What's a management system and what's the ISO 13485 in particular?

Written by Michael Thode Posted in norm ISO 13485

Talking about the ISO 13485 means talking about a management system.

That’s why I want to approach this topic theoretically as a start and then explain briefly what a management system is.

 

What’s a management system?

A management system includes methods and instruments for complying with requirements. There are different management systems, for example:

  • quality management system
  • environmental management system
  • compliance management system
  • and more.

Many companies run one or different management systems. When running one management system, it can be seen as an “isolated” management system. If different management systems are run together, it’s called an integrated management system (IMS).

ISO 9001 is the most popular management system. According to ISO (International Organization for Standardization), there are more than 1 mio. organizations globally that have certified such a quality management system, and ca. 50.000 in Germany. The reason for this popularity is that ISO 9001 is kept very general in its requirements and any kind of organization (the norm doesn’t use the word “company”) can certify themselves using this internationally valid norm.

Another very popular combination of management systems is the ISO 9001 (quality management) in conjunction with ISO 14001 (environmental management).

 

What’s ISO 13485 in particular?

The ISO 13485, resp. that norm’s requirements, is/are a quality management system. But unlike the ISO 9001, which is applicable for organizations of any kind, the ISO 13485 is applicable only for medical products. That’s the reason why the ISO 13485 is called “Medical devices – Quality management systems – Requirements for regulatory purposes”.

Another difference to ISO 9001 already hides in the title, which becomes even more apparent in the norm itself. While the ISO 9001 is more about constant improvement, this isn’t the case for ISO 13485. The DIN EN ISO 13485 is primarily about avoiding mistakes and the documentation resp. traceability of different things. Regulatory purposes play a big role as well (as already mentioned in the title), due to the fact that manufacturers of medical devices or components of medical devices are situated in a (as I like to call it) “safety-relevant” area. The products are applied directly to humans or even inside them and a product defect can quickly endanger the patient’s life and limb.

 

ISO 13485 manual and documentation

A certification in conformity with ISO 13485 requires a quality management manual and further documentation as a proof that the norm requirements have been implemented and complied with.

While other management systems don’t explicitly require a manual anymore, this is still the case for 13485. If the term “manual” makes you think of a heavy printed tome, you aren’t completely right. The quality management manual and any kind of other documentation doesn’t have to be available as a printed hard copy. The documentation can be kept in any form. It can be saved as Office files, as a wiki system or by a special quality management software.

 

Procedure for ISO 13485 certification

Rather rudimentarily, you could say that you have to prove that you comply with the norm requirements.

I’d like to elaborate on that, though. If a company wants to be certified according to ISO 13485, it needs to meet all requirements defined by the norm and document that. This will be examined by an accredited certification company in an audit (by an auditor). The auditor doesn’t rely solely on flowery words in the standard documentation like “we do this” or “we do that”. Rather, the auditor will check with the help of objective proof if you actually do this or that. For example, if you mention that you keep records for medical products, then you can expect that the auditor will want to see these records.

During such a certification audit according to ISO 13485, the auditor will check progressively all the norm’s requirements and make notes of his results, which are going to be summed up later in an audit report. Optimally and in case of no bigger deviations, the auditor will recommend to the certification company that they grant the ISO 13485 certificate. The certification company’s head will then check this audit report. If it’s complete and conclusive, the certification company will grant the ISO 13485 certificate.

I just checked the webpage of DakkS (Deutsche Akkreditierungsstelle): at the present, there are 58 certification companies accredited for ISO 13485.

 

Revision in 2016

ISO 13485 was most recently revised in 2016. This is why it’s officially called DIN EN ISO 13485:2016.

For reasons of scope I can’t go into details which changes have been made compared to the previous revision. It’s noteworthy however that 13485 hasn’t adopted the HLS (High Level Structure), which has been used to structure other management systems in the meantime. This HLS is meant for simplifying the keeping of IMS (integrated management system) in a single documentation.