Explained: General Requirements of 13485
For the establishment of a Quality Management System in any ISO standard, there must be a system of requirements. Every requirement is described in segments.
How and what should an organization do
In the International standard ISO 13485:2016 for medical devices, requirements are specified for a quality management system (QMS). In the sub-clause of the Quality Management System, General requirements are described how and what should an organization do.
The first requirement of the standard, in this sub-clause, is that the organizations are obligated to:
- document a quality management system
- maintain its effectiveness
Also, it’s defined, for organizations to
- implement and
- maintain and document any requirements, procedures, activity or arrangement
The organizations are requested to document the roles that are accepted by the organization under the applicable regulatory requirements.
What is expected from the organizations
- First is expected to define the processes needed for their quality management system.
- The next step is the application of these processes throughout the organization planning for predetermined roles.
They will need to apply a risk-based approach to get easier control of processes and determine their interaction and order.
The explanation is a must
Every organization, for each QMS process, needs to explain methods and criteria to ensure that the operation and control are effective.
It is important that all information and resources are available to sustain the operation and monitoring of these processes. Besides this, the implementation of actions to achieve planned results and maintain the effectiveness of processes are necessary.
Standard requires from organizations to
- Measure as appropriate,
all records needed to demonstrate conformance to this International Standard and compliance with applicable regulatory requirements.
The changes made on processes are intended to be evaluated for their impact on the QMS and production of medical devices under this QMS, and they should be controlled in accordance with the requirements.
Control of processes is must too
The Standard has requirements for the deferent situation. Even when the organization chooses to outsource any process that can affect product conformity, those processes have to be monitored and controlled.
Also, for the outsourced processes, the organization is responsible for its conformity to standard and applicable regulatory requirements.
The controls are intended to be proportionate to the risk involved and the ability of the external party to meet the requirements. The controls will include written quality agreements.
Such software applications will be validated prior to initial use and should be revalidated after each change made to such software or its application. Every activity associated with software validation and revalidation will be proportionate to the risk. The risk must be associated with the use of the software and of course, it will be documented as it’s required by the standard.
You probably heard the phrase “…if it isn’t documented like it didn’t happen.” If you want to know more about the Documentation Requirements of ISO 13485:2016 Standard, read it in our next article.