Your Guide to Implementing ISO 13485

Benefits of Implementation

Implementing a Quality Management System for Medical Device Manufacturing to your business can cite numerous benefits. ISO 13485 provides a framework for good management practice which demonstrates the businesses commitment to manufacturing high-quality medical devices.
 
ISO 13485 was created to ensure that medical devices, no matter where they are from, demonstrate the same reliability and quality. Having this standard can help expand potential market and lead advantages for regulatory approval in major markets like the European Union and Canada. Having ISO 13485 can also have a positive impact, indicating an organization’s commitment to high quality.

Larger medical device businesses prefer to work with vendors who have implemented a quality management system for medical devices and are ISO 13485 certified. Revisions in the 2016 update to this standard meant that companies are responsible for ensuring that any subcontractors also conform to ISO 13485 standards. Subcontractors that are already ISO 13485 certified are likely to be prioritized.

The standards documentation is designed to help personnel have access to the information they need, when they need it. Having access to the right information can reduce the time and expense associated with product development. Documenting the processes associated with their medical devices could also help organizations develop a consolidated knowledge base; this can help to identify problems, improve the product, and streamline the manufacturing process.

Risk Based Thinking/Audits

Audits are a systematic, evidence-based, process approach to evaluation of your Quality Management System. They are undertaken internally and externally to verify the effectiveness of the QMS. Audits are a brilliant example of how risk-based thinking is adopted within quality management.

1ST PARTY AUDITS - INTERNAL AUDITS

Internal audits are a great opportunity for learning within your organization. They provide time to focus on a particular process or department in order to truly assess its performance. The purpose of an internal audit is to ensure adherence to policies, procedures and processes as determined by you, the organization, and to confirm compliance with the requirements of ISO 13485.

AUDIT PLANNING

Devising an audit schedule can sound like a complicated exercise. Depending on the scale and complexity of your operations, you may schedule internal audits anywhere from every month to once a year.

RISK-BASED THINGING

The best way to consider frequency of audits is to look at the risks involved in the process or business area to be audited. Any process which is high risk, either because it has a high potential to go wrong or because the consequences would be severe if it did go wrong, then you will want to audit that process more frequently than a low risk process. How you assess risk is entirely up to you. ISO 13485 doesn’t dictate any particular method of risk assessment or risk management. You may wish to review ISO 14971 for more information on risk management.

2ND PARTY - EXTRNAL AUDITS

Second party audits are usually carried out by customers or by others on their behalf, or you may carry them out on your external providers. 2nd party audits can also be carried out by regulators or any other external party that has a formal interest in an organization. You may have little control over the timing and frequency of these audits, however establishing your own QMS will ensure you are well prepared for their arrival.

3RD PARTY - CERTIIFCATION AUDITS

Third party audits are carried out by external bodies, usually UKAS accredited certification bodies such as NQA. The certification body will assess conformance to the ISO 134851:2016 standard. This involves a representative of the certification body visiting the organization and assessing the relevant system and its processes. Maintaining certification also involves periodic reassessments. Certification demonstrates you have a commitment to quality.

CERTIFICATION ASSURES

• regular assessment to continually monitor and improve processes.

• credibility that the system can achieve its intended outcomes.

• reduced risk and uncertainty and increase market opportunities.

• consistency in the outputs designed to meet expectations.

Process Based Thinking/Audits

A process is the transformation of inputs to outputs, which takes place as a series of steps or activities which result in the planned objective(s). Often the output of one process becomes an input to another subsequent process. Very few processes operate in isolation from any other.

“Process: set of interrelated or interacting activities that use inputs to deliver an intended result.”
- ISO 9000:2015 Fundamentals and Vocabulary

Even an audit has a process approach. It begins with identifying the scope and criteria, establishes a clear course of action to achieve the outcome and has a defined output (the audit report). Using the process approach to auditing also ensures the correct time and skills are allocated to the audit. This makes it an effective evaluation of the performance of the QMS.

“Consistent and predictable results are achieved more effectively and efficiently when activities are understood and managed as interrelated processes that function as a coherent system.”

ISO 9000:2015 FUNDAMENTALS AND VOCABULARY

Understanding how processes interrelate and produce results can help you to identify opportunities for improvement and thus optimise overall performance. This also applies where processes, or parts of processes, are outsourced. Understanding exactly how this affects or could affect the outcome and communicating this clearly to the business partner (providing the outsourced product or service) ensures clarity and accountability in the process.

