9 min reading time

As originally asked by Mark Driscoll, P.Eng., Ph.D.

Please share with me your experiences in acquiring the 13485 certification. More specifically, for a start-up medical device company, is it advisable to move through the process internally or hire external/experienced help? What are the expected time delays and costs of both?

---

Richard Reilly
Director QA/RA and Technical Support at American BioMedica Corporation
I would just add that I agree that a quality system could be put together without consulting help, and if you have an avenue to take such as an experienced person who has been through it and will allow you to learn from them, that’s great. Of course the standard should be acquired and read. Certification can be acquired, if you have these resources, but if you don’t, how soon do you want or need certification. An experienced person who has been through the audit process can get you there much faster if you want to or need to spend the money. In addition, they know the responses that will be accepted as opposed to having them rejected and re-investigated.

Nick Woods
Director at Hill Woods Medical Media Ltd
Glenn, all undeniably true. I’m actually having a bit of a dig at companies who don’t even buy the standard before picking up the phone to a consulting firm. It’s a bit of a lazy culture to resort to straight to consultants when in actuality, even if one ends up with a consultant to do the leg work, the company benefits more from having a run at first base before they just assume they need outside help. My first QS was handcrafted based on a pragmatic review of the standard, plus camping out in two friendly companies who’d been through it just so I could establish the appropriate level of detail needed. I’ll admit those were probably different times, but I also made the point that online help is also much better nowadays. At the end of the day, it’s a personal/company choice. I quite enjoyed the process and found it worked for us…that’s all I’m saying.

Fred Adler
President and CEO at Innominata dba GenBio
We have used BSi for many years now. Your own internal infrastructure and the start up expense of that is formidable. You have no choice. It is the cost of doing real business…………….we have been in business making products and profitable for 20+ years.

Glenn Neuman
Director of Scientific Affairs at New World Regulatory Solutions, Inc.
A consultant should not arrive with a canned template of a quality system and expect to implement it at any company. You can buy those on line. We have seen that approach and it does not work because it was not “home grown” and the company did not know what was there and how to use it.

A good quality system should fit like a tailored suit that allows you to move freely, not like a constricting straight jacket. As consultants, we write the quality system to fit the company. Most companies are quality-conscious and they already have most of the QS elements they need — they just need help knowing how and what to document.

Nick Woods
Director at Hill Woods Medical Media Ltd
I take on board completely the idea of bringing in expertise, but a quality system is fundamentally a description of the things you do, and the controls you have over those things. Yes, employing an outsider is an essential component, not least to perform internal auditing in an independent way, but running to a consultant can be (not will be, but can be) an expensive and time consuming way to achieve something the average SME could have at least a run at themselves. I’d do it the same way I did it fifteen years ago. Buy the ISO and read it. If it still looks like Greek, go the consultant route. But I guarantee many people will read it and think, “hey this isn’t so challenging”. If you have companies you know who’ve been through it under their own steam, go and live with their QS guy for a few days or weeks.
A home grown QS has its advantages… you’ll understand it and how it relates to your company much better than if it was written by a consultant.
That’s the view of the Yorkshireman (short arms, deep pockets), who did it all from scratch without the significant help available on the internet.

Richard Reilly
Director QA/RA and Technical Support at American BioMedica Corporation
ISO 13485, 2003 is basically identical to ISO 9001, 2008 with the only difference being that ISO 9001 requires some form of improvement annually. The FDA CFR 820 has most of the same requirements as well so if you’re familiar with either of these, that is a good start.

Reading the standards and trying to understand what is required is one thing, but correct interpretation of the clauses (what is actually required) is another. For this reason I agree with everyone commenting that hiring a consultant for initial implementation is the way to go if finances can warrant it. In addition, a Quality System Manual (QSM) designed specifically for your company is mandatory and an experienced consultant can gear the QSM correctly to fit your company. It must include a company quality policy, an indication of all of your processes and the documentation that reflects them. Management Review Board meetings are required and must be reported on. Measurements must be taken and trending must be assessed. These items will be audited for initial implementation along with the normal items that we expect.

