While ISO 13485 is written in black and white, the alignment between the standard's requirements and expectations is not always clear - especially in regards to SaMD (software as a medical device). This session will discuss aligning ISO 13485 with best practices for SaMD, and how we can expect the shift of the industry to impact the anchor standard of the medical device industry.
This presentation originally aired during the 2022 Future of QMS Requirements Virtual Summit.
Call Girls Ludhiana Just Call 9907093804 Top Class Call Girl Service Available
ISO 13485: What's Next?
1. ISO 13485 – What’s Next?
Presented by: Chandler Thames, Director of Quality at Rook Quality Systems
Date: November 1, 2022
2. MEDICAL DEVICE QUALITY IS ALL WE DO,
AND WE’RE ALWAYS AHEAD OF THE GAME.
“Modern QMS Software and Outstanding Customer Service.”
“Demystifying QMS and Regulatory Requirements”
“Best eQMS I have
ever used...”
This is the easiest eQMS I have used in
the 20 years I have been in the Medical
Device Industry. It is simple, intuitive
and easy to use… We are successfully
implementing a Quality Culture.
- Director of Regulatory Affairs
& Quality Assurance
“Makes your QMS Simple and Effective”
1.5M
years industry
experience
522k
podcast listeners
182k+
look to us for the
latest in quality
#1
blog and podcast
in the industry
3. 3
Experience
Nearly a decade working with class I-III devices,
SaMD, and IVDs. Supporting companies in the very
early stages of QMS and device creation, from design
through commercialization and post-market
monitoring.
Rook Quality
Systems is a
consulting firm
dedicated to helping
startup to mid-sized
medical device
companies develop
and maintain
effective and efficient
quality systems.
Expertise
Rook's team of eight Certified Auditors are experts in FDA
regulations, MDSAP audits, ISO 13485:2016 compliance,
and MDR conformity and provide support during an
external or regulatory audit.
Efficiency
We leverage experience and best practices to help build
the QMS so that clients can get their devices to market
faster than standard methods, and use these systems
to continue producing effective, quality devices.
3
4. 4
We provide specialized and custom consulting
services for all classes of medical devices, including
medical software and combination devices.
Audit Support
Regulatory Submission
Support (Int’l)
DHF/ TF Creation Software Validation
Design Control Risk Management Quality System Training
Quality System Design
4
5. Webinar Outline
ISO 13485 and SaMD
• ISO 13485 Overview
• SaMD Challenges
Key Considerations for SaMD QMS
• Commonly Observed SaMD QMS Gaps
• Aligning SaMD Processes with QMS Processes
• SaMD Guidance Documents
What’s Next for ISO 13485?
• History of ISO 13485 Changes
• Potential for Upcoming ISO 13485 Changes
What’s Next for SaMD QMS?
5
5
6. ISO 13485 and SaMD
ISO 13485:2016 defines QMS requirements for medical device manufacturers.
• ISO 13485:2016 is the internationally recognized standard for Medical Device
QMS – being recognized as a consensus standard by the EU and recently driving
the FDA to update the Quality System Regulations (QSR).
• The standard is heavily encouraged by the industry, and even required in some
markets such as Canada, the E.U. (not legally required, but practically required),
and smaller countries which do not have an established regulatory agency.
• The standard addresses organizational requirements, design and development
requirements, production requirements, and post-market requirements.
6
6
7. ISO 13485 and SaMD
ISO 13485:2016 Contents
• Clauses 1, 2, and 3 provide the scope of the standard, normative references, and
terms and definitions, respectively.
• Clause 4 – Quality Management System
• Clause 5 – Management Responsibility
• Clause 6 – Resource Management
• Clause 7 – Product Realization (addresses design and production)
• Clause 8 – Measurement, Analysis, and Improvement (addresses post-market
requirements, nonconformities, and CAPAs)
7
7
8. ISO 13485 and SaMD
Software as a Medical Device (SaMD) Challenges:
• ISO 13485:2016, while addressing QMS software and production software, does
not address PRODUCT software.
• Design and Development clauses do not sufficiently address the typical processes
involved in software development.
• Production and Service Provision clauses are written through the lens of a
traditional device manufacturer.
