ISO 13485 Medical Device Internal Audits, Health & Safety and the future of work, change management and sustained success in organisations.

Curated content and articles of interest from the team at QCS International.

As a leading training provider we're always looking at opportunities to support learning. From September 2024 QCS will offer online training in addition to our hugely popular classroom training. You can register now at our website or contact the booking team to find out more including how we can support your continuing professional development.

ISO 13485 and the importance of internal audits

Internal audits are a crucial component of an ISO 13485 Quality Management System (QMS). The audits need to be effective and deliver results (which are documented), otherwise there is little point in doing them!? Auditing forms a necessary and valuable element to any management system;? within an ISO 13485 certified QMS it can be of greater importance.? Failure to review performance and ensure conformance with critical systems can have significant impact on the end users or patient recipient of a medical device.

Internal audits serve several important purposes:

1. Ensuring Compliance: Internal audits help ensure that the QMS complies not only with ISO 13485 requirements but also with other relevant regulations.?You can design your audits specifically to check that you are fulfilling such legal obligations whilst developing data and information you can show to the regulator that you are doing so.? Auditing your systems for risk, post-market surveillance and? technical file content (which you must do for ISO 13485) contributes to the regulatory framework that may be linked to your device.
2. Identifying Areas for Improvement: By systematically reviewing processes and procedures, internal audits can identify areas where the QMS can be improved.?This proactive approach helps in addressing potential issues before they become significant problems.?
3. Enhancing Efficiency: Internal audits provide an opportunity to streamline processes, making them more efficient.?This can lead to cost savings and better resource utilization.? Note, however, they can also be a means of checking that introduced changes are not impacting the final product.?
4. Risk Management: Regular internal audits help in identifying and mitigating risks associated with medical device manufacturing.?This is vital for ensuring the safety and effectiveness of medical devices.? The importance of ensuring risk management is robust is also key to compliance with requirements well beyond ISO 13485.
5. Preparing for External Audits: Internal audits prepare the organization for external audits and visits by important customers by identifying and rectifying non-conformities in advance.?This can lead to smoother external audit processes and fewer surprises. Good internal audits prepare you for unannounced audits!

By conducting regular internal audits, organizations can ensure that their MD QMS remains robust, compliant, and capable of delivering high-quality medical devices.

If you are having difficulty in developing the necessary skills to deliver your own ISO 13485 audits then contact QCS International where we can offer both internal and lead auditor courses to meet your needs.

Planning of Changes

With our retained clients looking to transition to the new version of ISO 27001, Information Security Management, there can be a great deal of focus on controls and Annex A of the standard. One update to the clause structure in ISO 27001 is the inclusion of ‘Planning of Changes ‘Clause 6.3. Whilst those familiar with ISO 9001 will recognise the text it does bring alignment with other standards and the Annex SL structure and of course widens the consideration of change management beyond information systems.

Why Change Management

Change management is a systematic approach to initiating, communicating and implementing a transition or transformation. An organisation’s context is changing constantly and often very rapidly, however the type and extent of change, and therefore the level of change management needed, varies widely between organisations. The organisation should assess its context, future developments and risks, and make conscious decisions on what type of change is relevant and necessary. To mitigate the impact of changes in context and the associated risks, the organisation should adopt a relevant change management approach. For change to happen the following are usually necessary: dissatisfaction of current performance or concern for future performance; a clear idea of the intended outcome following implementation of change; a clear idea of what actions need to be taken; a willingness to embrace change. Many internal and external interested parties (e.g., employees, customers, suppliers, shareholders, the community) are affected by changes to what an organisation is doing, or how it is doing it. It is important to note that if change is necessary to address changing needs and expectations but the organisation does not take action this, can have a significant negative impact on both the organisation and other relevant interested parties.

In ISO 9001 we have more supporting text promoting that organisations consider:

·???????? The purpose and potential consequences of any change

·???????? The integrity of existing systems

·???????? Available resources

·???????? Responsibilities and authorities

Where controlled change is a goal, there’s s frameworks to support these activities.

A final word on ISO 27001 and information security control 8.32 Change Management. To some extent it seems like repetition to include the new clause but in addition to the wider organisational context the control, if applied, is aimed fairly and squarely at the purpose of preserving information security when executing changes.

Whether change and improvements projects are commonplace or infrequent then the benefits in application of a consistent change management process shouldn’t be underestimated.

To find out more about change management and risk-based thinking join our next CQI IRCA approved training course or ask for consultative guidance on best available techniques in this and other management system requirements.

A safe and healthy future of work

Talking of change, we are always on the lookout for emerging trends in management system standards and like the planned ISO 9001 updates that are due soon, ISO 45001 and the wider health and safety community are keeping one eye on the future.

