By Edwin Bills, Consultant

The 2003 edition of ISO 13485 has now been withdrawn and fully replaced by the 2016 edition.[i]  As a result, a technical report on the 2003 edition, ISO TR 14969, also was withdrawn and replaced by a new ISO handbook, ISO 13485:2016 A practical guide,[ii] released in 2017. An earlier Med Device Online article discussed some of the issues these changes caused for small device companies.[iii]

Thought everything was settled? ISO 13485 is up for periodic review, and the ISO Technical Management Board (TMB) has indicated that the technical committee responsible for ISO 13485 should revise the standard to comply with the new High-Level Management System Structure (MSS) for all documents of this type. The 2015 version of ISO 9001 is in the new structure, and it is organized in a vastly different format. 

There has been outcry by the industry and regulators to leave the structure alone; they reason the industry already has too many changes in regulations and standards to deal with – why pile on a change that is meaningless in the technical content of the standard? The ISO 13485:2016 revision dodged that bullet by convincing the TMB to not adopt the structure in the 2016 edition, and the TMB is not sure about letting it slide one more time. But, a change to the MSS also is forthcoming, and the Technical Committee may have good reason to avoid the pressure by ISO’s TMB. 

At any rate, this change in structure would not take place until the next edition is effective so, regardless of the outcome, industry would have a few years to comply with the new document.  The big problem, of course, would be to get the technical committee started on the new revision, considering all the other work in process in the industry. And, eventually, companies would have to deal with the changes in revising their quality system policies and procedures.

Today, we have EU MDR/IVDR issues more pressing than the structure of the 13485 standard.  There is no harmonized quality system standard for the MDR or the IVDR, as the harmonization process for standards has not been activated. The industry has just over a year to establish the process, put in place a quality system standard (a new EN ISO 13485:20XX, presumably), and complete a Notified Body (NB) audit to provide evidence of compliance.

The Notified Body situation currently is impossible; as of this writing, only BSI UK has updated its certification as a Notified Body – and the company will (likely) be de-certified by Brexit in March.   BSI is trying to get its Netherlands office Notified to the MDR and the IVDR, and has asked its clients to transfer MDR and IVDR certificates to this new office.  However, is the client’s responsibility to complete the certificate transfer. An Italian NB reported it is in the last stages of receiving approval for NB status, but NB availability remains an impossible situation for the industry. Technically, the EU expects to have all necessary pieces in place in time to meet the MDR’s May 2020 full implementation deadline, but lacks the throughput to certify the entire industry to the new regulations in time to keep all the products on the market. The IVDR’s full implementation is slated for 2022.