ISO 13485 Made Simple: Using Risk to Guide Your Quality System
ISO 13485 requires that medical device companies use a risk-based approach in their quality systems. That means the more risk something poses to product safety or compliance, the more carefully it needs to be managed.
Here’s how that works in key areas:
1. Training Your Team (Clause 6.2)
Train employees based on how risky their work is.
-
High-risk tasks need stronger training and proof of competence.
-
Keep clear records of who’s trained and how.
2. Managing Suppliers (Clauses 7.4.1 & 7.4.3)
Choose and control suppliers based on how much they could impact your product.
-
More risk = stricter evaluation and oversight.
-
Use written quality agreements.
-
Keep records of evaluations and decisions.
3. Buying Materials or Services (Clause 7.4.3)
Apply the same risk-based thinking to what you buy from others.
-
Critical items or services need tighter controls.
-
Base oversight on past performance and potential impact on safety or quality.
4. Software Used in the Business (Clauses 4.1.6, 7.5.6, 7.6)
Validate software based on how much it affects product quality or compliance.
-
More critical software = more rigorous validation.
-
Use official guidance documents to help.
-
Document everything, including your rationale for excluding something from validation.