A report recently published by IOSH (Institution of Occupational Safety & Health) highlights the risk and opportunity present in global levels of work-related ill health, accidents and death and the potential too for the introduction of harm reduction principles on a global scale. The report includes an assessment of likely changes in the future world of work and considers too how technology and AI may affect the workplace including the importance of effective fundamentals in containing risk and reducing harm.

Hybrid working is the tip of the iceberg in changing employment models and working patterns. Portfolio careers made up of periods of flexible and remote work, the drive to renewable energy, social equity, new technologies, digitalisation, climate change and deregulation are some of the changes highlighted. The pace of change is a factor, some will be evolutionary others fast paced. All will require evaluation of risk and planning, thinking of organisational context will support the elimination of hazards, reducing risks and enhancing workers wellbeing.

Whilst changing employment models will challenge traditional concepts and the employer- employee relationship these shifts will also be impacted by the availability and access to labour. Societal concerns, climate change and gradual global demographic shifts will require the management of different types of hazards.

Macro trends such as extreme heat, infectious diseases and environmental degradation are amplifying risks. On the flip side, new technologies may actually allow workers to perform tasks more safely and efficiently. Let’s not forget data, the statistics that inform our monitoring, measurement, analysis and evaluation activity will increase which in turn has the potential to improve health and safety outcomes.

In terms of ISO 45001 and wider health and safety management it’s important that organisations not only demonstrate an awareness of the changing world of work but become aware too of the rapid changes taking place and the need for resilience. As health and safety advisors and ISO 45001 trainers QCS International will certainly be encouraging organisations to include the future workplace in any discussion around organisational context and in particular consider elements of change in management review meetings. The world of work is changing but ultimately the continued prevention of harm and protection of workers is key.

Beyond ISO 9001 – Sustained Success

ISO 9004:2018 Quality Management – Quality of an Organisation – Guidance to achieve sustained success. Trips off the tongue, doesn’t it? Maybe not, but a closer look might tell us more. ISO 9001 Lead Auditor courses mention it and often considered a next step for organisations with a mature effective management system.

First published in 2018 and reviewed in 2023 (A standard is reviewed every 5 years) the current version of ISO 9004 offers guidance to organisations looking to take things a bit further. Included is a self-assessment tool, something to assist an organisation in determining the extent to which it has adopted the concepts included in the standard. The guidance in ISO 9004 is of course consistent with quality management principles given in ISO 9001 and like the core quality standard is applicable to any organisation, regardless of its size, type, and activity.

So, what’s included in ISO9004:2018?

While ISO 9001:2015 focuses on providing confidence in the organisation’s products and services, ISO 9004:2018 is focused on providing confidence in the organisation’s

ability to achieve sustained success. Whilst there’s no doubt that businesses and other organisations should focus on process control and customer satisfaction there’s a competitive edge to be gained by taking things a bit further. Moving on from thinking just about product and service quality, next level if you like.

The main concept of ISO 9004 is: “To achieve sustained success the organisation should go

beyond the quality of its products and services and focus on anticipating and meeting the needs and expectations of its interested parties and not just those of its customers

alone, with the intent of enhancing their satisfaction and overall experience.”

?

Our interpretation is further assisted by the inclusion of PDCA (Plan Do Check Act) in ISO 9004, beginning with plan we can consider context, identity, and leadership. Hint a stakeholder map may be useful here, if we’re to be successful and stay successful we need to disregard quick wins and focus on longer term goals. It’s about a much more holistic approach, something like customer satisfaction vs customer experience (included in a piece we wrote last month). We may provide a great service but to keep customers coming back we need to provide a great experience. Or looking at it another way, the product may be great now but have we considered emerging regulatory compliance or trends in AI?

Change and clear direction (mission, vision, value) are key, as are our internal and external stakeholders leading to strategy, policy development and objectives.

?

Do, elements of PDCA are addressed in 8 and 9, process and resource management.

Robust processes support how we do things and appropriate resources.

?

Check, is section 10, addressing analysis and performance. Performance linked to our processes and finally, Act, section 11, deals with improvement.

?

At all times self-assessment is key and is included in Annex A, scoring 1-5 against a given criteria, the organisation can record current scores, revisit and identify progress being made in improvement activities. It does take time; it is a step beyond achieving certification to ISO 9001 but if your organisation is truly looking at the big picture then ‘sustained success’ may be the next step in your improvement journey.

For fresh thinking and support with you management system implementation and maintenance QCS offers a range of consultancy support services, flexible to meet your needs.

As SME's and ISO trainers we deliver regular public, in-house and online training course in ISO 9001,ISO 14001,ISO45001 and ISO 13485, from Foundation to Lead Auditor. All CQI IRCA approved and delivered by UK based expert tutors.

See website or contact QCS for further information.

?

?