Annual internal audits which cover every clause in the ISO 13485, 2003 must must be conducted every year. They can be covered as a whole or in increments within the year. The company can audit itself, however, individual departments cannot audit themselves. A trained auditor from mfg. can audit QA/QC and QA/QC can audit mfg. This could save money if you have qualified people initially and will definitely save money in coming years.

An auditing body must be hired for implementation of the standard and to maintain it going forward. The implementation or Certification audit covers all of the clauses in the standard. Subsequent audits for the next 2 years will be Surveillance audits which cover only selected parts of the standard. Every 3rd year a Re-certification audit is conducted where all of the clauses in the standard are covered.

The annual audits by the ISO auditing body can run up to $15,000 annually. Consultant fees are negotiable and dependent on how much help you need to et started. You may want them to author your Quality Systems Manual and you may want to conduct your own internal audits which perhaps they review. A good notified body that we have had good relationships with is The National Standards Association of Ireland (NSAI). They will initially inquire about all of your processes and they will audit to those processes.

Dependent on resources and the manner you choose to to acquire implementation, the process can take anywhere from 6 months to a year.

David Lachmann
Experienced Cross-Technology Manufacturing Specialist
To Chris,

If you have a friend or acquaintance in the neighborhood who works as an auditor, I suggest you approach him/her in order to co-audit a few times. That will be the most effective way to get the required experience and, as you are already willing to do internal audits free of charge to gain the experience, it should not adversely affect your lead auditor’s costing. As the audit will be able to cover more areas and you will (I believe) learn more from “tagging along” on an audit than you probably expect, I think that would be a “triple win” scenario.
From my experience, being second auditor is a very educating experience. Especially if you formally debrief each day. There are fine points about what to look for and how to notice and follow up issues that come with experience.

David

Kelsey Roadfeldt
Quality Management Consultant
Consultants are very helpful as they typically adapt and audit several quality systems prior to 13485 audits and know the current audit areas that cause the most issues. We received 13485 certification in 2011 and it was a painful process. It was mostly due to our notified body (TUV) and also the individual auditor. Our re-certification audit was done by a different auditor and was very smooth and pleasant. As for time delays and cost I believe we were right around $50K in our budget due to having both a Design Dossier as well as a separate Technical File and most of that cost was tied to the Design Dossier as you would expect. Time delays were due to TUV not submitting some paperwork and not being very responsive. Also, as they are based in Germany and they have extended vacations that will slow things down as well. We submitted our Design Dossier in May of 2009 and completed our certification audit in November of 2011. Typically it would only take 6-9 months for a Design Dossier. I hope that helps!

Andrew York
Interim Regulatory and Quality Manager at SCINOMED LTD
I agree with Ivannia the key to success is a balance. The quick route is using a consultant to set up your ISO13485 QMS but it is essential to use your employees to buy into the process and culture to maintain it.

Aleksandar Siskovic
CEO / Quality Systems Specialist & Regulatory Affairs Consultant, Auditor for ISO 13485, ISO 9001, ISO/IEC 27001/20000-1
Hi Mark,

Certification to ISO 13485 requires great dedication and expertise.
External consultant can much helpful, if it is specialist for this area. This is quicker route to certification.
The dedication and work on the preparation of certification by an employees (QM) is the slower path to a certificate, but also a great challenge.
My opinion is hire external consultant. External specialist for ISO 13485 provides proper guidance through the process of preparing for certification.
It would be desirable that the employees in quality department be involve in process. QM team can get new skills through training and training and use in daily work. QM needs to ensure that the requirements of the ISO 13485 standard are met, for each activity.

After certification to ISO 13485, the next steps are a quality control check, each year. It is necessary to have qualified employees. This process asks and requires continuous implementation and constant improvement.

Regards,
Aleksandar

Burrell (Bo) Clawson
I research patents & design products to get a patented competitive position: Over 30 patents.
I’m glad to see confirmation of my decision to use a local consultant.

