The Internet is full of articles about the implementation of ISO 13485. They talk about “Getting management support”, “Obtain The Documents And Study The Requirements”, “Develop An Implementation Plan”, “Evolution of a Quality Management System”, and other seemingly complex topics.
Although comprehensive, most of these articles are self-serving, aimed at promoting specific services of the writer(s), using a verbiage that confuses the green readers and makes them feel they absolutely need these services.
Yes, we are still going to show you how OUR products can help, but this guidance will bring the explanation down to earth, showing how start-ups and newbies can independently implement ISO 13485.
Where to start?
You WILL need a copy of ISO 13485 and you WILL need to read it.
This will not make you an expert overnight, but will allow you to have a basic understanding of its requirements.
The content
You will need the content of the QMS (Manual, Policy, Procedure, Templates, etc.) and there are different ways to put it together:
| Approach | Pros | Cons |
|---|---|---|
| Fully developed in-house | Builds internal knowledge | Time consuming |
| Fully outsourced (e.g. consultant) | Fast | Users may feel it was “imposed from above” |
| Hybrid, e.g. purchased content customized internally | Faster than starting from scratch and still provides some internal knowledge during its customization | Still requires a certain amount of internal resources and time |
All approaches are valid, the choice depends as usual on the timelines and available resources.
Key points:
- Eventually you will need to show the auditor you have sufficient internal knowledge, consultants are not allowed to participate to certification audits;
Customization – choose your fit
There is no unique way to comply to requirements of ISO 13485 (or any other standard), so processes and procedures can be customized to fit your company and product.
In lay words, you can (and should) write the procedures to reflect how you do things in the Company. Certainly you will need to modify them to include compliance requirements, but still much better than taking a generic procedure and trying to implement it as-is in the company.
Key points:
- Write the procedures around the Company rather than squeeze the Company through generic procedures.
The first procedures
The approach that ISO 13485 suggests is that you have to “design” your QMS, i.e. decide what the internal process are, what procedures define them, responsibilities, build a manual, then write procedures accordingly.
This is the ideal process, but realistically not what a start-up can do with little internal knowledge. No matter the amount of training you get on ISO 13485, “designing” a QMS is no simple task, it requires a significant amount of experience.
The practical approach is to focus on procedures related to “core” processes. Core processes are typically those related to product design, manufacturing and maintenance (clause 7 of ISO 13485 mainly). These are the ones that you will need to define asap and start following asap. No matter how perfect your CAPA process is, if you do not have a product that can go through certification you have no business.
Areas covered by these procedures can be:
- Product development;
- Testing;
- Risk Management;
- Clinical evaluations;
- Usability engineering;
Key points:
- Initially focus on procedures that cover product management.
The supporting processes
Eventually you will also need to cover all other processes and clauses of ISO 13485. Initially keep them simple. You will not need complex CAPA, NC, Management review, etc. procedures for a small start-up; you need something compliant but lean, that can be followed with minimal disruption to current practices.
Unnecessarily complex procedures usually lead to employees not following them, or following them intermittently. Bad for compliance and for the morale of the troops.
Key points:
- Keep supporting processes simple.
Roll-out
When you (the company) feel comfortable enough, it is time to formally release the QMS for everybody to use it. Make sure people have been adequately trained on the procedures they will use and are fully aware that this is happening.
This is where you will need some sort of document management system to control versions and signatures, unless you want to go full paper based.
Key points:
- Make sure everyone is aware of the QMS being in place and their responsibilities.
Small bites
Documents and activities required by your procedures must be created and updated as required. Do it as often as you can in small increments, to avoid getting swamped in major changes and document release situations. Do not leave documents “hanging” in a semi-update status for long times.
Create CAPAs when needed and close them quickly, carry our multiple small internal audits and management reviews, update product documentation regularly to avoid inconsistency between what is on the documents and what you are actually doing.
Key points:
- Small, frequent activities rather than disrupting major ones.
- Updates document when needed, as needed. Do not leave changes “hanging”.
Summary
Creating a ISO 13485 compliant QMS is not an easy task, but a start-up can do if by focusing first on the “core” areas, then the supporting processes. Once implemented, activities required by the QMS should happen regularly and in small steps to make them manageable and inform the users on how to make them faster in the next iteration.
SoftComply offers a QMS starter pack to medical device startups as well as an electronic document management solution on Confluence Cloud. Book a demo call with our team to learn more.
