The IAF MD 8 document sets the requirement for accreditation of certification bodies auditing and certifying ISO 13485. It also can be used for regulatory purposes (and here the trouble starts…)
The IAF-based mandatory document is not clear in many points and we (SAS) have since the beginning pointed to this unclear situation. The most obvious weakness is the incorporated “dualism” of management system certification according to ISO 13485 and “medical device related requirements”, covered in Europe by the new EU legislation (and most probably in other parts of the word by other regulatory approaches).
Now, we have faced two problems when assessing certification bodies for ISO 13485:2016 to cover management systems of organisations dealing with the following categories of medical devices:
Part A:
IAF MD 8:2017, Annex 1, Table 1.1
“Non-active medical devices other than specified above”
IAF MD 8:2017 Annex 1, Table 1.2.
“Active (non-implantable) medical devices other than specified above”
Please tell us what exactly these two categories in the annex 1 are and what distinct technical competence it would require to cover it a) in the assessment team and b) in the certification body.
Part B:
Even when the IAF document is in the issue 3 (IAF MD 8:2017) it still refers to ISO/IEC 17011:2004 and does not take into consideration ISO/IEC 17011:2017. That is why formally the mandatory document is no more applicable when the accreditation body switches to ISO/IEC 17011:2017.
- What is your point of view?
- And as the document should be probably again updated to the ISO/IEC 17011:2017 version, would it be a good idea to get rid of this above mentioned “dualism” that makes this IAF mandatory document hardly applicable in Europe (see situation together with the requirements of the EU legislation on medical devices).
NOTE: Please note that in many cases (probably in most of the cases), ISO 13485 is applied to non-manufacturer of medical devices but rather to suppliers / vendors and subcontractors not really in the same status as a classical manufacturer of medical devices that want to put on the market their devices.
Such companies normally could get along very easily with an ISO 9001:2015 certification but due to market power, they need an ISO 13485 certification for very little in house activity concerning “medical devices” (most of the time they make only small parts of the device and do not know for what exactly they are intended in the device) and ISO 13485 as the management system of choice to cover them.
Under such access approach it is also not at all appropriate to have such a severe (yearly) surveillance regime as stated in IAF MD 8!
September 2018
Part A
The main concern in this question is that there is not any exact border or separation in between “Non-active medical devices other than specified above” and the rest of the Annex 1 Table 1.1. This situation is valid for Annex 1 Table 1.2. and other parts excluding 1.7.
Unfortunately, this is the weakest point of IAF MD 8 and 9. To remove this challenge, we can propose to establish link between IAF MD 8 & 9 and IAF ID 13 for more clarification or giving particular product examples in each Table in Annex 1 of IAF MD 8.
Note: EA CC should forward this question to IAF TC and IAF WG Medical Devices.
Part B
As far as we know, IAF MD 8 and 9 are under revision by IAF WG Medical Devices. Even if relevant IAF MDs are not updated, all ABs must follow the new version of ISO/IEC 17011.
a) In Annex A Table A1 of ISO/IEC 17011:2017, the requirements for the knowledge and skills for competence are so generic and this document is “informative”. But, the Annex 2 of IAF MD 8 (Required types of knowledge and skills for personnel involved with the IAF ISO 13485 activities) is normative and covers specific knowledge and skills requirements for AB’s personnel for medical devices. IAF can put additional requirements for competence as normative for specific conformity assessment fields, although ISO/IEC 17011:2017 Annex A is informative.
NOTE: This situation is similar to ISO/IEC 17021-1 Annex A (normative) and ISO/IEC 17021-3 requirements cover mandatory items by using “shall”, but its Annex A (Knowledge for QMS auditing and certification) covers informative requirements in particular, for ISO 9001 auditing and certification.
b) There is general agreement that dualism should be avoided whenever possible and all efforts should be made to achieve this.