October 9, 2015 — While medical device companies often tout International Organization for Standardization (ISO) certifications as proof of meeting quality management requirements, their potential customers may not understand what these certifications actually prove. A little due diligence can clear up any uncertainty, however.
Initial attempts to ascertain the value of ISO certifications can be challenged by conflicting information around the importance of ISO and the varying requirements for each company seeking certification. In fact, the value and meaning of ISO certification can vary significantly depending upon factors such as the type of certification.
The easiest ISO certification for a company to obtain is 9001:2008. In a recent article — “What is ISO Certification, and What Does It Mean?” — G. Wayne Moore of ultrasound acoustic measurement and testing firm Acertara Acoustic Laboratories notes that while this certification establishes the criteria for an overall quality management system (QMS), it can be applied to any company, regardless of the industry.
Any organization from a coffee shop to a zoo can obtain 9001 certification to prove that it meets customer satisfaction requirements, but it’s not enough for medical devices, according to Moore. If a medical device company is 9001-certified, it’s a good indicator that they adhere to standard business practices, but it does not prove that they are certified to manufacture or repair medical devices.
A better choice
ISO 13485:2003 is a certification that’s much more specific to the medical device industry. In his article, Moore explains that 13485 was designed to produce a QMS that demonstrates thorough objective evidence that a company can provide medical devices and related services that consistently meet both customer and regulatory requirements.
While being 13485-certified does not fulfill the requirements of either the U.S. Food and Drug Administration (FDA) or international regulators, the certification aligns an organization’s management system with the FDA’s Quality System Regulation (QSR) requirements and a variety of other international regulatory requirements. Therefore, the 13485 certification creates a quality management system that serves as a framework on which companies can build compliance to various regulatory and customer requirements.
For example, if a company wants to include ultrasound probe repair in the scope of its ISO certification, it must pass a detailed ISO 13485 audit by a certified independent third party. The auditor will focus on the elements of the QMS and relevant regulatory requirements related to probe manufacturing and repair. If the company passes its annual audit, it demonstrates that it is certified to be in compliance with the ISO 13485 standard.
For companies that manufacture or repair medical equipment, the 13485 certification is a good measurement of their abilities and the quality of the equipment they produce. However, the same certification requirement is applied to all companies in the medical device industry, even though some requirements are not applicable to all companies.
If there are ISO requirements that aren’t applicable to a firm’s services, it’s allowed to redact the irrelevant requirements from the scope of its ISO application. For example, not all ultrasound support companies repair the same parts. Some may repair only probes, while others will repair parts and transducers. Due to the ability to redact requirements from the scope of ISO audits, both companies can receive an ISO 13485 certification.
The fact that the scope of ISO audits and certifications can vary so widely presents a challenge for healthcare administrators seeking the best service providers to support their organization’s medical equipment. ISO certifications can be a great measurement of a company’s business processes and abilities, but if a company in the medical device industry claims to be ISO-certified, it’s important for healthcare leaders to look closely at the scope of its ISO certification claim.
The International Organization for Standardization developed ISO 13485 as an international set of requirements to help manage medical device companies and provide a baseline against which their services can be measured. Compliance by medical device companies is voluntary.
However, ISO is not involved in the certification process. A third-party accreditation firm that has been approved by the American National Standards Institute – American Society for Quality (ANSI-ASQ) National Accreditation Board performs an audit of the company seeking certification, which could take anywhere from a couple of days to a month to complete. Audits are then performed annually to monitor the company’s progress.
Healthcare leaders can review a list of certified companies, including the scope of services they provide, the certification they hold, and who certified them, on the website of the Independent Association of Accredited Registrars (IAAR). This will give healthcare leaders a better idea of which accreditation firms are most commonly used, and the scope of each company’s certification.
Other ways to vet
In some cases — particularly when it comes to brokerage firms — ISO certifications may not be the best indicator of the company’s ability to provide high-quality medical device parts. As a result, healthcare leaders should seek out another way to vet the vendor. Seeking information about the companies that conduct repairs for the brokerage firm, for example, can help determine whether the parts are being repaired correctly. Obtaining vendor references from other healthcare organizations is another good method for verifying the quality of a vendor’s services.
When it comes to ultrasound equipment support companies, healthcare leaders should also consider the length of the warranty being offered. Firms with a longer warranty are likely more confident about the equipment they are offering. Healthcare leaders should also ask if equipment is repaired using parts specified by the OEM. Although there is no guarantee that the vendor will answer honestly, it is important for healthcare leaders to state that they expect OEM-specified parts in order to ensure the highest level of quality.
When all is said and done, the best way for an organization to determine a part’s quality is to have its clinical engineer test it over and over again. Although testing and authenticating parts can be a tedious process, it is paramount to ensure that medical equipment functions properly. Every individual component contributes to the overall performance of a machine, so if one part is subpar, the entire machine will be affected and the quality of patient care may be adversely impacted.
Although ISO certifications can be incredibly confusing, it’s in the best interest of healthcare leaders to have a general understanding of what the various certifications represent and how they are applied to different types of companies. So take a few minutes — or hours — to review background materials on ISO and peruse the companies listed on the IAAR website. In the long run, it will greatly benefit the overall safety of your organization.
Larry Nguyen is the founder and CEO of Summit Imaging, an ultrasound equipment service provider.
The comments and observations expressed herein are those of the author and do not necessarily reflect the opinions of AuntMinnie.com.
Copyright © 2015 AuntMinnie.com