1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

What is missing from my list for 13485 certification?

Discussion in 'ISO 13485 and ISO 14969 – Medical Devices QMS' started by Nikki, May 27, 2016.

  1. Nikki

    Nikki Well-Known Member

    Joined:
    Jul 31, 2015
    Messages:
    268
    Likes Received:
    141
    Trophy Points:
    42
    Location:
    Maine
    I've been tasked with getting our company certified to 13485:2003. We are currently certified to 9001:2008. We will be dropping the 9001 certification.

    We are a medical plastics compounder (we make the plastic pellets per customer spec in which the final customer makes the pellets into medical devices - we do NOT make medical devices).

    I've been conducting gap analysis and have come up with a list of changes / processes our company will need. Granted, we have been audited to 13485 by our customers dozens of times, regardless of our 9001 certification, so we have A LOT of those extra bells and whistles already in place. Things like, preventive maintenance, incoming inspection, etc.

    I am asking if you all could read the below outline and let me know if I am missing anything from these sections that we may need in place. These are the areas we are lacking, in my opinion. I would also like to say that I am currently the only QMS employee in our company of 65 employees. Thanks in advance!

    This is the list I have come up with:

    Changes to Our System for ISO 13485:2003 Certification

    Exclusions of the ISO 13485:2003 Standard:
    7.5.1.2.1 – Cleanliness of product and contamination control – We do not clean the product prior to shipping.
    7.5.1.2.2 – Installation Activities – We do not install anything.
    7.5.1.2.3 – Servicing Activities – We do not service.
    7.5.1.3 – Particular requirements for sterile medical devices – We do not conduct sterilization.
    7.5.2.2 – Particular requirements for sterile medical devices (Validation of Process) – We do not conduct sterilization.


    • Risk management
    o The management team needs to evaluate each of our processes (mixing, extrusion, packaging, shipping) and identify the risks associated with each.
    o The causes of the risks need to be identified.
    o The controls to reduce the likelihood of the risks need to be identified.
    o Risks are to be identified as Critical, High, Moderate, or Low. These identifiers are chosen based on the impact to the product.
     I think we have this in place mostly – but it needs to be put down on paper. I would like to send out an email to all department heads and ask that they think about the risks that are associated with the process they over-see. I would then like to hold a meeting to put it all down on paper.
    o Need to write a procedure on this.

    Regulatory:
    o The company must be up to date on current, national and international regulations. The regulations need to be communicated to all staff. At this time, Process Engineer is the only employee who understand the regulations
     I am requesting that Process Engineer document the process he follows to stay up to date on the regulations and which ones he follows.

    Records (4.2.4)
    o The standard states that records are to be kept for the life-time of the product. As this continues, we need to think about where the records can be stored as we are running out of room.
     Would this be addressed in the expansion?

    Validation of Computer Software (7.5.2)
    o ERP System (Discussed with Project Manager – he will write a report)
    o PLC’s for Extruders – (Discussed with Production Manager)
    o Need to document Validation that the PLC’s are communicating accurate information (RPMs, Temp, Feeders, Pressure – Pressure currently is not being verified)
    o A procedure needs to be written on how we perform Validation of Computer Software.

    Work Environment (6.4)
    o This clause if more detailed than 6.4 in ISO 9001:2008.
    o Health Records, cleanliness of clothing and personnel, environmental monitoring.
    o Need to write a procedure on this.

    Product Preservation (7.5.5)
    o Need to conduct Gap analysis on inspection, receiving, inventory process with Production Manager to identify changes to be made from current procedure.
    o Is FIFO being practiced?
     Meeting to discuss with Inventory when to pull multiple lots for a job and when not to, so we can use up older lots of material first.
    o Who else can conduct the Purchasing process? Who has authority?
    o Shelf-life process for materials need to be reviewed and updated as necessary.

    • Feedback System (8.2.1)
    o We need to determine a process for a feedback system, which will provide early warning of quality problems and for input into the corrective and preventive action processes, and regulatory information.
     This may be part of the ERP system soon – Need to document it.

    Reworked Material
    o Standard states that if product is to be reworked one or more time – the documentation and approval process must be followed again.
     This needs to be defined in the procedure. Currently it is not described.

    Customer Complaints
    o If Corrective Action or Preventive Action are not needed, the reason must be recorded.
     This is being done, but the procedure needs to be updated to reflect it.


