ISO 9001 and ISO 13485 are ranges of standards that address different aspects of quality management within a family of terms called ISO 9000. The goal is to organize the internal rules of the business to ensure the best possible customer satisfaction and product production.
What are the differences between ISO 9001 and ISO 13485? The differences between ISO 900 and 13485 is that ISO 9001 is an international standard for a quality management system. ISO 9001 standard is used to install the best possible format when ensuring consumer satisfaction with products and services.
On the other hand, ISO 13485 is the standard for a medical device quality management system. It was the only system that did not receive the 2015 update of ISO 9001. But, many do believe ISO 13485 will be based on ISO 9001 in the near future.
Since ISO 13485 does include the previous ISO 9001 (2008) standards, it does hold its own additional requirements. ISO13485 was most recently updated in 2015. ISO 13485 standards are focused on the effectiveness and quality of medical devices.
There are a lot of similarities between ISO 13845 and ISO 9001 that focus in on the goal of producing high-quality products. There are also 5 significant differences in the structure and aim of these systems.
The ISO 13845 Document methods for uncertainty management in product recognition is much more than that of ISO 9001. Clinical Performance evaluation is a part of design and development validation. It has to be in line with regulatory requirements for the ISO 13845 quality management system.
The monitoring and measurement of the status of a product is a requirement in the ISO 13485 quality management system. Customer property is their health information which must remain concealed from any third-source party.
Authorized employees must be identified, concessions must pass the governing requirements of ISO 13485, and they must determine the effect of any and all rework.
ISO 13845 documentation requirements are much more thorough than that of ISO 9001. Companies certifying medical devices must include a risk- assessment systems in product realization.
Each medical device file states
The quality manual is used to define the structure of documentation within the QMS. The release of out-of-date documents is required for the lifetime of a medical device. Responsibilities and authorities must be recorded in addition to being defined and described. Any relations among personnel must be documented.
Maintenance of activities that affect product quality, Communication of health, clothing, and contamination is obligated. Complaints must be examined in response to customer feedback, which includes the authorization of documentation when remedial actions are not taken.
The purchased products must be traceable including documents and records. There must be documentation of the methods and processes for control the qualification of the foundation. Document requirements for cleanliness or contamination control of the product are necessary.
Installation activities, including confirming, and servicing projects, must be documented. Manage reports and documents for every sterilization batch.
Document procedures for validation of computer software, validation of sterilization, product identification including returns and traceability. Document procedures for traceability are required.
Documentation for implantable medical devices is to include components, materials, and work conditions as well as records of the identifying personnel performing the inspection.
Preserving conventionality of the product is a requirement in order to control measuring and monitoring devices including software that affects product conformity. There also is a feedback system for early warning of all quality problems.
ISO 9001 is not undeviatingly linked to organizational requirements. However, ISO 13845 is when it concerns complaint handlings and post-market monitoring.
The ISO 13845 is subject to much more rigorous standards due to the application of the products. Medical devices have their own unique terminology within the industry.
There are specific rules and qualifications staff members must be aware of to avoid contamination. Unlike ISO 9001, ISO 13485 is concerned about the cleanliness and contamination control of their products.
When it comes to regulatory requirements, the purpose of the standard is to expedite the effectiveness of quality management system regulations around the globe.
Meeting product handling requirements is also an essential component of this standard, as the plan is to produce reliable products which have adequate performance.
It is both an international and national standard for all staff to be well-versed in the protocol. The Intent is to monitor information in order to meet customer satisfaction.
Unlike most systems in the ISO 9000 family of systems, ISO 13845 does not follow the 2015 update of ISO 9001. The structure of ISO 13845 is not compatible with other systems within the family.
ISO 9001 first began in 1987. The first revision took place in 2000 and while the most recent update took place in 2015.
The ISO 9001 2015 update significantly changes the landscape after the third clause in 2008's revision to include the context of the organization, leadership, planning, operation, and performance evaluation in replacement of the quality management system.
Both systems maintain the idea of providing the best possible service and products while continuously improving the standard of the company. These systems are not law but are best known for their ability to implement firmness and precision.
