ISO 13485:2016 identifies needs for a quality management system where an organization requirements to demonstrate its capability to offer medical devices and related services that constantly meet client and applicable regulatory needs. Such organizations can be involved in one or more stages of the life-cycle, including design and development, production, storage and distribution, installation, or servicing of a medical device and design and improvement or provision of associated activities (e.g. technical support). ISO 13485:2016 can also be used by dealers or external parties that deliver product, including quality management system-related services to such organizations.
The standard offers manufacturers, designers, and suppliers to the medical device industry with the framework required to demonstrate compliance to regulatory requirements, mitigate risks, and confirm best practices are taken for quality, safety, and sustainability.
Some of the biggest changes between the 2003 and 2016 version include:
- Incorporation of risk-based approaches beyond product realization. Risk is considered in the context of the safety and performance of the medical device and in meeting regulatory needs;
- Improved linkage with regulatory needs, particularly for regulatory documentation;
- Application to organizations throughout the lifecycle and supply chain for medical devices;
- Harmonization of the needs for software validation for different software applications (QMS software, procedure control software, software for monitoring and measurement) in different clauses of the standard;
- Emphasis on correct infrastructure, particularly for production of sterile medical devices, and addition of needs for validation of sterile barrier properties;
- Additional needs in design and development on consideration of usability, use of standards, verification and validation planning, design transfer and design records;
- Emphasis on complaint handling and reporting to regulatory authorities in accordance with regulatory needs, and consideration of post-market surveillance; and
- Planning and documenting corrective action and preventive action, and applying corrective action without undue postponement.