EU Medical Device Regulation Comparison to ISO 13485

The European Union’s current Medical Device Directive (MDD) 93/42/EEC runs to 60 pages. From May 26, 2020, new devices without a valid MDD/AIMD certificate will have to meet the requirements in its replacement, the Medical Devices Regulation (MDR), which is 175 pages long. This represents an expansion in both scope and detail, so how does ISO 13485 compare against MDR?

MDD TO MDR

The transition period to move from MDD and the Active Implantable Medical Device Directive [90/385/EEC] to MDR ends on May 26, 2020. After this date, new devices will be required to meet MDR requirements and current MDD/AIMD certificates can no longer be changed. There is an extended transition period, until May 26, 2024, for devices with a valid MDD and AIMD certification.

The move to MDR represents a considerable shift for manufacturers, as it:

• Expands the range of products covered
• Implements unique device identification
• Adds rigorous post-market oversight
• Introduces the requirement for an identified person to responsible for regulatory compliance
• Reclassifies devices according to risk, contact duration, and invasiveness
• Requires more rigorous clinical evidence for Class III and implantable medical devices
• Demands systematic clinical evaluation of Class IIA and Class IIB medical devices
• Removes ‘Grandfathering’ provision for legacy devices

Put simply, once the transition period has elapsed, all products must comply with MDR. The requirements for this are more robust and the range of products covered has increased.

Under MDR, medical device is defined as any instrument, apparatus, appliance, software, implant, reagent, material or other article intended by the manufacturer to be used, alone or in combination, for human beings for one or more defined specific medical purpose. It now covers, for example, implants for aesthetic purposes and other devices that have no medical purpose.

It should be noted that, while there may be an extended transition period for some products, all new registration audits or extension to scope audits performed after May 26, 2020 will be to the new MDR requirements. Existing MDD audits can still take place until May 25, 2024, if the MDD certificate remains in force.

This expansion in scope and coverage means that various requirements that were previously not covered under MDD are now covered under MDR. It will therefore impact organizations that may not previously have been affected.

For example, MDR requires better traceability of medical devices throughout the supply chain, enabling swift and more effective responses to safety problems (e.g. recalls). This means the requirements of MDR will impact not only manufacturers but also their distributors, importers and other operatives along the supply chain. Article 25 of MDR identifies distributors, importers and EU authorized representatives as Economic Operators. They will each have specific responsibilities, including verification and cooperation with manufacturers and Competent Authorities in device traceability.

Standard operating procedures (SOPs) must therefore outline a process for device identification and traceability along the whole supply chain. This must include heightened scrutiny of suppliers and outsourced processes, with each ‘economic operator’ confirming the device complies with MDR. In some cases, distributors and importers may have never previously developed a QMS. This will change.

ISO 13485 VS MDR

ISO 13485 Medical Devices is an internationally recognized Quality Management System (QMS) standard for producing medical devices. It was harmonized to MDD in 2017 and it remains the standard used to prove conformance to the MDR.

When looking at the individual requirements of MDR, it is clear various clauses are not covered under ISO 13485. These include various aspects relating to general safety and performance requirements in relation to risk. For example:

• Annex I, Chapter 1, 2 – reduce risk as far as possible
• Annex I Chapter I, 3, a – establish a risk plan for each device
• Annex I Chapter I, 4 – managing risk so that residual risk is acceptable
• Annex 1, Chapter I, 8 – risk benefit analysis to ensure all risks are acceptable when weighed against benefits
• Annex I Chapter I, 4 – manufacturers must reduce risk, provide measures alarms etc., and inform patients of any residual risk

Other MDR provisions that are not covered by ISO 13485 include, inter alia:

• MDR Article 10 4 MDR – Commission is empowered to adopt delegated acts in accordance with Article 115
• MDR Article 10 Ref 16 – manufacturers must have sufficient financial coverage in respect to potential liability from defective devices
• MDR Article 10 6 MDR – draw up a Declaration of Conformity (DoC) after successful conformity assessment. This does not apply to custom made or investigational devices
• Annex XI A5 A – manufacturer must have authorized representative if company is based outside the EU and they must ensure they meet the requirements for the issuance of a (DoC)

There are also various sections where adherence to ISO 13485 only provides partial coverage of the requirements in MDR. For example, it only partially covers clauses 7.1, 7.3, 7.5 in Annex I, Chapter 1, 1. These relate to the requirement that a device should be suitable for its intended use and must be safe and effective and should not compromise the clinical condition or the safety of the patient, operators, and any other user. Any risks associated with its use must be outweighed by its benefits and should be compatible with a high level of protection and health and safety.

Among the other MDR requirements that are not covered by ISO 13485 are provisions relating to unique device identification (UDI), technical documentation, continual improvement, post market surveillance, labeling, recalls, ergonomics and device lifetimes.

BENEFITS OF ISO 13485 CERTIFICATION

ISO 13485 remains the current state of the art standard by which manufacturers may show compliance to the quality system requirements of the MDR. It demonstrates that a company’s QMS is designed to deliver consistent, high quality products onto EU markets.

It should be remembered that ISO 13485 is recognized internationally, making those that adopt the standard more attractive in other markets. For example, under the Medical Device Single Audit Program, certification is a requirement before a product can be placed on the market in Canada, and it will eliminate or reduce US FDA onsite inspections of facilities. Finally, certification will aid the registration process for devices in any jurisdiction covered by MDSAP.

SGS offers a range of services to help manufacturers of medical devices access EU markets. These include CE Marking Certification Services against MDD for a variety of medical devices – a requirement before the CE Mark can be applied and a product placed onto the market. We can also offer auditing to MDD, where the company has MDD certification, and MDR. In addition, we offer assessment of technical documentation in relation to MDR.

Learn more about SGS MDR services.