The final process step is to review the outcome of the audit and ensure the information obtained is put to good use. A formal Management Review is the opportunity to reflect on the performance of the QMS and to make decisions on how and where to improve.

Clause 1: Scope

The ISO 13485 standard identifies requirements for a quality management system that organization needs to demonstrate their ability to provide medical devices and services that meets customer and applicable regulatory requirements consistently. This standard can be applied to organizations that are involved in one or more stages of the life-cycle. ISO 13485 can also be used by suppliers and external parties that provide products and services to such organizations.

The intention is if your organization is involved with medical device provision, ISO 13485 establishes the QMS requirements to be met. Whether you have a specific product or not, the requirements focus on your organizations ability to consistently provide a product that meets customer and applicable regulatory requirements.

The scope of ISO 13485 is not just for manufacturers but third parties such as those involved in the supply chain or delivering services. The section sets out that the Standard is applicable to all organizations involved in the product life-cycle of medical products, including design, repair, installation, maintenance, and storage of medical devices.

Clause 2: Normative References

‘Normative references’ simply means any other documents which are referenced within the management system standard. In the case of ISO 13485:2016, there are many references made to ISO 9000:2015, Quality management systems – Fundamentals and vocabulary.
 
ISO 9000:2015 is the only normative reference for ISO 13485; it is integral to the standard. Whilst it is not mandatory to purchase ISO 9000:2015, it would be valuable to understand the standard and apply it to ISO 13485.

Clause 3: Terms and Definitions

The terms and definitions given in ISO 9001:2015 apply. But be aware that the definitions provided for ISO 13485 may differ from the definition in ISO 9000:2015 due to the application of the medical device sector.

When you write your quality management system documentation, you don’t have to use these exact terms. However, it does help to clarify the meaning and intention if you can define the terms you have used. Providing a glossary within your system documentation may be useful.

'Advisory notice' - notice issued by the organization, subsequent to delivery of the medical device, to provide supplementary information or to advise on action to be taken in the:

• use of a medical device,

• modification of a medical device,

• return of the medical device to the organization that supplied it, or

• destruction of a medical device.

'Authorized representative' - natural or legal person established within a country or jurisdiction who has received a written mandate from the manufacturer to act on his behalf for specified tasks with regard to the latter’s obligations under that country or jurisdiction’s legislation.

'Clinical evaluation' - assessment and analysis of clinical data pertaining to a medical device to verify the clinical safety and performance of the device when used as intended by the manufacturer.

'Complaint' - written, electronic or oral communication that alleges deficiencies related to the identity, quality, durability, reliability, usability, safety or performance of a medical device that has been released from the organization’s control or related to a service that affects the performance of such medical devices.

'Distributor' - natural or legal person in the supply chain who, on his own behalf, furthers the availability of a medical device to the end user.

'Implantable medical device' - medical device which can only be removed by medical or surgical intervention and which is intended to:

• be totally or partially introduced into the human body or a natural orifice, or

• replace an epithelial surface or the surface of the eye, and

• remain after the procedure for at least 30 days.

​'Importer' - natural or legal person in the supply chain who is the first in a supply chain to make a medical device, manufactured in another country or jurisdiction, available in the country or jurisdiction where it is to be marketed.

'Labelling' - label, instructions for use, and any other information that is related to identification, technical description, intended purpose and proper use of the medical device, but excluding shipping documents.

'Life-cycle' - all phases in the life of a medical device, from the initial conception to final decommissioning and disposal.

'Manufacturer' - natural or legal person with responsibility for design and/or manufacture of a medical device with the intention of making the medical device available for use, under his name; whether or not such a medical device is designed and/or manufactured by that person himself or on his behalf by another person(s).

'Medical device' - instrument, apparatus, implement, machine, appliance, implant, reagent for in vitro use, software, material or other similar or related article, intended by the manufacturer to be used, alone or in combination, for human beings, for one or more of the specific medical purpose(s) of:

• diagnosis, prevention, monitoring, treatment or alleviation of disease;

• diagnosis, monitoring, treatment, alleviation of or compensation for an injury;

• investigation, replacement, modification, or support of the anatomy or of a physiological process;

• supporting or sustaining life;

• control of conception;

• disinfection of medical devices;

• providing information by means of in vitro examination of specimens derived from the human body;

and does not achieve its primary intended action by pharmacological, immunological or metabolic means, in or on the human body, but which may be assisted in its intended function by such means.

