In 2003, the International Organization for Standardization (ISO) issued ISO 13485, officially known as EN ISO 13485:2003. This voluntary international standard provides a framework to assist medical device manufacturers in developing and implementing a quality management system (QMS).
It outlines a common set of ideas and policies to promote safety and effectiveness in medical devices and was intended to serve as a model for governance and guide implementation by respective national governments.
The FDA Has Different Standards
It is useful to note that some leading U.S. standards organizations have adopted ISO 13485. The American National Standards Institute (ANSI) and the Association for the Advancement of Medical Instrumentation (AAMI)adopted the ISO standard.
However, the FDA uses 21 CFR 820 as its regulatory requirement governing quality systems for medical device manufacturers. There are substantial differences between the FDA's implementation of 21 CFR 820 and the EU policies under EN ISO 13485; the FDA approach combines the policies of several ISO standards.
Manufacturers that work with the several adopted national standards based on the ISO will need to understand the regulatory approaches, and take precise actions. In some recent presentations, compliance consultants advised on quality systems that can accommodate both sets of regulations.
Outsourcing and Accountability
One area of policy agreement on quality systems with the FDA and the ISO is in the area of responsibility for contractor compliance. It follows from a legal responsibility that those who put a device into the stream of international commerce must be responsible for the consequences of its intended usage.
In the FDA system, the manufacturer’s claim for the device’s intended uses forms an essential part of the legal responsibility predicate. However, it is clear in both the ISO standard and the FDA regulations that the manufacturer is also responsible for the quality system compliance of its contractors.
Scope of the QMS
The manufacturer operates many channels in the overall process of planning, design, process and production. These are all included in the manufacturer’s QMS oversight. However, the QMS does not cover activities or tasks which are outsourced. This is true even when the outside agency is a division or location within the manufacturer’s organization.
If it is not within the production QMS, then it is an outside source. The manufacturer must show that it has sufficient control to assure compliance with quality standards.
Delegating Tasks, Not Responsibility
Compliance with quality systems requirements includes record-keeping evidence to show the company has control over the entire manufacturing process. This includes all outsourced tasks and activities. The responsibility remains with the manufacturer, as they cannot legally delegate responsibility for quality management assurance.
The FDA regulatory theory does not limit the business models that manufacturers may use. Indeed, it is often the case that a subcontractor might possess the superior technical capability in one area or another relevant to the production process. While the choice of the business model remains with the manufacturer, there must be a consistent oversight action and detailed record-keeping.
It is a risk-based process in which the extent of control must be commensurate to the task and appropriate for the importance in the production process. The manufacturer must have evidence of the contractor QMS at its site. The performance elements must meet the contract requirements for quality management. The contract, oversight activity, and compliance information help demonstrate that the manufacturer has met its responsibilities.
Meeting the International Standard
Whether adhering to regulations or requirements set forth by the FDA, EU, or other governmental entity, manufacturers must demonstrate a robust QMS and control over outsourced tasks and components. Mock audits can help determine the extent of controls set through the selection process and the oversight and compliance terms of the supplier contract.
GxP-CC provides a thorough analysis of QMS and compliance strategies for international and national quality standards.