Many organizations with the potential to supply components, packaging, and other goods and services (incl. logistics) to the Medical Device Sector are scared off by talk of CE Marking, Notified Bodies, regulatory inspections, unannounced/surprise audits, and the like.
It's all nonsense (well, almost all). You don't believe me? Then read on. There could be a lot of high-margin business that you're missing out on.
In this article, we’ll consider nine frequently asked questions:
Let’s get started.
We're considering the position of component and packaging (including labeling) manufacturers and logistics/distribution companies. The former input materials and services to medical device manufacturers and the latter provide distribution and other services for the finished product.
To answer the question: ISO 13485 is designed and intended for use by the entire medical device supply chain. And what tends to happen is that those evaluating potential suppliers have a tendency to ask about ISO 13485.
Indeed, some manufacturers mandate it as a prerequisite requirement. So, it can only help to have such certification. Surprisingly, it is not necessary to be a supplier to the medical device sector to get ISO 13485 certification.
Yes, you can get certified as a medical device component manufacturer without manufacturing any components.
There are many suppliers to the sector with ISO 9001 certification alone where additional requirements are dealt with in a Sales Contract or SLA (service level agreement).
It gets a bit more complex for distributors. Some regulatory bodies (e.g. Ireland HPRA) have guidelines that mention ISO 13485 certification. Regulators of the pharma and medical device sectors have a long history of treating guidelines as ‘holy writ’. They will audit/inspect against guidelines as if they were mandatory.
While it is far from certain, many CBs (certification bodies) expect ISO 13485 certification to become the norm for distributors and prospective distributors in the near future.
So, if customers are happy with ISO 9001 certification, don’t change. But, if you want to add to your list of medical device customers, or enter the sector, ISO 13485 certification is necessary.
No, it’s not. There are two significant differences between ISO 9001 and ISO 13485
An integrated management system is often suggested here. But this is not a practical proposition. These are two distinctive standards requiring two management systems, albeit ones that are compatible with one another and have shared processes/procedures (e.g., a combined internal audit program and a single nonconformance procedure).
A definite "Yes."
The auditing standard, ISO 19011, brings Supply Chain risks and other issues to the ISO Auditors’ attention. The 2016 version of the ISO 13485 Standard was written with this in mind (see Section 1). Here are some of the key Medical Device Supply Chain issues arising:
Component quality can (critically) affect, for example,
Relevant warehousing, handling, storage, and delivery issues include ...
The vast range of services here includes...
It makes sense that Manufacturers define their requirements in SLAs (service level agreements) developed in consultation with Suppliers so that hazards and threats to patient/user safety and the effective and efficient operation of medical devices can be best assured.
These threats and hazards can then be reviewed and documented, and ongoing agreements to maintain the necessary controls and precautions can be managed in the context of an MDMS and ISO 13485 Certification.
No. While you may be asked by a customer to affix a CE mark to a component, you will be doing so on the ‘manufacturer’s’ behalf.
Regulations under ISO standards define the ‘manufacturer’ as the entity that holds the marketing authorization/license. Only ‘manufacturers’ need to engage in the protracted and (usually) expensive process of getting a CE Mark for a medical device or an IVDMD.
Suppliers to manufacturers (including distributors) do NOT require CE Marks.
Again, no. Regulatory requirements will be defined in the contract (or SLA) by the ‘manufacturer’. There are no regulations that you would be subject to directly.
Yet again, no. Regulatory guidelines, to the extent applicable, will remain the responsibility of ‘manufacturers’ and will be reflected, where necessary, in contracts and SLAs.
As a component manufacturer and supplier to the medical device sector, you will only be subject to Unannounced Audits (a.k.a. Surprise Audits) if your customer - the ‘manufacturer’ - has designated your company as a ‘crucial supplier’ or a ‘critical subcontractor ‘in paperwork submitted in pursuit of CE marking.
Your contract or SLA with the ‘manufacturer’ will advise you of the designation, if applicable. If it doesn’t, ask them in writing (an email will suffice) about your status.
It is more likely that distributors will be subject to Unannounced Audits because of the critical role they play in maintaining the integrity of product identification and traceability.
A combined audit is not a practical proposition; the two standards are very different. ISO 9001 focuses on customer satisfaction and ISO 13485 focuses on the product (quality, performance, traceability, market feedback, et cetera).
Of course, audit fees are always negotiable. If requesting back-to-back audits against the two standards, you should expect a significant discount.
In a word, no. Risk (and opportunity) in ISO 9001 Clause 6.1 is focused on business risks, while risk in ISO 13485 Clause 7.1 addresses patient/end-user safety.
I hope these answers have encouraged you. The market for medical devices and in-vitro devices is growing at an astonishing rate. There are more than 10,000 different types of devices registered globally. And the compound rate of market growth is in excess of 14% per annum by value.
In seeking new suppliers, ‘manufacturers’ place a far higher priority on quality and on-time delivery than on price. You need to get into this high-margin sector. As a basic confirmation of your capability, you need ISO 13485 Certification.
What are you waiting for?
In
We have chosen ISO 21001 certification because, unlike IRCA and Exemplar badges (which, in our opinion, are commercially compromised), it is based on independent third-party assessment. It is a ‘university grade’ standard in use globally by schools, colleges, and universities to demonstrate their competence.
We provide Courses for ISO 9001, ISO 13485, ISO 14001, ISO 17025, ISO 27001, ISO 45001, Dada Protection, Risk Management, and more.