• Close menu
  • Home
  • Consulting
    • Technical Documentation
      • Software (IEC 62304, FDA)
      • Risk Management (ISO 14971)
      • Clinical Evaluation
      • AI Medical Devices
    • Quality Management (QM)
      • QM System (ISO 13485)
      • Mock Audits & Inspections
      • Quality Representative
    • Services
      • Human Factors Engineering
      • Regulatory Affairs
  • E-Learning
    • Training videos
      • Market your medical device
      • Content
      • Premium Version
      • Watch training videos
  • Training Seminars
    • Medical Device Regulation
    • CPMS Seminar
    • Medical Device Software
    • Human Factors Engineering
    • Risk Management Seminar
    • Inhouse Seminars
    • Medical Device Regulatory Affairs
  • Articles
    • Regulatory Affairs
      • Medical Device Regulation
      • IVD Regulation (IVDR)
      • Medical Device Directive
      • Classification
      • CE Marking
      • Conformity Assessment
      • Harmonized Standards
      • Technical Documentation
      • MEDDEV 2.7/1
      • FDA
        • Breakthrough Devices
        • Safer Technologies Program
      • And more ...
        • CFDA, NMPA
        • Measuring Function
        • Distributor Requirements
        • Class 1 Medical Devices
        • 21 CFR Part 11
        • NAKI - The German National Working Group
        • Accessories for Medical Devices
        • Declaration of Conformity
        • Design input
        • Design Change
        • Measuring Function
        • Essential Requirements
        • GDPR
        • EUDAMED
        • Free Sales Certificates
        • Harmonized Standards
        • IVD Software
        • Laboratory Developed Tests
        • MDR Rule 11 (Software)
        • MEDDEV Documents
        • Notified Bodies
        • Periodic Safety Update Report PSUR
        • Post-Market Surveillance
        • Premarket Approval (510k)
        • Systems & Procedure Packs
        • Technical File versus DHF
        • Unique Device Identification
        • Physiological processes
        • Medizinprodukte-Durchführungsgesetz (MDG)
        • 3D Printing in Medicine: Avoiding Regulatory Traps
        • Qualified Person
    • QM System & ISO 13485
      • Audits
      • CSV
      • Document Control
      • ISO 13485:2016
      • MDSAP
      • Process Validation
      • Supplier management
      • Quality Policy & Objectives
      • Risk Based Approach
      • And more...
        • Electronic signatures
        • Unannounced Audit
    • Software & IEC 62304
      • Software as Medical Device
      • Software Lifecycle
        • Agile Software Development
        • Software Requirements
        • Software Architecture
        • Code Reviews
        • Coding Guidelines
        • Software Testing
      • Safety Classes & Level of Concern
      • SOUP and OTS
      • Medical Apps
      • IT-Security
      • Artificial Intelligence
      • And more...
        • Parameterization
        • Creating standard operating procedures for QM
        • Anonymization and Pseudonymization
        • IEC 60601-4-5
        • CVSS – Common Vulnerability Scoring System
        • Medical grade software
    • Risk Management & ISO 14971
      • Life Cycle Risk Management
      • Update 14971:2012
      • Harm and Severity
      • Hazard and Hazardous Situation
      • Risk Acceptance
      • Risk Mitigation
      • Risk Analysis
      • Software Specifics
      • Third edition of ISO 14971
    • Usability & IEC 62366
      • Main Operating Functions
      • ISO 9241
      • User stories
      • Usability Validation
      • Heuristic Evaluation
    • Product Development
      • Intended Use Description
      • System Architecture
      • Clinical Evaluation
      • Verification versus Validation
      • Biocompatibility - ISO 10993
      • And more ...
        • 2. Amendment to IEC 60601-1
        • Multiple socket-outlets on medical devices
  • Login
  • Logout
  • Contact Us
  • About us
Search
+1 (301) 244-6335

