By Carmine Jabri, E.M.M.A. International Consulting Group
A simple google search of “ISO 13485 transition” will lead you to a plethora of information, toolkits, consultants, and checklists. These are great resources available to help companies learn about the major revisions, and they can serve as great starting point, but the information is not always a “one size fits all” resource.
Smaller companies face unique struggles regarding compliance — such as financial strains often leading to lack of resources — as well as challenges with recruiting and maintaining qualified talent. One contract manufacturing (CM) company located in South Central Pennsylvania is an example of a company overcoming these challenges. The 33-year-old company — which claims annual revenues of $30 million and has almost 400 employees spread across its two facilities, located in the U.S. and Mexico — first was ISO 13485 certified in 2016, and now is working on its transition to ISO 13485:2016. Although the advantages of maintaining certification outweigh not having ISO 13485, the challenges and roadblocks of the transition for smaller companies are unique and need to be addressed.
Before we discuss such challenges, it is worth noting that the new edition has several areas with increased emphasis1,2:
- Alignment with regulatory requirements
- Incorporation of risk management and risk-based decision making
- Validation, verification, and design transfer are expanded and clarified
- Supplier control and outsourced processes are more robust
- Increased focus on feedback
- More detailed requirements for software validation
What Makes ISO 13485: 2016 Particularly Challenging For Smaller Companies
Breaking Free Of The Silos
Embracing a culture of continuous improvement can be challenging for smaller companies. The lack of qualified employees is an ongoing challenge identified by the Pennsylvania company. For example, many of the current workforce has been working there for 20-plus years and, in many cases, this is the only company they have ever worked for.
There was, and still is, a culture that points the finger and says, “that’s a quality issue.” According to the CEO, one of the biggest challenges this company has faced is changing the employee culture from, “that’s a quality function” to “quality is everyone’s responsibility,” and the quality director is more of the orchestrator than the owner.
Human resources also is an example of a department that has faced significant growing pains with the recent transition. Prior to implementing a QMS and obtaining ISO 13485, the HR department did not even have systems in place whereby performance evaluations were performed or training curricula were developed, among many other gaps. Other departments were resistant to change, as well, because change can be scary. When a company has a low turnover rate and a history of promoting from within, employees often can become extremely territorial to their positions.
If a smaller company, like the Pennsylvania CM we have discussed, decides to seek additional support in the form of outside consulting, they should look for a firm that has worked with companies of all sizes and understands vast business cultures. For example, the role of a consultant at a larger company often is a “doer,” under the direction of a Quality Director; in a smaller company, a consultant needs to make sure that they are teaching, as well. They need to make sure that the employees know they are there to help, and not judge. Change must come with a sense of urgency, yet with sensitivity.
As the standard states, “The processes required by ISO 13485:2016 that are applicable to the organization, but are not performed by the organization, are the responsibility of the organization and are accounted for in the organization's quality management system by monitoring, maintaining, and controlling the processes.”3 For smaller company, this is a large adjustment. It forces departments to step out of their silos and compels all employees to take ownership in the success of the QMS.
The Role Of Risk Management
The addition of more robust risk management requirements is one of the more notable changes to ISO 13485:2016. For smaller companies, this means making sure they understand the need to think of the risk associated with a device from its earliest conception to its intended use. Corrective actions must be implemented at the first sign of a problem.4
Given the enhanced emphasis on risk assessments, analyses, and overall risk management practices, small companies similar to the one cited in this article ought to consider taking a deep look at their current practices, any existing risk management methodologies, and whether the involved stakeholders have the necessary training and competence to adapt to the new paradigm of thinking. This is of particular significance, given that the focus with the new edition is on risk to the performance and safety of the medical devices.
Accordingly, a small manufacturer must ensure that they have the capability to adopt robust risk management practices, and to select individuals within the organization have the ability to leverage ISO 14971 for implementing an adequate risk management program.
Overcoming The Challenges
Thus, from a small manufacturer perspective, the organization has to overcome:
- Cultural resistance
- Lack of adequate resources
- Lack of qualified resources
- A compliance culture
The items above are not all-inclusive; rather they are based on my experience with such manufacturers and the difficulty of transforming their organizations to comply with the new edition of ISO 13485.
Generally speaking, when working with a small manufacturer, it is imperative to immediately develop a strategy with the senior management team that outlines all the expectations, milestones, and deliverables. Furthermore, and upon an assessment of the organization’s QMS, having an overarching quality plan, one that details the elements to be implemented to achieve a successful transition, is a must. Lastly, it is imperative to accomplish all of the aforementioned while working directly with all the stakeholders involved. Not involving the stakeholders will result in immediate roadblocks.
About The Author
Carmine Jabri, PhD, MSJ, MSQM, MHA is co-founder of E.M.M.A. International Consulting Group, Inc., and serves as its president and CEO. He has more than twenty years of experience implementing, improving and directing Quality Management Systems and Healthcare Operations. Dr. Jabri’s career includes expertise in the Biotechnology, Pharmaceuticals, and Medical Device industries. He is an internationally sought after quality systems expert.
Dr. Jabri holds a Doctor of Philosophy in Epidemiology, a Master of Science in Jurisprudence, a Master of Science in Quality Management, a Master of Science in Health Services Administration and a Bachelor of Science in Chemistry.
1.The British Standards Institution. (2016). ISO 13485:2016 [PowerPoint slides]. Retrieved from: http://www.bsigroup.com/meddev/LocalFiles/en-GB/Webinars/BSI-md-iso-13485-2016-transition-webinar-presentation-9-march-2016.pdf.
2.The British Standards Institution. (2016). The new ISO 13485:2016 standard is published. Retrieved from: http://www.bsigroup.com/en-GB/medical-devices/our-services/ISO-13485-Revision/.
3. ISO (August 2017) ISO 13485: 2016. Retrieved from: https://www.iso.org/standard/59752.html
4. Murray, W. "How Will ISO 13485:2016 Impact Your Relationship With Suppliers?" Regulatory Focus. November 2016. Regulatory Affairs Professionals Society.