• Several clauses are ambiguous as to whether they would apply to a SaMD QMS.
• ISO 13485:2016 does not direct organizations to the resources to address these
challenges.
8
8
9. Key Considerations for SaMD QMS
9
9
Most Common SaMD QMS Gaps
Clause GAP Organization’s Reasoning
6.4.1 – Work
Environment
No requirements established for the
work environment of personnel involved
in the production of the device.
“Our staff is fully remote; we don’t have a
traditional work environment.”
7.1 – Product
Realization
Risk management procedures involved in
product realization are inadequate in
assessing the risk of the product.
“We follow ISO 14971; we are already
compliant with the standard.”
7.3 – Design and
Development
The design and development process for
the product is not adequately defined.
Verification and validation activities are
not adequately documented.
“Our procedure addressed everything in ISO
13485; that’s all we need.”
“We test everything, we just don’t formally
record it in the QMS.”
10. Key Considerations for SaMD QMS
10
10
Most Common SaMD QMS Gaps
Clause GAP Organization’s Reasoning
7.5.1 – Control of
Production and
Service Provisions
Procedures for the control of production
and service provisions are undefined.
“We don’t physically manufacture or service
our product; this clause is non-applicable to
our organization.”
7.5.3 – Installation
Activities
Procedures for the control of installation
activities are undefined.
“Our device doesn’t require physical
installation; this clause is non-applicable to
our organization.”
7.5.4 – Servicing
Activities
Procedures for the control of servicing
activities are undefined.
“Our device doesn’t require physical
servicing; this clause is non-applicable to our
organization.”
11. Key Considerations for SaMD QMS
11
11
Most Common SaMD QMS Gaps
Clause GAP Organization’s Reasoning
7.5.10 – Customer
Property
Procedures for the control of customer
property are undefined.
“We don’t receive or maintain any customer
property; this clause is non-applicable to our
organization.”
8.3 – Control of
Nonconforming
Product
Procedures for the control of
nonconforming product are undefined.
“We don’t have any physical components or
materials; this clause is non-applicable to
our organization.”
12. Key Considerations for SaMD QMS
12
12
Clause 6.4.1 – Work Environment
A remote work environment is still a work environment. Document the requirements for your remote
staff (internet connection, PC requirements, etc.)
Clause 7.3 – Product Realization
IEC 62304:2006 defines additional requirements for the risk management of medical device software
development (traceable to the software architecture, SOUP considerations, anomaly management).
Clause 7.3.3 – Design and Development
IEC 62304:2006 defines deliverables for the software development process such as software
requirement specifications, software architectural design, software detailed design, and various
software plans. These should be integrated into your Design Controls procedure.
IEC 62304:2006 also defines specific verification activities to perform on software, such as unit
testing, integration testing, and system testing.
13. Key Considerations for SaMD QMS
13
13
Clause 7.5.1 – Control of Production and Service Provisions
SaMD products, while not being subject to traditional manufacturing processes, still undergo a
production process. This typically involves activities performed to “package” the software such as
compiling the software and deploying the software to users.
Clause 7.5.3 – Installation Activities
SaMD products which involve a user downloading an application to their mobile device or PC can be
considered installation activities – whether it is downloaded from the internet or a physical storage
device such as a USB.
Clause 7.5.4 – Servicing Activities
Software updates which are deployed without user intervention (cloud-based software, for example)
or in which updates are made available to users (updating the application on mobile app stores) are
considered servicing activities.
14. Key Considerations for SaMD QMS
14
14
Clause 7.5.10 – Customer Property
Customer data is customer property. Even if the data is not protected health information or subject to
HIPAA or other data privacy laws, any customer data contained in a cloud database is considered
customer property and subject to the requirements of this clause.
Clause 8.3 – Control of Nonconforming Product
Software bugs are considered nonconforming product. While there may be no need for the physical
quarantine of SaMD nonconforming product, the process which establishes how nonconforming
product (i.e., anomalies) is identified, evaluated, and dispositioned should be defined.