    Resources Needed
    • Another authorized employee to conduct Purchasing.
    • Another employee to conduct Regulatory reviews.
    • Another employee to authorize returns / replacements / credits.
    • Another employee to conduct Quality System Management – Customer complaints, CARs, PARs, Audits, etc.
    • Procurement / QSM to attend Supplier Auditor Training Course.
    • Possible Risk Management Training for all Top Management.
    • Cross training for any Manager who does not already have a back-up
     
    Sandra Storli likes this.
  2. treesei

    treesei New Member

    Joined:
    Oct 9, 2015
    Messages:
    3
    Likes Received:
    1
    Trophy Points:
    2
    Upgrading from 9001 to 13485 can be costly in implementation and maintenance. If you are only making raw materials, is it necessary to do this? I guess it is upon customer request. Do you want to talk the customer(s) out of this first? The new 9001:2015 has put more efforts on risk management. Would the customer(s) buy that instead?
     
  3. Nikki

    Nikki Well-Known Member

    Joined:
    Jul 31, 2015
    Messages:
    268
    Likes Received:
    141
    Trophy Points:
    42
    Location:
    Maine
    I've been asked that before. When presented with the thought of going to 13485 some years back - we refused because of the exact statement you made above. But yes, it is customer driven. We have a few customers who have straight out told us that we NEED to go for 13485 if we want to continue to have their business.
     
  4. Ronen E

    Ronen E Well-Known Member

    Joined:
    Jul 31, 2015
    Messages:
    133
    Likes Received:
    70
    Trophy Points:
    27
    You don't necessarily need another employee to conduct regulatory reviews. You could outsource that.
     
  5. Nikki

    Nikki Well-Known Member

    Joined:
    Jul 31, 2015
    Messages:
    268
    Likes Received:
    141
    Trophy Points:
    42
    Location:
    Maine
    True. But we tend to shy away from outsourcing. So at this time, as it is an internal function, I can see that I would need someone else to be familiar with the process.
     
  6. Nikki

    Nikki Well-Known Member

    Joined:
    Jul 31, 2015
    Messages:
    268
    Likes Received:
    141
    Trophy Points:
    42
    Location:
    Maine
    Quick update: We passed the stage 1 portion of the 13485:2003 certification. Now onto stage 2 which is scheduled the week of November 14th, 2016. Fingers crossed we get through it with a certificate at the end!!
     
    Candi1024 and Atul Khandekar like this.
  7. Nikki

    Nikki Well-Known Member

    Joined:
    Jul 31, 2015
    Messages:
    268
    Likes Received:
    141
    Trophy Points:
    42
    Location:
    Maine
    Stage 2 Audit Complete and WE PASSED!! Only 4 observations after this 4.5 day audit!!

    I have to say I am so very proud of myself for making history for my company. It may still be to the 2003 revision, but I know some employees didn't think I could do it.

    I can not wait to forward my report onto them all :)
     
  8. Vintage Goose

    Vintage Goose Active Member

    Joined:
    Oct 6, 2015
    Messages:
    70
    Likes Received:
    38
    Trophy Points:
    17
    Congratulation. Anything really unexpected in the observations?
     
  9. Nikki

    Nikki Well-Known Member

    Joined:
    Jul 31, 2015
    Messages:
    268
    Likes Received:
    141
    Trophy Points:
    42
    Location:
    Maine
    Not really... It was mostly related to how the procedures were worded.

    1

    Process/Requirement at Risk

    Internal Audit

    Potential Nonconformity

    Although the standard ISO 13485:2003 is referenced in the audit report, the requirements being audited is not clearly identified.

    2

    Process/Requirement at Risk

    Mixing Protocol

    Potential Nonconformity

    During the mixing process, it was observed that there may be several different materials required to be measured and added to the formulation. The first material is weighed separately, then the second one is added on top of the first. The second batch of material has not been individually weighed, so during the process there may be an overage. The overage is scooped out to achieve the required weight. It would seem that each of the unique materials would be individually weighed and then added to assure the accuracy of the formulation.

    3

    Process/Requirement at Risk

    Design Control

    Potential Nonconformity

    The design procedure and subsequent output of the process (records), are not clearly aligned with ISO 13485:2003 Section 7.3 requirements. Specific forms utilized in the process do not clearly identify verification and validation activities.

    4

    Process/Requirement at Risk

    Preferred Suppliers

    Potential Nonconformity

    It is not clear whether Customer Specified Suppliers are considered Preferred Suppliers and whether they should be identified as such on the Approved Supplier List.
     
    Atul Khandekar likes this.
  10. Vintage Goose

    Vintage Goose Active Member

    Joined:
    Oct 6, 2015
    Messages:
    70
    Likes Received:
    38
    Trophy Points:
    17
    Thanks for sharing, these should be easy to clear up. Well done.
     
    Nikki likes this.