Introduction
Details make or break your margins in ISO 13495. A single overlooked clause can spell catastrophe for patients and employees alike. Something can seem harmless in daily operations, but if spotted during an audit, it can be the difference between a certification and nonconformity. Greenhorn quality professionals first master items like document control and training. It makes sense: harnessing the clauses to keep business out of the headlines. In reality, it’s the clauses that seem like fine print that can cause even the most experienced of auditors boatloads of trouble.
It is in this philosophy that this blog was authored. The bottom line: overlooking any requirements creates real risk. Nonconformities that appear during an audit don’t just slow down certification; they create product launch delays, exempt you from valuable contracts, and jeopardize your reputation among consumers.
We’ve outlined a few of the most commonly overlooked clauses in ISO 13485, detailing why they’re easy to miss, what auditors will expect to see in an audit, and how we can help.
Supplier Monitoring (Clause 7.4.1)
As written in the standard: “The organization shall evaluate and select suppliers, based on their ability to supply product in accordance with the organization’s requirements. Criteria for selection, evaluation, and re-evaluation shall be established. The results of these evaluations and any necessary actions arising from the evaluation shall be recorded.”
Clause simplified: Maintaining a relationship with a supplier is more than writing checks. Regular checks that they’re still meeting your requirements are a must in the medical device industry.
How organizations miss it: When quality teams treat supplier approval as a one-time event, it’s possible suppliers get lax and begin selling sub-par equipment and materials. These things represent the risk involved with functionality and patient safety. To combat this, ISO 13485 treats supplier surveillance as a responsibility that requires documentation every step of the way.
What auditors expect: Hard evidence of supplier evaluation criteria, monitoring activities, and corrective actions if a supplier underperforms.
Complaint Handling (Clause 8.2.2)
As written in the standard: “The organization shall document procedures for timely complaint handling in accordance with applicable regulatory requirements. These procedures shall include requirements and responsibilities for the review and investigation of complaints, and requirements for determining the need to report the complaint to the appropriate regulatory authorities.”
Clause simplified: Complaints should be a signal to observe the product in every stage of production. Investigations of all complaints, both big and small, must be thoroughly documented, reviewed, and evaluated to decide if further investigation or reporting is warranted.
How organizations miss it: Minor complaints are sometimes ignored or disregarded without proper due diligence. Auditors should instead treat the handling of complaints as a critical signal of patient safety and compliance.
What auditors expect: A well-oiled complaint-handling machine. There should be a clear documentation process that reveals how each report was investigated and resolved while tracking complaint trends over the product’s lifespan.
Corrective and Preventive Actions (Clauses 8.5.2 and 8.5.3)
As written in the standard (8.5.2 – Corrective Action): “The organization shall take action to eliminate the cause of nonconformities in order to prevent recurrence. Corrective actions shall be appropriate to the effects of the nonconformities encountered. A documented procedure shall be established to define requirements for reviewing nonconformities, determining the causes of nonconformities, evaluating the need for action, determining and implementing the action needed, recording the results of any investigation and of action taken, and reviewing the effectiveness of the corrective action taken.”
As written in the standard (8.5.3 – Preventive Action): “The organization shall determine action to eliminate the causes of potential nonconformities in order to prevent their occurrence. Preventive actions shall be appropriate to the effects of the potential problems. A documented procedure shall be established to define requirements for determining potential nonconformities and their causes, evaluating the need for action to prevent occurrence, determining and implementing action needed, recording the results of any investigations and of actions taken, and reviewing preventive action taken.”
Clause simplified: Corrective action is both fixing problems and proving the fixes have worked. Preventive actions stop issues before they happen and track the efficiency of implemented process changes as they relate to what was meant to be prevented. These disciplines are separate and should be treated as such.
How organizations miss it: Many teams stop observing a problem once they have decided the immediate problem is fixed. Their attention to the matter is concluded as they forgo checking to see if the solution actually worked, and take steps to prevent future issues.
What auditors expect: A full CAPA record exhibiting the process of identifying a problem, analyzing the root cause, implementing any necessary corrective action, and performing the effectiveness checks thereafter.
(Still need more information? We have a separate blog on this exact topic!)
Infrastructure and Maintenance (Clause 6.3)
As written in the standard: “The organization shall determine, provide, and maintain the infrastructure needed to achieve conformity to product requirements. Infrastructure includes, as applicable, buildings, workspace, and associated utilities; process equipment (both hardware and software); supporting services (such as transport, communication or information systems).”
Clause simplified: All facilities and equipment must be maintained in order to consistently support product quality.
How organizations miss it: Smaller organizations struggle to balance the efforts of clear documentation with practical, on-the-floor fixes. While auditors are influenced heavily by a commitment to documentation, it’s important to note that physical infrastructure plays just as much of a role in compliance, too.
What auditors expect: Clear examples of maintenance schedules, calibration records, and logs presenting fit-for-use facilities and equipment.
How We Can Help
APEX QA offers a large catalogue of services that can help any budding medical device manufacturer grow into the certification they’re after. From convenient classes to tailored audits to organized QMS software, you’ll find whatever you need in the hands of our team.
We hinge our success on the ability to make quality assurance as simple as it can be without sacrificing thoroughness. Our goal, predicated on finding the right fit, is to propel your organization to long-term success, whatever that may look like.
Final Thoughts
ISO 13485 isn’t just about passing an audit once. It’s about creating a system that protects patients and strengthens your business, while passing every audit along the way. The clauses above often throw new professionals for a loop because they might feel secondary or supplementary, but experienced auditors know to allocate just as much attention as they would others.
