Surprising a lot of insiders, ISO pushed ahead with publication of its revised medical device quality management system standard, ISO 13485:2016, despite some controversy that many thought would cause ISO to delay its release.
You can purchase the official release here, from ISO, for $158 (158 CHF). We’ve purchased our copy, and here is a quick first glance.
ANNEX SL: D.O.A.
A quick review shows some dramatic departures from the other ISO standards currently being rushed to print by the media publisher, such as ISO 9001:2015. In making the new medical device standard, ISO Technical Committee 210 not only deviated from the ISO Technical Management Board (TMB) mandate to comply with the “Annex SL” high level structure, they ignored it entirely. The new ISO 13485 standard does not adopt the common core text, ignores the new clause structure, and even deviates wildly from mandated definitions, such as “risk.” The main reason given by TC 210 on this rejection was that their primary focus was the meeting of regulations, requiring a stricter adherence to actual industry practices than the generic, much-maligned “Annex SL” approach would have presented.
In a slap to TC 176 on quality management systems, TC 210 also rejected utterly the concept of “risk-based thinking” introduced in ISO 9001;2015, and opted for a traditional risk management approach, consistent with previous editions of 13485, while expanding the requirements for risk assessments. That’s an interesting development, coming on the release of the latest draft of the aerospace quality standard, AS9100D, which kowtowed completely to TC 176 and is now imposing risk-based thinking on the entire aerospace industry, despite the fact that RBT doesn’t actually exist.
The ISO 13485:2016 standard ultimately reveals the massive flaws in the ISO standards development process, by highlighting when some TCs — such as TC 176 for ISO 9001 — get it so wrong, while others — like TC 210 for medical devices — seem to get it right. Whereas TC 176 cowered in the face of Annex SL and invented intangible, meaningless concepts from thin air in order to comply, TC 210 just stood fast, represented its industry, and sent a clear message to the TMB that it wasn’t going to dumb down its standards for anyone. A large part of the reason for this is that TC 210 is populated by actual, working medical device experts, whereas other TCs, such as 176 for ISO 9001, are populated with nonworking consultants and volunteers with dubious credentials.
Another angle: TC 210 is responding to industry-wide reaction to the PIP breast implant scandal which is likely to (eventually) bring heightened scrutiny to the entire ISO standards and certification scheme. Had TC 210 followed Annex SL, they would have diluted the medical device standard at a time when law enforcement and courts around the world are watching. Whereas TC 176 is blessed with a perfect combination of arrogance and ignorance which allows them to continue to deny their responsibilities related to scandals and deaths happening under its standards, TC 210 didn’t want to take that chance, and is attempting to plug every last hole in ISO 13484 to ensure no one can point fingers at them when things go badly.
With the publication of ISO 13485:2016, TC 210 proves that there never needed to have been such overwhelming timidity when dealing with the ISO TMB, and that with enough leadership, any TC could have pushed back against the inane Annex SL and the other non-consensual demands of the non-elected ISO leadership. If TC 176 had this amount of spine, we might never have had to surrender our profession to the next few decades of wondering what, exactly, is “risk-based thinking” or how the hell to implement it.
MAJOR TAKEAWAYS
In no particular order, here are the major takeaways from a quick look at the new medical device standard ISO 13485:2016:
- No Annex SL alignment at all. Middle finger salute to TMB in effect.
- Largely maintains numbering scheme with previous revision (aligned with ISO 9001:2008)
- No “context of the organization”
- Emphasizes risk-based QMS, but not risk-based “thinking” – this elegantly evolves 13485 into a QMS that relies on risk assessment, without falling into the trap of subjective, vague RBT
- Adopts an older definition of risk as “combination of the probability of occurrence of harm and the severity of that harm” – likely to enrage the ISO establishment
- Ignores Annex SL’s concept of “opportunities” entirely
- Demands a Quality Manual be written
- Avoids the confusing term “documented information,” retains direct callouts for “documents” and “records”
- Adds new clause for a Medical Device File
- Enhanced language on Advisory Notices and actions to take when nonconforming product is found after delivery
- Maintains “classic” approach to preventive action
- More direct callouts to regulatory requirements
- Management review beefed up
- New “design and development transfer” clause added
- Supplier selection and oversight beefed up
- Unique device identification added – possibly a major change, to comply with latest national regulations
- Additional language on complaints handling and regulatory communication
We will have more articles on the standard soon, including a look at the biggest changes.
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 35 years’ experience implementing ISO 9001 and AS9100 systems, and helps establish certification and accreditation bodies with the ISO 17000 series. He is a vocal advocate for the development and use of standards from the point of view of actual users. He is the writer and artist of THE AUDITOR comic strip, and is currently writing the DR. CUBA pulp novel series. Visit www.drcuba.world
