13485cert

How do you prepare for ISO 13485 registration?

In ISO 13485, Quality Management Systems on December 6, 2012 at 2:40 am

A LinkedIn connection of mine recently asked for sources of good guidance on ISO 13485 registration. I wrote a blog recently about Quality Management Systems in General, but I had trouble finding resources specific to the ISO 13485 registration process. Therefore, I decided to write a blog to answer this question.

Here’s my favorite movie clip with a song for you.

Typically people learn the hard way by setting up a system from scratch. The better way to learn it is to take a course on it. I used to teach a 2-day course on the topic for BSI. The link for this course is: http://bit.ly/Get13485; I shortened the link to the BSI website.

Other registrars offer this course too. I suspect you can find a webinar on this through TUV SÜD, BSI, SGS, LNE/GMED, Dekra, etc. from time to time.

The only registrar I could find that described the process step-by-step was Dekra. I have copied their steps below:

Inquiry to Surveillance in 5 Steps

1. Inquiry
An initial meeting between [THE REGISTRAR] and the client can take place on site or via teleconference. At this time, the client familiarizes [THE REGISTRAR] with company specifics and its quality assurance certification requirements; [THE REGISTRAR] explains its working methods and partnering philosophy, and previews the details of the process.

Rob's 2 Cents

Rob’s 2 Cents

As a client I have completed two initial certifications personally and three transfers, but I have only once had the sales representative actually visit my company. I think this process is typically accomplished by phone and email. If any registrars are reading this, you will close on more accounts if you visit prospective clients personally. In fact, the one that actually visited my company (Robert Dostert) has been on speed dial for almost a decade and he’s received a bit of repeat business.

2. Application Form
The client chooses to move forward by filling out an online application form. Based on the information obtained during the inquiry stage, along with the application form, [THE REGISTRAR] prepares a quote, free of charge, for the entire certification process. A client-signed quotation or purchase order leads to the first stage of the certification process.

Rob's 2 Cents

Rob’s 2 Cents

For both of the Notified Body transfers I completed, I completed application forms and requested quotes from multiple Notified Bodies. During the quoting process, my friend Robert was more responsive and able to answer my questions better than the competition. Robert was also able to schedule earlier audit dates than the competition. To this day I am still amazed that Notified Bodies are not more responsive during this initial quoting process. All of the Notified Bodies are offering a certificate (a commodity). The customer service provided by each Notified Body, however, is not a commodity. Each Notified Body has it’s own culture, and every Notified Body has good and bad auditors. Therefore, you need to treat this selection process just like any other supplier selection decision. I have provided guidance on this specific selection process on more than one occasion, but I am definitely biased.

3. Phase One: Document Review and Planning Visit

LNE/GMED Flow Diagram for the process of ISO 13485 Certification

LNE/GMED Flow Diagram for the process of ISO 13485 Certification

At this stage, [THE REGISTRAR] performs a pre-certification visit, which entails verifying the documented quality systems against the applicable standard. [THE REGISTRAR] works with the client to establish a working plan to define the [THE REGISTRAR] Quality Auditing process. If the client wishes, [THE REGISTRAR] will perform a trial audit or “dress rehearsal” at this stage. This allows the client to choose business activities for auditing and to test those activities against the applicable standard. It also allows the client to learn and experience [THE REGISTRAR] ‘s Quality Auditing methods and style. The results of the trial audit can be used toward certification. Most clients elect for one or two days of trial auditing.

Rob's 2 Cents

Rob’s 2 Cents

Dekra’s statement that, “The results of the trial audit can be used toward certification,” is 100% opposite from BSI’s policy. BSI calls this a pre-assessment. The boilerplate wording used in BSI quotations is, “The pre-assessment is optional service that is an informal assessment activity intended to identify areas of concern where further attention would be beneficial and to assess the readiness of the quality management system for the initial formal assessment.” During these pre-assessments, BSI auditors explain that any findings during the pre-assessment will not used during the Stage 1 and Stage 2 certification audits, and the client will start with a “clean slate.” Most of the clients I conducted pre-assessments for were skeptical of this, but most auditors are ethical and make a every effort to avoid even the perception of biasing their sampling during the Stage 1 and Stage 2 audits. I highly recommend conducting a pre-assessment. You want an extremely thorough and tough pre-assessment so that the organization is well prepared for the certification audits. If the auditor that will be conducting the Stage 1 and Stage 2 audit is not available to conduct a pre-assessment, try to find a consultant that knows the auditors style and “hot buttons” well. FYI…You can almost always encourage me to do a little teaching when I’m auditing (I just can’t resist), and my “hot buttons” are CAPA,  Internal Auditing, and Design Controls.

4. Phase Two: Final Certification Audit 
Once the client’s documented systems have met the applicable standards, [THE REGISTRAR] will conduct an audit to determine its effective implementation.  [THE REGISTRAR] uses a professional auditing interview style instead of a simple checklist approach. This involves interviewing the authorized and responsible personnel as designated in the documented quality system.

Rob's 2 Cents

Rob’s 2 Cents

For certification audits, ISO 17021 requires a Stage 1 and Stage 2 audit to be conducted. The combined duration of the certification audits must be in accordance with the IAF MD9 guidance document–which is primarily based upon the number of employees in the company. The “interview style” that Dekra is referring to is called the “Process Approach”. This is required in section 0.2 of the ISO 13485 Standard, and this is the primary method recommended by the ISO 19011 Standard for auditing–although other methods of auditing are covered as well.

5. Surveillance 
[THE REGISTRAR] arranges for surveillance audits semi-annually or annually as requested by the client.

Rob's 2 Cents

Rob’s 2 Cents

I highly recommend annual surveillance audits, because the short duration of surveillance audits becomes unrealistically short when the auditor is asked to split their time between two semi-annual visits. A few clients have indicated that the semi-annual audits help them by maintaining pressure on the organization to be ready for audits all year-round and prevents them from procrastinating to implement corrective actions. This is really an issue of management commitment that needs to be addressed by the company. Scheduling semi-annual surveillance audits is doesn’t address the root cause. The only good argument I have for semi-annual cycles is if you have a very large facilities that would have an audit duration of at least 2 days on a semi-annual basis. The most important think to remember about scheduling surveillance audits is to make sure that you schedule the audits well before the anniversary. I recommend 11 months between audits. By doing this, you end up scheduling the re-certification audits 3 months before the certificate expires. BSI has a different policy. They want auditors to schedule the first surveillance audit 10 months after the Stage 2 audit, the second surveillance audit 12 months after the first surveillance audit, and then the re-certification audit must be scheduled at least 60 days prior to certificate expiration (i.e.  – no more than 12 months after the second surveillance audit). No matter what, schedule early.

If you have additional questions about becoming ISO 13485 registered, please post a discussion question in the following LinkedIn subgroup: Medical Device: QA/RA. For example, on Monday a new discussion question was posted asking for help with selection of a Notified Body for CE Marking. You will need to become a member of the parent group (Medical Device Group)–if you are not already one of the 140,000+ members connected with Joe Hage. George Marcel and I manage this subgroup for Joe. George is out in the Bay Area and I’m in the Green Mountains.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: