assessment bodies
8 Points to Consider When Selecting a Certification Body
- Refer to the official Europa page that helps you identify the complete list of “possible” Notified Body candidates based on the product category.
- The size and reputation of the notified body can have an impact on your customer’s confidence in your QMS. If they are savvy, they know who the key players are, and who has the more credible reputations in the medical device field. Before transitioning to BSI, I experienced “eye-rolling” during customer audits when asked for the name of our notified body.
- Consider the level of risk associated with the classification of the medical devices that are currently marketed and those that may be planned for future distribution. The EU Commission and Competent Authorities (US FDA equivalent in European member states) throughout Europe are currently re-evaluating all the Notified Bodies to determine if they will continue to be allowed to issue CE Design Examination Certificates (Annex II.4) and CE Type Examination Certificates (Annex III) for the highest risk devices (i.e., – Class IIb and Class III).
- Identify all your regulatory needs unless you want to contract multiple certification bodies (not recommended). Certification bodies are not created equal, and some may not be qualified to provide all the services needed. A certification body qualified to issue a certificate for ISO 13485 may not be able to provide a CE certificate for CE Marking required by the EU, and only 15 certification bodies are recognized by Health Canada as MDSAP Auditing Organizations. To avoid the need for additional certification bodies in the future, you need to identify your long-term certification requirements for the international markets you will be distributed in.
- Compare price quotes from each certification body you are considering and make sure that you provide the same criteria to each potential certification body to ensure that you are getting a fair quote. This is also the time to determine ALL costs associated with audits, certificates, and any other fees. Be sure to include any travel costs, as they are part of the fees that will be included in the contract. If you have multiple sites, consider the benefit of utilizing the same auditor for each site for consistency. However, using one auditor can also incur higher travel costs.
- Evaluate each certification body’s customer service before the initial certification audits by asking for “360-degree” evaluations by everyone in your organization that will interact with the certification body directly. This includes planners scheduling the certification audits, the accounts receivable department handling invoices for the certification body, and your sales team that may be able to represent a customer’s opinion of the various certification bodies you are considering. Responsiveness is one of the best criteria to evaluate this customer service against. If the certification body is difficult to work with before certification, it won’t get better.
- What is your regulatory strategy? Are you looking for a certification body that will conduct an audit that barely meets requirements? Or maybe you want a certification body that will work with you as a partner to build a QMS made up of best practices. I recommend a “picky” certification body. This will ensure that you choose a partner that forces you to improve your QMS and remain competitive with other medical device companies that have embraced the principles of an ISO QMS.
- Finally, if your medical devices or the manufacturing process is complex or innovative, you should select a certification body with auditors that have the technical expertise to understand your product and processes. For example, if your company makes special plastic implants that require “gas plasma,” or vapor-hydrogen peroxide sterilization, you want to ensure that the certification body has auditors that understand this sterilization process.
For certification body selection, a spreadsheet may help keep track of information. However, the best practice for making this type of strategic supplier decision is a “Proposal A3 Report”. This special type of A3 Report is explained in Dan Matthew’s workbook. Rob Packard, the founder of the Medical Device Academy, used this approach for the certification body selection of a new Notified Body to transfer to for a recent client.
If you need assistance with ISO 13485 Certification or are interested in training on medical device regulations for the United States, Europe, or Canada, please email the Medical Device Academy at email@example.com, or contact Rob Packard by phone @ +1.802.258.1881.