If the European Commission claimed ISO 13485 conformity
Having struggled with dozens of software editors who wanted to CE mark their class I software before May 2020. Having struggled with the lockdown, having struggled with projects in war mode to fight against the Covid-19, here I am! My last post was in December 2019, too long to make an active blog.
Today I post an article with a tone of speech a bit different than usual. No software, no comment on regulatory guidances. Probably an effect of the current situation, which affects all of us.
If the European commission claimed conformity to ISO 13485, they would have difficult times. I can hear you thinking that's a strange idea. No that's not :-) ISO 13485, Medical devices - Quality management systems - Requirements for regulatory purposes. Is this not for regulatory purposes to publish regulations?
And read the first sentence of the scope:
This International Standard specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices that consistently meet customer and applicable regulatory requirement.
Yes, I'm interpreting a bit the scope. But is it not the job of regulatory consultants (and, alas, notified body auditors) to (over-)interpret regulatory texts?
We could define the perimeter of the certified processes to the activities of DG Sante: Health - and Food - Safety. And we could have a certification scope like this:
Design, development, publication of regulations, and services of surveillance and guidance for economic operators in the field of medical devices.
Yes, say it, that's a wacky scope.
What if this organization had to undergo
an audit from a notified body oops a FDA inspection ooops, an audit from a higher divine entity ? I think they would get quite a score of non-conformities:
- Non-conformity on the general requirements (4.1) for not having implemented the necessary actions and allocated the required resources to achieve the planned results and maintain the efficiency of their processes,
- Non-conformity on QMS planning for not having implemented indicators to monitor progress of planned objectives,
- Non-conformity on the human resources process, for not having anticipated the need for resources from the competent authorities,
- Non-conformity on the risk management process, for not having anticipated the risk of device shortages. Non-conformity degraded to minor, after corrective action Corrigendum 2 and postponing MDR to 2021 (You've earned a year's respite),
- Non-conformity on the customer-oriented process, for not having provided the accompanying documentation (the MDCG guides, the Common Specifications, the Harmonized Standards) of their product (the MDR),
- Non-conformity on the design change process, for not having carried out correctly the impact analysis of the new MDR requirements,
- Non-conformity on the management of outsourced process, for not having correctly monitored their subcontractors (the NBs) in the old times of the directives,
- Non-conformity on the purchasing process, for not selecting and evaluating in time their subcontractors (the NBs) according to the planned provisions of the MDR,
- Non-conformity on the service provision process, for not having implemented Eudamed and the groups of medical experts, according to the planned provisions,
- Non-conformity on customer complaints, for not dealing with all stakeholders' warnings,
- And finally, Non-conformity on the CAPA process, for not having learned any lessons from the MDR fiasco, not having sought the root cause of all these problems, and not having put in place any action to ensure that this won't get back in our faces with the IVDR.
Yes, crazy times.