DIN EN ISO 13485:2021-12 is here!

You will probably have been expecting it for a long time: Just in time for Christmas, the draft of DIN EN ISO 13485 was adopted and thus enters into force. Many who have not looked at the draft before and perhaps had been dreaming of a High Level Structure, as in EN ISO 9001, or other improvements will be bitterly disappointed.

Since it is “only” the amendment A11 of the European standard edition based on the unchanged ISO standard, hardly anything has changed in terms of content. The most important thing, however, the Z-annexes, have been adapted to the MDR and IVDR and thus show what we all expected:

EN ISO 13485 shall continue to be the standard that can be applied for the design of the QM system to generate the presumption of conformity with the MDR and IVDR.

In addition, at least in the DIN version, terms were adapted, the correction of 2017-01 was integrated, and editorial as well as linguistic changes were made. The bottom line is that everything remains as it is.

In fact, the MDR and IVDR give little specific information on how to design one’s QM system. If one takes a closer look at Article 10, paragraph 9 of the MDR and Article 10, paragraph 8 of the IVDR, they mainly call for processes that the regulations already call for under other articles, to be part of the QM system as a process (e.g. risk management, post market surveillance [PMS], vigilance). Or sections of ISO 13485 are recommended (e.g. management responsibility, resource management, management of corrective and preventive actions), which are also assigned as covered by the standard in the new Z annexes.

However, even the harmonisation of EN ISO 13485 cannot clarify how exactly the “a strategy for regulatory compliance, including compliance with conformity assessment procedures…” required by the MDR in Article 10, Paragraph 9 a), is to be implemented, as such country or target market-specific requirements are foreign to ISO 13485. It is therefore no surprise that Article 10 and Annex IX and Annex XI of both regulations are only partially covered or not covered at all in many places and that corresponding requirements of MDR and IVDR must be additionally incorporated into the QM system here.

ISO 13485 sees itself as a standard that provides the framework for a QM system into which further processes or process elements can be integrated depending on the applicable regulatory requirements. For example, it completely omits the topic of approval, only generally requiring a product that meets the applicable regulatory requirements of the target country or market. Similarly, although the topic of “reporting to regulatory authorities” has been taken up, it also needs to be backed up with concrete regulatory requirements. Topics such as biocompatibility, usability or PMS must be implemented by the manufacturer himself in the right places in the QM system. More general topics are of course considered and considered within the requirements, which then provide the framework for the specific requirements.

In addition, a terminological difference is to be mentioned: MDR Article 10 Paragraph 12 and IVDR Article 10 paragraph 11 respectively states:

“Manufacturers who consider or have reason to believe that a product which they have placed on the market or put into service is not in conformity with this Regulation shall immediately take the corrective measures necessary to bring that product into conformity, to withdraw it or recall it, if appropriate. “

Here, Annex Z indicates that these “corrective actions” would be referred to as “corrective action” in the terminology of ISO 13485, i.e. first only immediate elimination of the non-conformity and only later root cause analysis and elimination (this would then be the corrective action). This slight vagueness actually also runs through Articles 87 and 89. If one continues to use the established ISO 9000 definitions of terms, one should be aware of this in order to avoid confusion with authorities or the Notified Body.

Years ago, the European Union asked the ISO (International Organization for Standardization) to revise the standards relevant to medical technology. As a result, some standards have recently been revised by ISO and then harmonised by CEN (European Committee for Standardization). But of course these processes take time. And a complete revision, as would be necessary for the implementation of the High Level Structure in ISO 13485, is certainly no small matter. Especially since ISO 13485 is not yet listed among the international standards listed as being in progress. Obviously, in this case, one did not want to wait for the ISO to harmonise, but to create clarity for all manufacturers in the year in which the MDR replaced the MDD.

In addition, the recent history of ISO 13485 is a bit tricky. ISO 9001 introduced the High Level Structure in 2015, and ISO 13485, published shortly afterwards in 2016, continued to retain its familiar structure. Thus, it has since made it difficult for companies to make a simple, easy-to-use and understandable unification of ISO 9001 and ISO 13485 in their QM system. At the same time, the USA and Canada are increasingly backing ISO 13485 by clearly supporting the MDSA program (Medical Device Single Audit Program). Which raises the question of whether a revision of the standard is even wanted here.

Please note that all details and listings do not claim to be complete, are without guarantee and are for information purposes only.