15. Key Considerations for SaMD QMS
15
15
Supporting Documents to Drive your SaMD QMS
FDA Guidance Documents:
Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices -
Published in 2005
• New draft guidance published in 2021 – not yet in effect.
General Principles of Software Validation – Published in 2002
Off-The-Shelf Software Use in Medical Devices – Published in 2019
Content of Premarket Submissions for Management of Cybersecurity in Medical Devices – Published
in 2014
• New draft guidance published in 2022 – not yet in effect.
16. Key Considerations for SaMD QMS
16
16
Supporting Documents to Drive your SaMD QMS
IMDRF Guidance Documents:
IMDRF/SaMD WG/N23 Software as a Medical Device (SaMD): Application of Quality Management
System – Published in 2015.
IMDRF/SaMD WG/N12 Software as a Medical Device: Possible Framework for Risk Categorization and
Corresponding Considerations – Published in 2014.
Relevant Supporting Standards:
IEC 62304:2006 – Medical Device Software – Software Life Cycle Processes – Published in 2006.
17. What’s Next for ISO 13485?
17
17
ISO 13485:2003
Published
•July
2003
ISO 13485:2003
to be Revised
•May
2011
ISO 13485:2016
Published
•Feb
2016
ISO 13485:2016
Reviewed and
Confirmed
•Jan
2020
ISO 13485:2016
Next Scheduled
Review
•Jan
2025
ISO 13485 New
Revision? (if
necessary)
• ~2029
ISO 13485:2016 Amendment 11
• ISO 13845:2016/A11:2021 (Amendment
11) was published in 2021.
• This amendment aligns ISO 13485:2016
with EU MDR 2017/745 requirements.
• The amendment implemented CEN/TR
17223:2018 within the standard as
annexes.
• Roughly 3 years to implement this
amendment – and the content of the
amendment was already prepared!
18. What’s Next for ISO 13485?
Upcoming Amendments to Address Software?
Amendment 11 was driven by the need to
harmonize EU MDR QMS requirements with ISO
13485:2016 QMS Requirements.
• Due to the scale of EU MDR implementation,
this was determined to be critical.
While the medical device industry has been
shifting into the software space, highest concern
for now is design and development of SaMD, not
QMS.
• Even so, the standard for medical device
software development (IEC 62304) has not
been revised since 2006.
Unlikely that ISO 13485 is amended to specifically
address medical device software.
18
18
Upcoming Revisions to Address Software?
A new ISO 13485 revision is unlikely to occur prior
to 2029.
ISO 13485 was revised in 2016 to account for
changes in the industry and changes to the parent
standard – ISO 9001.
• Regulators of the industry are more
concerned with addressing software
development over software QMS
requirements.
• ISO 9001 was reviewed and confirmed in
2021.
Unlikely that ISO 13485 is revised any time soon
to specifically address medical device software.
19. What’s Next for ISO 13485:2016?
19
19
Over the last ten years, ISO 13485 has transitioned from optional, to encouraged, to now
being required in some markets.
• Global harmonization around ISO 13485 (MDSAP + FDA + EU).
• Smaller countries with less established regulatory agencies lean heavily on ISO 13485 for
clearing and approving new devices to their markets.
• The trend of countries mandating ISO 13485 compliance is expected to continue.
Greater market participation should drive ISO 13485 alignment with the industry, but this
will take time.
20. What’s Next for SaMD QMS?
20
20
SaMD QMS requirements are likely to be driven by guidance documents for the
foreseeable future.
FDA has been allocating resources to ensuring adequate guidance is available for SaMD
products.
• Draft FDA Guidance: Content of Premarket Submissions for Device Software Functions was published
November 2021
• Draft FDA Guidance: Cybersecurity in Medical Devices: Quality System Considerations and Content of
Premarket Submissions was published April 2022.
• FDA Guidance: Off-The-Shelf Software Use in Medical Devices – Published in 2019
IMDRF has established a SaMD Working Group (WG) which is continuing to work on developing global
access to guidance for SaMD products.
21. Questions?
www.RookQS.com
Make sure to visit our website to learn more about our services
and consulting team.
Contact info@rookqs.com for more questions, comments, or
to set up a meeting. One of our consultants will be sure to reach
out to assist!
21