info@johner-institute.com
  • LoginI
  • Contact UsI
  • About us
Search
Logo Johner Institut
  • Display menu
  • Close menu
  • Home
  • Consulting
    Technical Documentation
    • Software (IEC 62304, FDA)
    • Risk Management (ISO 14971)
    • Clinical Evaluation
    • AI Medical Devices
    Quality Management (QM)
    • QM System (ISO 13485)
    • Mock Audits & Inspections
    • Quality Representative
    Services
    • Human Factors Engineering
    • Regulatory Affairs
  • E-Learning
    Training videos
    • Market your medical device
    • Content
    • Premium Version
    • Watch training videos
  • Training Seminars
    Medical Device Regulation
    CPMS Seminar
    Medical Device Software
    Human Factors Engineering
    Risk Management Seminar
    Inhouse Seminars
    Medical Device Regulatory Affairs
  • Articles
    Regulatory Affairs
    • Medical Device Regulation
    • IVD Regulation (IVDR)
    • Medical Device Directive
    • Classification
    • CE Marking
    • Conformity Assessment
    • Harmonized Standards
    • Technical Documentation
    • MEDDEV 2.7/1
    • FDA
    • And more ...
    QM System & ISO 13485
    • Audits
    • CSV
    • Document Control
    • ISO 13485:2016
    • MDSAP
    • Process Validation
    • Supplier management
    • Quality Policy & Objectives
    • Risk Based Approach
    • And more...
    Software & IEC 62304
    • Software as Medical Device
    • Software Lifecycle
    • Safety Classes & Level of Concern
    • SOUP and OTS
    • Medical Apps
    • IT-Security
    • Artificial Intelligence
    • And more...
    Risk Management & ISO 14971
    • Life Cycle Risk Management
    • Update 14971:2012
    • Harm and Severity
    • Hazard and Hazardous Situation
    • Risk Acceptance
    • Risk Mitigation
    • Risk Analysis
    • Software Specifics
    • Third edition of ISO 14971
    Usability & IEC 62366
    • Main Operating Functions
    • ISO 9241
    • User stories
    • Usability Validation
    • Heuristic Evaluation
    Product Development
    • Intended Use Description
    • System Architecture
    • Clinical Evaluation
    • Verification versus Validation
    • Biocompatibility - ISO 10993
    • And more ...
  • Regulatory Affairs
    • Medical Device Regulation
    • IVD Regulation (IVDR)
    • Medical Device Directive
    • Classification
    • CE Marking
    • Conformity Assessment
    • Harmonized Standards
    • Technical Documentation
    • MEDDEV 2.7/1
    • FDA
    • And more ...
  • QM System & ISO 13485
    • Audits
    • CSV
    • Document Control
    • ISO 13485:2016
    • MDSAP
    • Process Validation
    • Supplier management
    • Quality Policy & Objectives
    • Risk Based Approach
    • And more...
  • Software & IEC 62304
    • Software as Medical Device
    • Software Lifecycle
    • Safety Classes & Level of Concern
    • SOUP and OTS
    • Medical Apps
    • IT-Security
    • Artificial Intelligence
    • And more...
  • Risk Management & ISO 14971
    • Life Cycle Risk Management
    • Update 14971:2012
    • Harm and Severity
    • Hazard and Hazardous Situation
    • Risk Acceptance
    • Risk Mitigation
    • Risk Analysis
    • Software Specifics
    • Third edition of ISO 14971
  • Usability & IEC 62366
    • Main Operating Functions
    • ISO 9241
    • User stories
    • Usability Validation
    • Heuristic Evaluation
  • Product Development
    • Intended Use Description
    • System Architecture
    • Clinical Evaluation
    • Verification versus Validation
    • Biocompatibility - ISO 10993
    • And more ...

ISO 13485:2016: What are the differences?

ISO 13485:2016 introduces changes in comparison to the previous versions of the standard. Thereby ISO 13485 became even closer to the requirements under 21 CFR part 820 (Quality System Regulations).

Unfortunately, it will be harder for medical device manufacturers to simultaneously comply with ISO 9001:2015 as the high level structure of both standards diverges.

Differences between ISO 13485:2016 and previous versions

Differences between ISO 13485:2016 and previous versions

First off: ISO 13485:2016 is an evolution of the previous versions having barely been altered since ISO13485:2003 – not a revolution. However, a variety of small changes even affecting chapter structure makes it necessary to deal with this latest version of the standard intensely.

Chapter 1

The new standard specifies that it explicitly also applies to outsourced processes. There must not be a black hole within the value-added chain.

It is also explicitly included that regulatory requirements shall additionally be regarded as well as risk management. The demand of meeting regulatory requirements was already existent in Chapter 7.1. This no longer exclusively applies to development.

Chapter 3

A new term, namely the medical device family, allows for providing evidence not only on the level of a product, but also on the level of a medical device family. For example, risk management could be carried out only once for very similar devices belonging to one family instead of carrying it out redundantly for each individual family member.

Chapter 4

Software validation: What used to be rather ensconced in Chapter 8 is now explicitly expressed in Chapter 4.1 of ISO 13485:2016: Software used in a quality management systems must be validated. An example would be software to manage customer feedback. This requirement is no longer limited to production and service provision.

Chapter 5

From now on,  the management review (chapter 5.6) must additionally consider:

  • Input: complaint handling, notifications to authorities and measurement of products and processes
  • Output: suitability and adequacy of the QM-system

Chapter 7

Risk management can, but must not be compliant with ISO 14971.

Chapter 7.3's structure has been revised in ISO 13485:2016. New are the demands for documenting "procedures for design and development", including design transfer. Here, again, the FDA's influence becomes noticeable.

According to chapter 7.3.8, this design transfer would ideally be carried out after verification, but prior to validation, for example to validate products of pilot series.

Also new is chapter 7.3.10, design and development files, corresponding to the FDA's Design History File.

Chapter 7.5.6 on process validation requires more precisely that relevant process' software shall be validated.

Chapter 8

Two new subchapters have been incorporated into the new version of ISO 13485:

  • chapter 8.2.2 addresses complaint handling more detailed
  • chapter 8.2.3 addresses the communication with authorities and notified bodies

The analysis of data (chapter 8.4) now must explicitly consider results of audits and service reports (as appropriate).

ISO 13485:2016: Good or bad? A Conclusion

Things are getting easier

Better interplay with 21 CFR part 820: ISO 13485:2016 now better covers requirements of 21 CFR part 820. Companies exporting to the USA should therefore already partly meet the requirements.

Better coverage of MDD: ISO 13485 only partly covered requirements for a quality management system by directives such as the MDD. With the new version of 2016, the coverage ratio is increasing, for example regarding communication with authorities. Annexes ZA to ZC illustrate that mapping.

Challenges

Divergence 9001 and 13485: the two standards ISO 13485 and ISO 9001 diverge regarding their 2015 and 2016 version respectively. Mapping becomes increasingly difficult; also, because the high level chapter structures are no longer congruent. A mapping table in the annex to ISO 13485:2016 is not estimated to be error-free.

Time Line

ISO 13485:2016 was submitted as FDIS in October 2015.The standard was issued in March 2016. DIN EN 13485:2016 followed in August 2016.

The transition period of the old ISO 13485 is terminating in November 2019. However, EN ISO 13485:2016 names March 2019. Though relevant is the DaKKS’s estimation: it refers to 31 March 2019 (update January 2018).

A harmonization of ISO 13485:2016 regarding the Medical Device Directive (MDD) and In-Vitro Diagnostic Directive took place in December 2017. It is still open until when the standard will be harmonized to the Medical Device Regulation (MDR).

The accreditation of notified bodies has partly happened as late as mid of 2017.

If ISO 13485 will follow the structure of ISO 9001 in the long term is not yet clear and still lies ahead, anyway.

Tips on Transitioning to the 2016 Version of ISO 13485

The following tips are useful for a successful transition to the new version of ISO 13485:

  • Talk to your notified body about when you will transition to the new standard.
  • Make a gap analysis and assess the efforts to upgrade your QM system. Johner Institute can help you fast and effectively (contact)
  • Draw up a plan on when you will implement which (new) requirement.
  • Do not make use of some freedoms ISO 9001:2015 would offer you, such as foregoing a QM manual.
  • Watch out for suppliers only "certified" according to ISO 9001 to operate in compliance with the rules of your(!) QM system, if required.
  • Plan a mock-up audit to assess the readiness for your next certification audit and to avoid any unforeseen problems.

Company

  • About us
  • Contact
  • About Prof. Dr. Johner
  • Our customers
  • Imprint
  • Privacy Policy

Links

  • Consulting
  • Login Auditgarant
  • Trainings
  • Articles

Products

  • Auditgarant (E-Learning)
  • CPMS Seminar
  • Usability Seminar

Free offers

  • Starter-Kit
  • Ask an expert
  • SSRS-Checklist
ISO 13485:2016
Logo Johner Institut

This site uses cookies. By using this website, you agree to the use of cookies.

For more information see our Privacy Policy