Mark J Lewis
Vice President of Operations & Regulatory at Hydrocision Inc
Hi Mark,
I have had experience in both as a consultant assisting a medical device start-up and as the management representative. My experience shows that you need a involved knowledgeable staff to achieve the certification. a consultant comes in handy when the depth of the experience of the staff isn’t well versed on the standard or how to implement. If you do not have a leader that has proven experience bring in the consultant to assist as necessary. It will be a value – add in the end game.

Glenn Neuman
Director of Scientific Affairs at New World Regulatory Solutions, Inc.
A consultant can get you oriented, provide training, and even write a quality system for you. ISO 13485 and 21CFR820 are very close, but not identical. We have done those things, but as has been said here, you need employees, and especially top management, to take ownership in their quality system. Otherwise, the whole thing can begin to slip the day after the consultant leaves. It’s also useful to have an outside party conduct your internal audits, as they are unbiased, and they can say things to the president or CEO that a paid employee might not want to say! Over time, a good quality system will save money more than it will cost money, but it’s a daily endeavor, not a “when the consultant comes in” affair.

Grace Jing Yuan
Medical Devices- Patented CE marked Lightest Medical Headlight and Fully Functional Micro Endoscopic Video System
Hey, Mark, we just acquired 13485 last month, the certification will be available in 30 days. They are really strict!

Scott Phillips
President at StarFish Medical, CEO ViVitro Labs
Hi Mark. We did our certification about 10 years ago and have always had positive audits since. If you’ve ever been involved with ISO9000 you’ll find ISO13485 very similar. We used a combination of in-house and outside resources. The key was aligning our corporate philosophy with the ISO philosophy and implementing processes in sensible ways to allow innovation to be maintained while ensuring that product implementation is thorough and meets specs.
We’re in Victoria. Feel free to contact me through LinkedIn if you’d like more details.

Erica Reid
Communications and Admissions Coordinator
Philippe, my experience is that in the USA for the QA stuff you have to comply with CFR 820 (however if you have the ISO 13485 first it helps you with this), and if you can prove your device is similar to an already approved device than you go trough the 510k submission to get approval. In EU you have to comply with ISO 13485 and submit a technical file. It is more complex than this obviously for both, but this is the simplified version.

Colleen Gang
Vice President of Sales & Marketing at Biochemical Diagnostics division of KOVA International
Mark,
Hiring a consultant to adapt your current Qualty System procedures to be in conpliance with ISO 13485 would save alot of time. We used a consultant (CEO Consultants, NY) and they worked at our facility for 6 months. They worked with our current staff on procedures, training, audits and general compliance. We did not apply for ISO registration until we completed one full year as “ISO compliant” but not registrered company. This allowed staff to be familiar with following procedures and allowed us to conduct a full internal audit prior to paying for registration. As a result we passed the inspection quite easily since staff had expericence with the regulations for at least a year.

Philippe R. Koninckx
Research Director Latiffa Hospital, Dubai at Latiffa Hospital and Prof em OBGYN in Leuven and Rome
Does anybody have experience with similarities and differences between Europe and USA especially concerning license to market. As far as I understood
* ISO13485 is similar and essentially a system making production reliable, predictable and traceable (not necessarily qualitative)
* CE marking emphasizes safety. What is the counterpart in USA ?
* EMEA and FDA stress in addition efficacy of treatment, which then becomes an element for reimbursement.

Ivannia Blanco
Manufacturing Engineering Manager at Boston Scientific
Hi Mark, I had the chance to be part of ISO qualification process and it’s key to have company employees engaged in the process, so if you have a tight agenda, I recommend you to incorporate consultant support, which help you with the process and train your people. One great and experienced source is Emergo Group. Good luck!

Robert Houghland
CEO at Hanover Pen Corp., Hanover, PA
Mark, one thing to keep in mind if you do the documentation in-house is that you must perform a full internal audit using a trained auditor before the certification audit. If your internal people wrote the documents then they cannot audit them (you can’t audit your own work). This is another reason to consider using an outside consultant to get you started since they can provide the qualified auditor as needed. If you have the personnel to write the initial documentation this will save time and money but you still need the experts to review, recommend changes and assure complete compliance at the time of the certification audit.
Robert Houghland, President
HPC Medx