'Medical device family' - group of medical devices manufactured by or for the same organization and having the same basic design and performance characteristics related to safety, intended use and function.

'Performance evaluation' - assessment and analysis of data to establish or verify the ability of an in vitro diagnostic medical device to achieve its intended use.
'Post-market surveillance' - systematic process to collect and analyse experience gained from medical devices that have been placed on the market.

'Product' - result of a process.

'Purchased product' - product provided by a party outside the organization’s quality management system.
 
'Risk' - combination of the probability of occurrence of harm and the severity of that harm.
 
'Risk management' - systematic application of management policies, procedures and practices to the tasks of analysing, evaluating, controlling and monitoring risk.
 
'Sterile barrier system' - minimum package that prevents ingress of microorganisms and allows aseptic presentation of the product at the point of use.
 
'Sterile medical device' - medical device intended to meet the requirements for sterility.

Clause 4: Quality Management System

• Manual

• Medical device files/batch records and technical files or specifications

• Procedures and records required by this standard, regulations, customers and any other identified requirement

• Good documentation practices are required as records and changes to them must remain legible. Example of a change: 205 250
  T.R Signature XX/XXX/XXXX

Clause 5: Management Responsibility

​Section 5 focuses the need for top management to be instrumental in the implementation and maintenance of the Quality Management System. On top of the planning of the QMS, top management needs to be involved in the review of the system to ensure it meets the requirements and shows there is improvement.

MANAGEMENT COMMITMENT

Evidence of commitment to the implementation and development of the QMS should be shown by top management. Top management is the person or groups of people who has the control of your organization at the highest level.

Evidence of top management’s commitment can be shown by communication to the organization of meeting customer and regulatory requirements made, establishment of quality policy, ensure quality objectives are establish, conducting management reviews and make certain of the availability
of resources.

CUSTOMER FOCUS

Top management must ensure that customer and regulatory requirements are met. It is important that top management ensure that actions are implemented to address any requirements, risks and opportunities. If this does not achieve meeting customer requirements or regulatory requirements, a Plan-Do-Check-Act approach is continued to further improvements until they are met.

QUALITY POLICY

This section states the top management are responsible to define the quality policy and to ensure the quality policy: aligns to the organizations purpose; shows commitment to follow requirements and maintain effectiveness; supplies a framework for reviewing quality objectives; is fully understood and communicated throughout within the organization; and reviewed for continued suitability.

Top management’s commitment to quality should be communicated through the quality policy. Clear objectives should be demonstrated in the quality policy to show that your organization is committed to implementing the policy and the objectives should be relevant to your organization and your customers.

PLANNING

The quality objective set by Top Management must be realistic and are established at relevant functions and levels throughout your organization. Objectives such as meeting customer and regulatory requirements for medical devices or reducing errors etc are examples of achievable and measurable outcomes for the QMS.
Although the objectives do not need to be carried out by the top management personally, ensuring that action is taken for the objectives to be achieved is still top management responsibility.
Planning will take place at the initial stages of development and implementation, however, as objectives can change over time, planning may be ongoing and assist the QMS to be effective while changes are made and after. Risk based considerations will also be included in the planning due to the effects the changes may on your QMS.
 
EXAMPLES OF INPUTS INTO QMS PLANNING

• Quality policy

• Quality objectives

• Regulatory requirements etc

EXAMPLES OF OUTPUTS FROM QMS PLANNING

• Quality manual

• Gap analysis

• Action plans etc

RESPONSIBILITY, AUTHORITY AND COMMUNICATION

Responsibilities and authorities shall be established, documented and communicated for those roles that affect quality, also to document the interrelationship between each role. This documentation forms part of your QMS and has to be controlled.

Top management shall assign responsibility to a member of management as the representative. The representative’s responsibilities could be entirely related to the QMS activities or be in conjunction with other responsibilities within the organization. There should be no conflict of interest between these responsibilities.

Top management must establish processes that ensure appropriate communication regarding the effectiveness of the QMS within the organization. This communication should go both ways, allowing personnel to ask questions and make suggestions about improving the QMS.

MANAGEMENT REVIEW

Management review is an essential element of a quality management system. It is the formal point at which top management review the effectiveness of the QMS and ensure its alignment to strategic direction. It is not essential for one single management review meeting to take place covering the full agenda. If you currently hold a range of meetings that cover the inputs between them, there is no specific need to duplicate.

