Quality management system (QMS) standard ISO 9001:2015 has been published and as a result, regulated companies seeking ISO 9001 certification now have three years to meet the QMS requirements in this latest edition.
So What’s new?
The 2015 version leads on a more advanced structure to ensure that management system standards are aligned with consistent requirements that also makes it easier for organisations to integrate the necessities of more than one ISO management system standard.
- Increased focus on risk-based rational as a foundation for the management system.
- More flexibility on sets of documentation and reduced prescriptive requirements.
- Major focus on achieving value for the organisation itself and its customers.
- Enhanced leadership involvement in the management system.
The most prominent change is the focus on Risk, which is included in nearly every section as an explicit requirement for risk-based thinking to improve the process approach.
This risk-based thinking makes preventive action part of tactical and operational planning on a proactive basis with “actions to address risks and opportunities” in ISO 9001:2015. The standard now requires that an organisation and its personnel from top to bottom identify and address any internal and external factors for risk that may affect their QMS’s capacity to deliver intended results to customer requirements.
Impact on Medical Devices ISO 13485:
ISO 9001 can be used by any company within any industry sector whereas ISO 13845 requirements are tailored specifically to medical device companies’ QMS. Nevertheless, ISO 13485 still has its foundations in ISO9001 and therefore for medical device manufacturers, the publication of ISO 9001:2015 offers something of a preview and a benchmark of forthcoming alterations to ISO 13485.
Currently, we are in the process of a finalised draft international standard ISO 13485:201X and once voted and approved medical device companies will then have three years to transition to the new ISO 13485.
Like the final ISO 9001:2015, the draft ISO 13845 places substantial emphasis on risk management and a risk-based approach when developing processes and mere preventative ‘maintenance’ is not adequate. Anything that affects the operation of the QMS must be viewed from a risk perspective. Furthermore, it is designed to also incorporate suppliers and contractors across product development through product realization.
Interestingly like ISO 9001:2015, when processes are outsourced, it wants organisations to look at controls on risk for instances such as: if a supplier fails to meet specifications, how will that then feed into and affect the organisation’s quality system?
Risk has further impression in a number of other areas of ISO 13485, including from a human resources where if an employee’s individual actions have been incompetent, what are the vicarious risks to quality?
For medical device manufacturers there are risks in all the finer details of processes and functions and the risk is all the more acute when you are providing products critical to human life.
From a personal viewpoint, we take it for granted that devices used in hospitals for critical care are of high quality and performance at the vital times, but for manufacturers, the risks of getting it wrong are substantial. Medical device manufacturers should be working proactively in the here and now to integrate the principles of risk- based thinking and management to safeguard and imbed from the beginning of the product life cycle and throughout the quality system.
I believe the new ISO13485 will serve to reassure stakeholders and patients that the requirements are being met, at every stage of the product's life cycle.
What are your thoughts on the new ISO 9001 and how do you think it will impact the medical device industry?