In the regulatory world, standards are essentially recommended processes that have been developed by subject matter experts with the aim of describing the best possible way to meet an end goal. For example, quality management standards are designed to improve efficiencies and avoid product failures.
Similarly, risk management standards are designed to help organizations plan for the unexpected and ensure operational continuity. These are just two common examples of the many application standards for medical device manufacturers.
The International Organization for Standardization (ISO) sets global standards for quality and risk management for a broad range of products and businesses. Likewise, the International Electrotechnical Commission (IEC) sets international standards for all electrical, electronic, and related technologies. In general, ISO concentrates on controls for materials and processes, and IEC concentrates on the manufacturing and testing of products.
Standards cover a broad range of business and technology types, including medical devices, IVDs, and the electronics and software that accompany them. Compliance and certification are technically voluntary in many cases, but ISO is considered the gold standard and state of the art, so medical regulatory bodies often use it as a benchmark for regulatory compliance. Understanding the most commonly used IEC and ISO standards for medical devices is critical for maintaining compliance with global regulations.
Most Common Standards for Medical Devices and IVDs
It’s up to manufacturers to determine which ISO standards apply to their business and products. In the U.S., the Food and Drug Administration lists the standards they strongly recommend for design and testing by product code. The standards that are listed under a regulation must be addressed somehow. Manufacturers must either comply with an existing standard or demonstrate that they have developed adequately validated test methods. Companies don’t necessarily need to demonstrate full compliance to receive clearance, but if there are any deviations, the company has to provide additional justification for how the purpose of the standard is still addressed.
European harmonized standards can be found on the Europa site. However, as noted below, this isn’t as straightforward for MDR and IVDR as it was for MDD and IVDD because there are currently no harmonized standards under MDR and IVDR. Some of the most common reference standards for device manufacturers to follow include:
- ISO 13485, which is the standard for medical device quality management systems. ISO 13485:2016 is the most current version, and it’s also harmonized in Europe.
- ISO 14971, which is the standard for medical device risk management. The most current version is ISO 14971:2019, but it isn’t yet harmonized in Europe.
- ISO 9001, which is the standard for business quality management systems, and the most current version is ISO 9001:2015.
- ISO 62304, which is the standard for software used in medical devices, and ISO 62304:2006 is the most current version.
- ISO 10993, which has 23 parts, is the standard for biological evaluation of medical devices.
- ISO 15223, which has two parts, is the standard for symbols to be used with medical device labels, labeling, and information to be supplied.
- ISO 11135, which is the standard for ethylene oxide sterilization of medical devices, and ISO 11135:2014 is the most current version.
- ISO 11137, which is the standard for sterilization of medical devices using radiation.
- ISO 11607, which is the standard for sterilized product packaging for medical devices.
- IEC 60601, which is published by the IEC. This standard applies to the safety and essential performance of medical electrical equipment. Every country has a different version, and devices must comply with the standards that apply in each market.
These are some of the most commonly used standards for medical devices, but this isn’t an exhaustive list, and the standards you apply will depend on the product features.
Benefits of ISO Compliance and Certification
Although compliance with ISO standards isn’t always mandatory, and certification may not be required, there are many benefits to conforming to the applicable standards, including:
Better quality management systems
Certification forces you to make process improvements, which ultimately adds value to your business.
Fewer audit findings and inspection deficiencies
FDA auditors and notified body reviewers will have fewer questions and find fewer issues if you are in ISO compliance for quality and risk management.
Patient safety
This is the primary goal for both regulators and manufacturers. Conforming to ISO standards helps reduce quality issues and protect patients.
Credibility
ISO compliance demonstrates that your business conforms to internationally recognized standards, which lends credibility to your brand among regulators, patients, and healthcare providers.
More efficient regulatory processes
When you comply with standards, FDA and notified bodies know you have properly tested products and processes, which helps streamline approvals, audits, and inspections.
Proven approach
Using standards whenever possible ensures that you are implementing tried-and-true systems and technology. This also helps improve efficiency because you can follow existing recommendations.
Principles of Harmonization
When ISO standards for medical devices are harmonized for Europe, they are designated with “EN” in the title. For example, EN ISO 14971:2012 is the European harmonized version of ISO 14971:2007. In many cases for the standards that are relevant to medical devices, the EN version of the standard has the same content as the ISO standard with the addition of appendices that detail the relationship between the standard and the European Directives (the MDD, AIMDD, and IVDD). However, with the implementation of MDR and IVDR, no ISO standards have yet been harmonized to these regulations.
What does this mean for device manufacturers when submitting technical documentation for review? We have seen that notified bodies are referencing the requirement for complying with standards that are considered state of the art. This is being interpreted as the most recent version, which isn’t necessarily the harmonized one. Therefore, the best practice is to stay compliant with the latest versions of standards as they are released to reduce review time and keep your products on the market.
It’s also important to note that the U.S. and EU have different requirements when it comes to staying current with standards. In the U.S., manufacturers must continue to comply with the standard that was applicable when the device was approved. There is no requirement to stay current as standards evolve unless there have been design changes. In the EU, manufacturers must stay compliant with the most recent versions of the relevant standards as they become available. Processes must evolve with standards regardless of when products were approved.
Advantages of RQM+
RQM+ offers support for compliance with IEC and ISO standards for medical devices in multiple ways. We constantly stay abreast of global regulatory requirements and the most current standards. Our expert team can help you:
- Identify required or recommended standards based on your device.
- Translate the requirements into understandable language for product development teams.
- Provide rationales and justifications for portions that don’t comply.
- Perform mock audits to identify gaps and weaknesses.
- Develop a strategy to address weaknesses.
- Provide tactical implementation to achieve and maintain compliance.