How frequent is up to you, but I suggest annually at a minimum.
Internal audits should be scheduled on a frequent basis. If you don’t conduct internal audits, you’re missing out on the opportunity to stay at the pulse of what’s really happening and make improvements as you go. One of those had to do with internal audits - the company hadn’t been conducting them! This is obviously a huge mistake compliance-wise, but consider how costly of a mistake it was from a business standpoint.
The company had an audit a couple of months back to gain ISO 13485:2016 certification and ended up with two major findings. The company had implemented the guidelines to their QMS much as I described in the previous section, as a “just get it done, checkbox activity." We recently had a company reach out that was about to lose its ISO certification. If you take this approach, implementation of ISO 13485 becomes a value-add exercise, rather than a checkbox activity. The implementation process, and processes thereafter should promote a culture of quality across the entire organization, always taking into consideration the level of value it brings to the company and opportunities for improvement. Looked at from another perspective, implementing ISO 13485 should involve a holistic approach with quality at the core. Implementation should never be about checking a box because this is too narrow of a view.
Essentially, 13485 is about viewing your business as a series of interrelated processes and functions. ISO 13485 becomes one more barrier those companies have to get over, and when this happens, you miss the potential benefits of the activities it involves. What this means is that the lens through which companies enter the ISO 13485 process is often jaded from the start. Sometimes contract manufacturers go for ISO 13485 certification because they feel that they have to in order to be hired by companies in a competitive market. Companies do it because they have to - they want to enter markets like Canada or Europe, so it’s a nonnegotiable item on their list to check off. One of the biggest mistakes I see is treating ISO 13485 certification as a checkbox activity. Treating processes as “checkbox” activities
Here's that list, so you can learn to avoid them at your own company:įree Download : Click here to get our free tips on how to respond to nonconformities following an ISO audit. ISO is very different from other regulatory agencies in that regard, such as FDA that publishes annual reports of violations made by companies.įrom my own 20+ years of experience though, I can report on the top six mistakes that I consistently run into with companies implement ISO 13485. If you've ever tried to avoid mistakes when implementing ISO 13485:2016 by learning from what other companies did wrong, you know there isn't a lot of readily available data in the public domain.
This standard in particular has been adopted by regulatory agencies across the world and implemented by manufacturers and suppliers the same. ISO 13485 specifies those requirements that companies are expected to follow. Companies must establish and maintain a quality management system in order to ensure they are producing safe and effective medical devices.