By Mark Durivage, Quality Systems Compliance LLC
ISO/IEC Directives Part 1 Annex L (formerly called Annex SL) stipulate how the International Organization for Standardization’s (ISO) Management System Standard (MSSs) should be written. Annex L’s purpose is to provide alignment and consistency of MSSs by providing a high-level structure common core text, as well as common terms and core definitions.
The next revision to ISO 13485 Medical devices - Quality management systems - Requirements for regulatory purposes will see the standard’s structure aligned with the Annex L requirements. Annex L prescribes eight high-level clauses (Fig. 1).
Fig. 1 — Annex L High-level Structure
What Will Change
Although the structure of ISO 13485 will expand from the current eight main clauses to ten, most of the QMS requirements should essentially remain the same. Below is a map of the current ISO 13485 structure to the Annex L Structure (Fig. 2).
Fig. 2 —Current Structure mapped to Annex L Structure
According to ISO, the changes in the Annex L Structure will:
- Put greater emphasis on leadership engagement
- Help address organizational risks and opportunities in a structured manner
- Address supply chain management more effectively
- Be more user-friendly for service and knowledge-based organizations
- Use a simplified language and a common structure and terms; this benefit will be particularly helpful to organizations using multiple management systems, such as those for the environment, health & safety, or business continuity
Context Of The Organization
Annex L Clause 4 (Context of the Organization) is the combination of internal and external factors and conditions that influence the organization’s approach to its products and services.
Understanding the external context can be aided by considering issues arising from legal, technological, competition, market conditions, cultural considerations, or social and economic environments — whether international, national, regional, or local. Understanding the internal context can be facilitated by considering issues related to the organization’s values, culture, knowledge, and performance.
Additionally, the organization must consider the needs and expectations of the interested parties. Interested parties are the stakeholders, including individuals and organizations that add value to the organization, or are otherwise interested in, or affected by, organizational activities. Interested parties can include customers, owners/shareholders, employees, suppliers, competitors, regulatory agencies, certification bodies, and the community.
Risks And Opportunities
The organization must consider the risks and opportunities that can impact the organization's quality management system (QMS) or interrupt operations, as well as consider how the organization’s internal and external issues (context) and interested parties could affect the QMS and the organization’s products and services.
Risks and opportunities go beyond the traditional product and process risks usually documented in a failure modes effect analysis (FMEA) and requires the organization to consider organizational risk. Organizational risks and opportunities can be identified, documented, and analyzed using a strengths, weaknesses, opportunities, and threats (SWOT) — or a political, economic, social, technological, legal, and environmental (PESTLE) —analysis.
The context of the organization, the needs and expectations of interested parties, and risks and opportunities come together to provide the organization’s scope, which describes the organization’s products and services (Fig. 3). The scope is further defined by standards, regulations, capacity, capability, and expertise.
Fig. 3 — Developing the QMS’ scope
The Annex L structure will inevitably be adopted and applied to the next revision of ISO 13485. I strongly suggest the medical device firms begin preparing now for the transition. Begin by determining and documenting your organization’s internal and external issues, interested parties, and risks and opportunities.
Once the Annex L structure is officially adopted for ISO 13485, it will be in your organization’s best interest to consider renumbering procedures, work instructions, templates, and forms to align with the updated structure. Aligning to the new structure will help facilitate and demonstrate compliance in an organized manner.
Ultimately, implementing, maintaining, and sustaining a robust and effective QMS should be based upon an organization’s risk acceptance determination threshold, industry practice, guidance documents, and regulatory requirements.
About the Author
Mark Allen Durivage has worked as a practitioner, educator, consultant, and author. He is Managing Principal Consultant at Quality Systems Compliance LLC, an ASQ Fellow and SRE Fellow. He earned a BAS in computer aided machining from Siena Heights University and an MS in quality management from Eastern Michigan University. He holds several certifications including; CRE, CQE, CQA, CSQP, CSSBB, RAC (Global), and CTBS. He has written several books available through ASQ Quality Press, published articles in Quality Progress, and is a frequent contributor to Life Science Connect. Durivage resides in Lambertville, Michigan. Please feel free to email him at firstname.lastname@example.org with any questions or comments.
ISO/IEC Directives Part 1 15th Ed., International Organization for Standardization (ISO), May 2019.