ISO, Regulatory Requirement Changes Loom
September 1, 2017 B. Christine Park, Consultant, Christine Park & Associates
As we near the end of the first quarter of the new year, it’s time for everyone to get really serious with transition plans to the new ISO quality management systems standards and other regulatory requirement changes. Here are a few of the recent changes:
These are three of the key standards many organizations use that have changed over the past year and a half. When a standard changes, there is usually a transition period of three years for organizations to complete the transition to the new standard. This is true for each of the standards above. While three years sounds like a lot of time, it’s not. The clock is ticking! Now is the time to take a look at the changes and requirements in relation to your own business.
While the new ISO 9001:2015 and other standards have converted to a 10-clause structure and reorganized o simplify and standardize, the ISO 13485:2016 did not convert number systems. The committee was too far along in the transition to convert the numbers easily. It would have delayed getting the new standard out, so the ISO organization agreed to leave the number system alone for this standard. The 13485 technical committee did include much of the new concepts within the text of the document.
There are several important changes in the standard that deserve focus and attention.
- ISO 9001:2015 Quality management systems – Requirements was released in September 2015 and has been in place for over a year now. Some companies have completed the transition while others are still sorting out the requirements.
- ISO 13485:2016 Medical devices — Quality management systems — Requirements for regulatory purposes was released in March 2016.
- ISO 14001:2015 – Environmental management systems - Requirements with guidance for use
- The quality management system must be aligned with the business strategy and objectives. While there has always been an expectation for the QMS to be integrated into the business activity, historically it is usually managed as a separate activity. This approach provides the opportunity to strengthen and drive consistency throughout the organization. Focus on quality is just good business!
- Clearer understanding of the organization’s context is required: “one size doesn’t fit all.” As the leadership team drives clearer consistency in the operations and becomes more engaged with the quality system activities, it becomes clearer and easier to do what is best for the business.
- Enhanced leadership involvement in the management system. There are defined requirements for leaders to demonstrate they are engaged with the QMS and the employees to achieve quality. As leadership gets more involved and views the QMS as good business practice, the cost of poor quality goes down and the business grows stronger.
- Process approach strengthened/more explicit. The process approach to business and QMS management supports greater business continuity and reduces/eliminates the silo effect. While the previous standards required the interrelationship diagrams, the new standards expect clear understanding of inputs, outputs, resources and measurements for key processes. When interrelationships between activities are clearly defined and managed, there is greater potential for improved efficiency and less redundancy.
- The concept of preventive action is now addressed throughout the QMS by risk identification and mitigation. Risk-based thinking is something we all do in our everyday life. Whether at work or home, understanding how risks may affect an outcome allows us to make better decisions. Excluding parts of the standard is no longer allowed. The organization must evaluate the risk associated with something that does not appear to be applicable.
- The terminology for documented procedures and records has been changed to documented information. Essentially the requirement is to maintain documented information (procedures, work instructions, other documents required to provide guidance/direction to the organization) or retain documented information (records/evidence to demonstrate the activities were performed as required). This terminology gives greater flexibility to the organization and is much less prescriptive. NOTE: ISO 13485 did not change this terminology.
- Control of externally provided products and services replaces purchasing/outsourcing. This change puts a much greater focus on supplier management and processes that are outsourced to others (such as contract manufacturing). The expectation is to have a greater understanding how the outsourced process/supplier activities integrate into the business processes and are controlled to meet requirements.
- Increased emphasis on seeking opportunities for improvement. This is again related to the risk-based thinking requirement. The expectation is to evaluate potential opportunities and outcomes based on risks and make good business decisions as a result.
- Change management has been expanded to add emphasis that the QMS should be carried out in a planned manner. Essentially, any change that touches the QMS (software, process, etc.) must be evaluated for risk and managed to assure the changes are implemented effectively.
- The concept of organizational knowledge introduced to ensure the organization acquires and maintains the necessary knowledge. This involves a greater understanding of the “institutional knowledge” or “things we just know” to ensure this knowledge doesn’t’ get lost in transition if changes are made.
Each of these changes will have impact on your current business and operations. For those of you with a QMS in place, you should use this as a foundation to complete a preliminary gap assessment. Look through the procedures and documents currently in place to determine if you have something. Then take a deeper dive into the documents/records to determine if they meet the new standards.
Remember to keep things simple and “don’t throw the baby out with the bath water!” With your leadership fully engaged and the QMS aligned with the business strategy and objectives, the transition to the new requirements should prove to be a positive experience for the organization.
Have you begun preparing for these changes in the quality standards? What recommendations do you have for a smooth transition? Record your comments below!
Christine (Chris) Park is a seasoned quality assurance professional with a wealth of experience in establishing and remediating quality systems of all sizes. Using a pragmatic approach to compliance and quality assurance, Ms. Park has successfully focused on results-oriented solutions that integrate quality into the daily business activities of organizations. Her experience in R&D and general manufacturing for medical devices, IVDs, and biotech/pharmaceuticals provides a well-balanced background for her work in compliance.
Whether working on a full quality system or on key quality components (CAPA, complaints, audits, supplier quality, management controls), Ms. Park provides employees and management not only with adequate direction and tools to maintain compliance, but also with the understanding of why they must comply with specific requirements.
Ms. Park has played an active role in the generation and review of technical documentation in support of regulatory submissions. Her direct experience includes facilitating product and process risk assessments, change management (design as well as manufacturing), product and process validation plans and protocols. She has developed strong relationships with manufacturing as well as design/development organizations. She is an active member of AAMI TC210 standards committee.
Ms. Park is currently consulting with industry for implementation and/or transition to the revised ISO 9001:2015 and ISO 13485:2016 standards. FDA remediation (820, 210/211, foods). Additionally, she is providing training and auditing expertise for organizations related to these standards, 21 CFR 820 and other FDA regulations. She may be reached at (678) 480-5411 or email@example.com