Published by ORTHOWORLD Inc., BONEZONE delivers strategic sourcing & product commercialization solutions to orthopaedic device company decision makers and their partners.
Issue link: http://bonezonepub.epubxp.com/i/762486
70 BONEZONE • December 2016 QUALITY MANAGEMENT make sure that your suppliers are capable of meeting all relevant statutory requirements. • Supplier Monitoring – You need to consider your risk whenever suppliers underperform, and respond in a way that is proportional to the risk that you're taking. And while both old and new standards want you to establish a record of supplier evaluations, now you're also expected to record your supplier monitoring and re-evaluation activities. • Purchased Product Risks (the "no-change agree- ment") – There is an expectation to consider the risk associated with the product you've purchased and to be concerned about what to do when unanticipated changes are made to purchase products and to deter- mine whether or not these changes affect your medi- cal device or your product realization process. • Process Validation – Now you're expected to establish validation plans and to revalidate processes whenever necessary. • Servicing – There is an expectation to analyze servic- ing records in order to identify servicing complaints and improvement opportunities. • Complaint Handling – The new standard brings this in line with 21 CFR, Part 820.198. • Delivery of Non-conforming Product – ISO 13485 now expects you to investigate nonconforming products that have been delivered, to determine if corrective action is needed and to consider whether or not responsible external parties need to be notified, e.g. FDA in the case of a possible recall. • Improvement – The section on improvement has also been enhanced to align more closely with preventive action. 5 Steps to Building Your Bridge Now that you understand the nuts and bolts of the ISO 13485 changes, how do you put it all together and stay on timeline for the 2019 deadline? I offer five steps for construction. Step 1: Make the Argument to Implement Ask: is this bridge meant for my company's future, and can I still afford to build it? You must decide to build the bridge to the Isle of 13485:2016. ISO is a great business system, and you need it in order to remain viable in the global economy we live in. Still, it should be a "want to" decision, as well as a "have to" chore. Set up a budget, please. You don't want to use petty cash to make this happen, because you'll get irritated every day and stop treating your employees to company picnics. Step 2: Understand the Standard We need to have the competencies to understand the bridge, build it and then walk on it. You ask, "We have to actually use the bridge?" Yes; yes, you do. This is not just about writing some new, over-engineered procedure. This seems rather simplistic, but you need to have at least a cursory understanding toward an actual working knowledge of ISO 13485:2016 in terms of expectations and the numerous aspects of the changes that have been realized. Some compa- nies have these standards but don't read the standards. Some companies know about the changes, but don't understand the changes. And lastly, some companies read the standards and know about the changes, but don't know how to implement them into their QMS. It's shocking. Attending a webinar will give you an overall impression and maybe some snippets of information about implementa- tion. Don't rely on it. The webinar producers can give your company ideas, but you and the transition team must assimi- late any changes succinctly and specifically into your QMS architecture. This is a unique experience on all counts. There is not an Rx for generic bridges to venture to the Isle of 13485. You must design it and build it. Step 3: Seek Help to Determine if You Can Recycle Old Parts Find out if you can use some parts from your old bridge. Why reinvent if you don't have to? My next statement will seem self-serving, but it's not meant to be. You should have a third party conduct a thorough gap analysis audit (yes, it should be formal) to delineate where your QMS is in relation- ship to a working compliance with this new standard. The reason that this analysis should be conducted by a third party is because you are too close to what is actually happening. Yes, I am talking about feet on the floor to ensure that their processes work on a daily basis, etc. You and your colleagues are too close. Don't be in denial over this strategy. You will mutually admire your present QMS and not give it an effective read. Your internal audit team can (and should) acquaint them- selves thoroughly with the new ISO requirements, but could still be novices when it comes to implementation experience. This is especially accurate when it comes to risk management, design and purchasing controls linking with manufacturing, validation and verification. These six processes alone work hard together as they cross the bridge into compliance land. It's a pretty sight on the shoreline with procedural nuances abounding. If your auditors don't understand process archi- tecture and implementation linkages, this could turn into a process-in-a-bottle exercise. Instead, you need to have your auditors join the third-party person and receive some hands- on training, as well. Step 4: Formally Plan Who Needs to Be Involved Formal planning is imperative for implementation. Top level management must be behind this effort from the begin- ning—yes, every step of the way. I mean it! Breaking a bottle of Dom Pérignon on the finished bridge (what a waste. by the way) ain't enough. Management commitment is such a gigantic and ongoing effort that must not wane and become weakened by the lack of a cogent, well-managed plan. This step will upset some (most) individuals at the execu- tive levels in any organization. Everyone should be formally