To be ISO certified, an organization has to meet the requirements of the ISO 9001 management system while forcing the company to focus on consumer satisfaction and implement improvements to the system.
It would be a 3-6 month process before an organization can become ISO 9001 certified.
The size of the organization or the industry does not matter. The ISO 9001 is the standard for many companies and is the only system among the 9000 family that needs a certification.
ISO certification can enhance an organization’s credibility by showing that their services will meet customer expectations. In most situations or in certain industries, certification can be required or legally mandated.
The certification process includes implementing the requirements of the ISO 9001 (2015). After that is finished, completing a successful registrar’s audit confirming the organization meets those requirements is required to complete certification..
ISO 13845 does require certification yet, a third-party source certification would be quite beneficial. There are special qualifications that a quality management system needs to engage to become certified.
Each organization needs to show its own capacity to produce medical devices and services that meet customer and regulatory demands.
When developing a plan, U.S medical devices need to fall under FDA 21 CFR 820. FDA 21 CFR 820 is known as the quality system regulation that outlines current manufacturing good practices. Which is that which governs methods used in, and facilitates the design, packaging, and labeling of devices in human use.
Essentially Setting managing principles used to control the design process and building process of medical devices.
Each of these levels has associated procedures that will need to be witnessed and controlled. The document control procedure is the one to serve as a foundation for the entire management quality system.
Any and all design control procedures and forms will need to be approved.
After these procedures have been approved, the company will need to begin training personnel on the procedures. Documentation is required.
After each procedure is done, the corresponding disposition will need to be written in as well. This will allow for a natural growth within your manual so it can reflect what was done instead of being copied from the original international standard.
This is a 2 step process. Steps one and two need to be audited by industry-specific and ISO personnel.
Step 1 is typically a one-day audit where negative and positive findings are reported. Nonconformities, or negative finding, will need to undergo corrective action before step two can begin.
Once there is sufficient evidence of progress towards conformity, step two can take place.
Step 2 is a multiple day audit with various auditors. This is a period where the rest of the quality management system processes will be audited.
The recommendation of certification can be revoked if there are major requirements not met. This requires another audit. If they remain minor, only a corrective plan is needed to receive the certification.
Step 1 will require
Once the audit is complete, the report and recommended certification are reviewed and accepted. The company applies remedial action methods for the Stage 2 findings.
After the corrective action plans are accepted, the certification agent will conduct an internal review of all documentation.
A month after the corrective actions are approved, the certification will be issued to the company.
The certification is a process-based standard. It does not define the quality of the products in ISO 9001. This is true, however, for ISO 13485. One person can not receive the ISO certification unless they are a company or organization alone.
There is a 3-year period of recertification in order to remain adept to ISO requirements. The certification body will decide whether not the company reaches the new requirements.
The CB needs to be accredited by an IAF body member before auditing another company. ISO 17021 ensures an international acceptance of the Certification body's certification.
It is possible, however, to be an ISO 9001 certified lead auditor after a 5-day training. This certification gives the auditor the ability to audit other companies.
To become ISO 9001 certified, the company must follow the standards and requirements of the ISO system.
Then an auditor will visit the organization rates the performance of the company against the latest requirements of the ISO QMS.
Some of the requirements needed to become Certified include:
There is not a Certification for ISO 13845. There is no requirement that companies need to be able to design, produce, and implement medical products and services.
All ISO standard is reviewed after 5 years to ensure relevancy in the current marketplace. ISO 13485:2016 was designed to respond to the latest quality management systems practices such as changes in technology.
The International Standard offers rules, guidelines or features for projects or for their issues. Aimed at achieving the maximum level of engagement in a given setting. It can take on many appearances.
Apart from product models, other instances include test methods, systems of practice, standards, and management operations are included in the International requirement.
Written: 26th July 2019
Author: Richard Keen
Richard is our Compliance Director, responsible for content & product development.
But most importantly he is ISO's biggest fanboy and a true evangelist of the standards.
Learn more about Richard