What changed?A lot of details and clarifications were added in many places. The most important are these:
- You are supposed to apply a risk based approach to all processes not only the products and product development.
- The design and development requirements have changed significantly, for example new requirements for the design transfer and design development files have been added.
- You have to validate software used to maintain your quality system
Risk based approach for processes
The standard requires now that all processes which are defined in the company shall be reviewed for potential risks. As a result of this the processes might be adopted to minimize the risks, new processes might be defined or the monitoring of the process might be changed. The risk assessment and changes of course need to be documented to have proof that the risk management has been done for the processes.
To define good processes you should at least
- Define and document the process itself (4.1.2 a)
- Define and document the input and output of the process, as well as references to related processes (4.1.2 c)
- Define and document methods to control the execution and results of the process (4.1.3 a)
- Perform a risk control for the process (what can go wrong, what are the effects if it goes wrong) (4.1.2 b)
- Document the identified risks
- Define and document the risk controls you can come up with
- Implement the risk controls by changing the process or the processes controls
Design and development requirements changesFor the design and development planning the standard now requires explicitly to define the methods used to ensure the traceability from design input to design output for each phase.
A new sub clause has been added for the design and development transfer. It requires that a procedure is established describing how to transfer from design and development to manufacturing. This procedure must describe how to ensure that the design outputs are suitable for production and how production capabilities can meet the requirements for the production.
Design and development changes should now also be evaluated for significance of the change to function, performance safety, etc. as well as impact on risk management or products input and output.
A new sub-clause now states that design and development files now should be maintained for each medical device type. The file should reference or include the records which show the conformity to the above.
Validation of tools used to maintain your quality system
Matrix Requirements can of course be validated according to ISO 13485:2016 and FDA 21 CFR 820. We support this process by providing our own verification and validation results as well as templates which make it easier for you fill the gap: You need to document the 'proof' that it fits your own procedures and processes. This support with additional validation templates you can adopt to your own needs. See also https://matrixreq.com/news/#20150701