However, you may find that a big-picture view is made easier by considering the management review inputs in one meeting rather than separating them. It really depends on the size and structure of your organization and who attends each of the meetings.

Management review meetings commonly take place as an annual event, however much like internal audits, their frequency is not specified by ISO 9001:2015. It’s up to you to decide. During implementation and early stages of settling in to your QMS, it may make sense to hold meetings more frequently.

You will need to retain documented information on your management reviews, these would normally be meeting minutes or perhaps call recordings if you carry out conference calls.

Clause 6: Resource Management

Section 6 is short and it covers the necessity to control all resources. This includes human resources, infrastructure and work environment.

PROVISION OF RESOURCES

The requirements to provide adequate resources shall be determined by the organization, these include: implementing the QMS and maintaining its effectiveness and to meet regulatory and customer requirements.

Regardless of whether associated processes are performed by and external party or your organization, responsibility for the provision of resources will reside with your organization. Review of your resource needs should be done of a regular basis and is usually part of the management review, when a new contract is considered, a new business strategy is considered and when there are regulatory requirement changes.

HUMAN RESOURCES

People are the most important resource for an organization, and needs enough people with the right competences to do the work. Roles who affect quality must have necessary competence and have the appropriate training for the skills required for those roles. The organization shall document the processes of establishing competence, providing the needed training and ensure the awareness of personnel.

INFRASTRUCTURE 

This includes determining, providing and maintaining the premises, hardware, software, transportation, storage, technology etc that are needed to achieve conformity to product and process. This will prevent product mix-up and secure orderly handling of products.

WORK ENVIRONMENT AND CONTAMINATION CONTROL

This isn’t referring to the great outdoors. This means providing an environment that is suitable for what you are trying to achieve. Whether that is a factory, office, studio or any other type of working space, make sure you have the right atmosphere to enable work environment conditions suitable for the monitoring and control of products produced, in order to prevent product damage or contamination. Adequate controls, parameters and indicators, maintenance of appropriate sanitation and hygiene etc all contribute to an effective working environment.

Organizations must plan and document requirements in order to control contaminated products and prevent contamination of the work environment, staff or products. The section also states for sterile medical devices, requirements shall be documented for the control of contamination with microorganisms and to keep the required cleanliness during assembly or packaging processes.

Clause 7: Product Realization

Section 7 concerns itself with the product requirements that deal with the planning and creation of the product or service. It includes requirements such as planning, design and development, purchasing and control of monitoring and measuring equipment. The standard allows requirements in this section to be excluded if they are not applicable to the organization.

PLANNING OF PRODUCT REALIZATION

It is important for an organization to plan and develop for product realization and document the processes needed. These plans should be consistent and align with the requirements of the other processes in the QMS. Additionally, the organization needs to address activities such as handling, storage, distribution and traceability activities.

The clause also states the need to have a document risk assessment process in production. This is almost a passing comment but is actually quite important to implement. PFMEA is a good way to address this requirement. It also references ISO 14971, the standard for risk assessment in medical devices, which may be useful as well.

CUSTOMER-RELATED PROCESSES

Your organization must determine requirements for customer expectation, and determination of any user training needed to ensure specified performance and safe use of medical devices.

Prior to a commitment to supply products to a customer, there should be a review of the requirements related to products to ensure customer requirements are fully understood.

There should be plans and documentation of communication with customers and regulatory authorities. Communication with customers is in relation to: product information; enquiries, contracts and orders; feedback; and notices.

DESIGN AND DEVELOPMENT

When designing or developing your product or service, you will need to consider the legal requirements, any other standards that may apply, the potential consequences of failure and anything you have learned along the development journey.

You will be required to retain documented information on design inputs. Design and development controls refers to any touch points along the design process where validation, verification, testing, authorisation or any form of sign-off or acceptance may be required.

You will be required to retain documented information on design and development control activities. Once you have determined the design inputs and the necessary controls to assure conformity, you will then need to ensure your outputs meet those requirements. This is the place where you would also keep records of monitoring, measurement, traceability (e.g. of materials or measurements) and acceptance criteria.

This could be in the form of a bill of materials, technical specification or handbook, user guide, process manual, system guide or service level agreement. Any changes to the design and development of the product or service must be identified, controlled, recorded and communicated to ensure the product or service conforms to the customer and other applicable requirements along with clear authorisation for the changes.

