Quality Management System

MDProject can assist you in setting up a quality management system, compliant to the ISO 13485, the Canadian Medical Device Regulations (CMDR), the US QSR 21CFR820 and/or ISO 9001.

Together with your input we are able to create a lean quality system beneficial for your company, providing the tool for management coordination over your processes. The quality management system will address all required and applicable items referred to in the applicable standards and regulations.

We also can assist in preparing your company for certification against ISO 9001 and/or ISO 13485 standards, by facilitating and coordinating the management review meetings, performing and documenting supplier evaluations and executing internal audits. When needed, we can also fulfill the role of Quality manager and/or Regulatory Affairs manager.

ISO 13485

ISO 13485 is an ISO standard representing the requirements for a comprehensive management system for the design and manufacture of medical devices. Compliance with ISO 13485 is often seen as the first step in achieving compliance with European regulatory requirements. The conformity of Medical Devices according to 93/42/EEC must be assessed before sale is permitted. The preferred method to prove conformity is the certification of the Quality Management System according ISO 9001 and/or ISO 13485 by a Notified Body. The result of a positive assessment is the certificate of conformity allowing the CE marking and the permission to sell the medical device in the European Union.

Fundamental differences between ISO 13485 and ISO 9001 are:

– ISO 9001 requires the organization to demonstrate continuous improvement, whereas ISO 13485 requires only that they demonstrate the quality system is implemented and maintained
– the promotion and awareness of regulatory requirements as a management responsibility. An example of market specific regulatory requirements is 21 CFR 820 Quality System Regulation for Medical Devices sold in the United States.
– controls in the work environment to ensure product safety
– focus on risk management activities and design transfer activities during product development
– specific requirements for inspection and traceability for implantable devices
– specific requirements for documentation and validation of processes for sterile medical devices
– specific requirements for verification of the effectiveness of corrective and preventive actions

ISO 9001

The International Organization for Standardization’s ISO 9001:2008 series describes standards for a QMS addressing the principles and processes surrounding the design, development and delivery of a general product or service. Organizations can participate in a continuing certification process to ISO 9001:2008 to demonstrate their compliance with the standard, which includes a requirement for continual (i.e. planned) improvement of the QMS.

ISO 27001 based Information Security Management System (ISMS)

Organizations and their information systems and networks are exposed with security threats such as fraud, espionage, fire, flood and sabotage from a wide range of sources. The increasing number of security breaches has led to increasing information security concerns among organizations worldwide.

Security is like a chain. It is only as strong as its weakest link.

An Information Security Management System (ISMS) is a systematic and structured approach to managing information so that it remains secure. ISMS implementation includes policies, processes, procedures, organizational structures and software and hardware functions.

The ISMS is analogous to a Quality Management System (QMS) as provided for in the ISO 13485 standard that medical device manufacturers are familiar with but with the goal of managing information security in a systematic way rather than quality.

The following are key factors within an ISMS:

– Confidentiality: Protecting information from unauthorized parties
– Integrity: Protecting information from modification by unauthorized users
– Availability: Making the information available to authorized users

An ISMS is relevant to all organisations regardless of whether they utilise stand-alone computers or complex heterogenic network systems.

In the medical devices sector, there is a potential for harm to patients and operators and this introduces a new dimension to information security. Risk Management in medical devices seeks to minimise risk of harm to patients and personnel. Where hazardous situations can be caused by information security breaches, either through data integrity corruption or from lack of availability of data when it is needed, then an ISMS is the best mitigation because it provides a systematic approach to the management of information security.

MDProject consultants are specialists in developing Information Security Management Systems in the medical devices sector. We have supported several medical device companies with the set-up of an ISMS system (based on ISO 27001), typically integrating the specific ISMS requirements into an ISO 13485 and / or MDD based quality management system.

In addition, we can provide training on this topic, or conduct internal audits taking into account ISO 13485, MDD and ISO 27001 requirements at the same time.

QSR 21CFR820

21 CFR 820 is applicable to manufacturers of finished medical devices sold in the United States, including imported products.

Manufacturers must establish and follow quality systems to help ensure that their products consistently meet applicable requirements and specifications. The quality systems for FDA-regulated products (food, drugs, biologics, and devices) are known as current good manufacturing practices (CGMP’s). CGMP requirements for medical devices became effective on December 18, 1978, and was codified under part 820 (21 CFR part 820).