There needs to be a documentation of procedures to control design and development changes. The significance of changes must be determined through function, performance, usability, safety and applicable regulatory requirements for the medical device. Before any changes are made, it needs to be reviewed, verified, validated and approved.

For each medical device type or medical device family, a design and development file must be maintained.

PURCHASING

Purchasing process must conform to documented procedures. Criteria for the evaluation and selection of suppliers must be established by the organization and should be based on: the supplier’s ability to provide product that meets the organizations requirements; supplier’s performance; effect of the purchased product on the quality of the medical device; and risk associated with the medical device.

The purchasing information describes and references the product to be purchased and includes the specifications; requirements for product acceptance, procedures, processes and equipment; qualification of supplier personnel; QMS requirements.

The purchasing information should also include a written agreement that the supplier must notify the organization of any changes in the product prior to the implementation of any changes that affect the ability of the purchased product to meet specified purchase requirements.

Verification is to make sure the requirements are met with the purchased products, if there are any changes to the purchased product, the organization must determine if these affect the product process or the medical device.

PRODUCTION AND SERVICE PROVISION

When it comes to production and service provision, appropriate controls must be planned, carried out and monitored, these should be established and documented. This is to ensure consistency in production methods and outputs.

Product cleanliness requirements, installation activities, servicing activities must be defined and documented. In cases the organization needs to provide instructions which allow the installer to confirm correct operation of the device. If there is a specified requirement for the servicing of a medical device, the organization shall document servicing procedures, reference materials and reference measurements for performing servicing activities.

There should be maintenance of records for the sterilization process parameters that is used for each sterilization batch. If you are seeking additional information regarding sterilization this can be found in ISO 11135 and more.

The organization shall validate any processes for production and service provision where the resulting output cannot be or is not verified by subsequent monitoring or measurement and, as a consequence, deficiencies become apparent only after the product is in use or the service has been delivered.

Sterilization processes cannot be verified by inspection and testing of the medical device. Processes like these needs to be performed in accordance with documented procedures, and should be validated before use. They must be closely controlled and monitored.

It is important to identify products such as raw materials, components and medical devices, reasons being that this means materials can be controlled throughout manufacture, it can demonstrate product score, status and safety requirements etc.

Procedures should define the extent of traceability in accordance with applicable regulatory requirements and the records to be maintained.

Documentation of particular requirements for implantable medical devices should include records of components; materials and conditions for the work environment used. Using the identification of product by batch/lot/serial number permits traceability forwards and backwards.

Identification, verification, protection and safeguarding customer property shall be provided by the organization while the product is under the organization’s control or used by the organization. The organization is responsible for reporting any lost, damage or otherwise found to be unsuitable to the customer and maintain the records.

Preservation of the conformity of product to requirements during processing, storage, handling, and distribution should have procedures documented. Products must be protected by the organization from alteration, contamination or damage when the product is exposed to expected conditions. This is during the processing, storage, handling and distribution, to protect the product this can be done through designing and constructing suitable packaging and shipping containers and documenting requirements for special conditions needed if packaging alone cannot provide preservation.

CONTROL OF MONITORING AND MEASURING EQUIPMENT

Monitoring and measurement to be undertaken and its equipment needed to provide evidence of conformity of product to determined requirements must be documented. Calibration or verification should be performed in accordance with documented procedures also.

Procedures for validation of application of computer software used for the monitoring and measurement of requirements should be documented.

Clause 8: Measurement, Analysis and Improvement

This section addresses the need to monitor products to ensure that they meet the required quality standards. These processes are used to ensure that the quality management system is working as intended, and to make any changes needed.

MONITORING AND MEASUREMENT

There are many lessons learned along the way in business. Many of these lessons can only be learned through experience and having been present at the time. This type of knowledge becomes invaluable to the organization so it makes sense to capture and share this learning.

Data collected such as feedback from production and post-production activities and complaints from several sources such as distributors and suppliers can be used as an input into risk management as it can reveal previous unforeseen hazardous situations etc.

REPORTING TO REGULATORS

Medical device manufacturers and distributors need formalized processes for this due to regulatory requirements (vigilance and PMS) but even suppliers need to meet this requirement to some degree; an organization may need to report to regulators, even if it is unlikely, and they need to state they will do so if needed, including maintaining records.

INTERNAL AUDITS

ISO 13485:2016 determines that internal audits must be carried out at planned intervals. It is for you, the organization to decide what those intervals should be. As an indication, you may wish to audit all processes at least once across an annual period, with higher-risk processes being audited more frequently. The purpose of internal audits is two-fold. Firstly to check that the management system conforms to the requirements specified by you, the organization as necessary for your operations; secondly to ensure conformity to the requirements of
ISO 13485:2016.

Audit frequency should also be influenced by the results of previous audits and any changes which you are aware may affect the process. So, if you have a problematic process or area, it would make sense to audit it more frequently for a while until a solution is implemented and has been seen to be effective.

Another key point is that an auditor cannot audit their own work. It may be necessary to have an audit team so the quality department do not audit their own processes.

Internal audits are a great opportunity to spend some time investigating a specific process or area and evaluating its performance. It is an ideal way to find areas for improvement and to fix potential issues before they occur. Think of internal audits as keeping your finger on the pulse of your organization. Internal audit findings must be reported to relevant management and naturally form part of the management review agenda. Where necessary, corrective actions must be taken without undue delay. If a long-term fix requires significant planning and maybe funding approval, consider whether a short-term fix is possible and appropriate.

CONTROL OF NONCONFORMING PRODUCT

With the right amount of planning and consideration, failures and non-conformances should be minimal. However, they can and do still occur. If at any stage of a process something goes wrong, you need to be able to identify this issue, isolate it and where possible prevent it from reaching the customer.

You might prevent a non-conforming product or service from reaching your customer through immediate correction, quarantine or by obtaining a concession from the customer.

If an issue is identified after the product or service has been released to the customer, then you may need to be able to implement a product recall or at least identify who received the faulty goods or services. Traceability is key here so your records need to be clear and up to date.

You will need to retain documented information on nonconformities including what happened, what remedial actions were taken, any concessions obtained and who authorised actions to resolve the issue.

ANALYSIS OF DATA

Adds a new requirement to document how statistical techniques and measurement methods were determined to be appropriate.

IMPROVEMENT

Identifying and implementing any changes necessary to ensure and maintain the suitability of the quality management system is designed to eliminate or mitigate a nonconformity or potential nonconformity.

Corrective action shall be taken to prevent recurrence of any nonconformities and preventative action shall be
taken to prevent any potential nonconformities. This can be done through reviewing the nonconformity, determining the cause(s), evaluating the need for action to prevent the nonconformity to recur, planning, documenting and implementing the action, reviewing the effectiveness of the action taken.

A preventative action can be thought of as an Improvement action or opportunity in the language of ISO 9001 and shouldn’t be confused with corrective actions (which are brought about by an NC to prevent it recurring).

Get the Most From Your Management System

Top tips to get the most out of your quality management system for medical device manufacturing

1. Start with “Why”. Make sure your reasons for implementing a QMS are aligned with your strategic direction otherwise it may become unsustainable.

2. Get everyone involved. They don’t all have to become decision-makers but make sure you communicate as relevant to everyone. Engagement is key to success.

3. Make sure your quality objectives are SMART (Specific / Measurable / Achievable / Realistic / Timebound)

4. PFMEA is a potentially very strong method of demonstrating risk assessment and control and, as many clauses in the standard refer to risk as a method of determining control level this can support decision making.

5. The manual should work as a sign post document, including the content it must do (scope, process flow diagram of the operations, description or diagram of document structure) and then reference the procedures and how they interact with clause requirements. Don’t make a dense document by copying the standard, it will be more useful as a document for staff if it simply copies the standard verbatim.

6. Protect electronic documents from unintended alteration or destruction using access permissions and make sure you have back-up copies.

7. Write your quality policy in such a manner that you are happy for it to be seen by anyone and everyone. A copy is likely to be requested in formal tendering procedures.

8. Process documentation doesn’t have to be all written. You can use images, videos, models and prototypes to bring them to life, but be sure to include all relevant information. Making them meaningful and accessible to all your employees will boost engagement and adherence to planned processes.

9. Review your monitoring and measuring activities regularly to ensure you’re monitoring and measuring the right things. These activities should be providing you with useful business intelligence that can inform the way you operate.

10. There is no substitute for commitment from top management. An effective QMS is promoted, supported and engaged with by the highest level of leadership.

To get a quote for ISO 13485 certification simply click here and complete our online quote form.

You can download a PDF of this implementation guide here: NQA ISO 13485 Implementation Guide.