Standard Compliance – a Must or a Myth?

Recent news, articles & releases

Medical device regulations include requirements with which both the device and their manufacturer need to comply to enable legal market entry. However, these requirements are often vaque, described in a statement kind of fashion, and on high-level, and they might be difficult to apply to a particular type of a device. This is especially challenging for manufacturers that are newcomers in medical device business.


But luckily we have the standards to guide the way! They can definitely be called as the best friend of a medical device manufacturer – or any manufacturer, for that matter, working in a highly regulated field of business – as standards really help them to perform align with regulations and requirements, every day. In this article we discuss the role of standards in medical device industry and why and how to establish compliance with them.


Standards - guidance for the State-of-the-Art


In medical device business you have to remember that taking standards into account during the different phases of your medical device life cycle is a must. These standards provide guidance on the state-of-the-art of device design and technological solutions, processes, methods, and so on.


Standards include both, international and national or areal standards. For example, within the EU, international standards (e.g., ISO and IEC) are first europeanized by a European Standardization Organisation (thus, the prefix “EN”) and then harmonized against particular EU regulations or directives, where the US FDA maintains a list of FDA Recognized Consensus Standards.


Additionally, standards include both general and more detailed process related standards that define requirements for conducting different activities related to the manufacturer’s organization and their device design and development. Device and/or technology specific standards establish actual technical requirements for different kinds of devices, again, on more general as well as on a very specific level.


Process related standards provide instructions on best practices


Process related standards provide instructions on best process practices in a particular industry, such as in medical device design, development, and manufacturing. These standards include, for example:

  • ISO 13485 on medical device Quality Management Systems to help you in building a quality system in compliance with regulatory requirements;
  • ISO 14971 on Risk Management to ensure your risk management system is efficient;
  • IEC 62366-1 on Usability Engineering to enable you to achieve a high level of usability already at early stages of your device design and development; and
  • IEC 62304 on Software Lifecycle Management ensuring your medical software development process is able to achieve required results and a software that is appropriate for its intended use.


Compliance with process related standards is based on two main principles. The manufacturer must:

  1. Define and document the procedures required by the standard, including requirements on documentation and records to be produced; and
  2. Implement these procedures and produce related documentation and records

Documentation and records serve as the evidence of implementation of the procedures and of compliance of your activities with both the selected standard(s) and your procedures. Accordingly, procedures and related documentation are to be maintained.


Device related standards to ensure the safety and effectiveness of your device


In addition to the process related standards discussed above, there are multiple standards that apply to different devices and technologies. Standards defining actual technical requirements include general standards, such as:

  • IEC 60601-1 on basic safety and essential performance of Medical Electrical (ME) equipment and systems, and
  • IEC 60601-1-2 on electromagnetic compatibility of ME equipment and systems

Device standards also cover those particular to specific kinds of devices, e.g.:

  • IEC 60601-2-4 on the basic safety and essential performance of cardiac defibrillators, and
  • IEC 60601-2-25 on that of the electrocardiographs,

and those related to particular features of devices, e.g., IEC 60825-1 on the safety of Laser Products.


In addition to actual technical requirements, device standards may include requirements related to different procedures to be applied in the design and development of related devices, including risk management, designing usability, and software development. These standard clauses often include Normative References to another standards (e.g., ISO 14971, IEC 62366-1, or IEC 62304) to be used to show compliance with the related requirements. When compliance with all applicable clauses of these standards is required, the manufacturer must also be able to show evidence of compliance with the standards referred to as normative.


Establishing evidence of compliance


Standards do not contain statutory requirements even though compliance with specific standard(s) may be one. Accordingly, the use of different standards is to be considered voluntary, though highly recommended, as they do provide solutions to issues that need to be solved anyway – one way or another. By following well-established and well-known state-of-the-art standards, that are also recognized by the specific authority, the manufacturer does not need to justify their solutions for design or methods of work separately. In case standards are not applied, the manufacturer is expected to be able to provide appropriate rationale and evidence of the effectivity of their selected solutions.


In case the manufacturer claims that they or their device is compliant with a certain standard(s) they need to be able to provide evidence of this compliance. This evidence may be obtained in different ways. However, the manufacturer must pay close attention to all regulatory requirements they need to comply with – not only those specific to medical devices – to understand which methods are appropriate or potentially mandatory in their situation and for their device. Some regulatory requirements may directly dictate the acceptable method of establishing evidence of compliance with certain standards.


Evidence of compliance: role of Quality Management System Certification


Evidence of compliance with process related standards basis on the definition and documentation of related procedures, implementation of these procedures, and the establishment of related documentation and records, as discussed previously. In case of a Quality Management System (QMS), manufacturers of medical devices may choose to certify their system against the ISO 13485. Certification is performed by an Accredited Third-Party and it provides added credibility on the compliance of their QMS to the related requirements, accordingly.


An ISO 13485-certified QMS may also be a statutory requirement. For example, Health Canada requires that manufacturers of medical devices of Class II, III and IV have an ISO 13485-compliant QMS that has been certified under the Medical Device Single Audit Program (MDSAP). Additionally, an ISO 13485-certified QMS may be a requirement set by the customer (e.g., public and private healthcare organizations) thus, having direct impact on your sales.


QMS certification audit begins with the inspection of the manufacturer’s processes to ensure they cover all the required aspects and activities of the standard as defined in the scope of the certification. As the standard includes a requirement that the manufacturer must also comply with applicable regulatory requirements – which we previously established standard requirements are not – the auditor will want to see that the manufacturer has acknowledged and considered the requirements specific to their target markets. The auditor will review the documentation and records that have resulted from the use of these procedures to ensure the procedures are applied and that they are applied correctly.


Evidence of compliance: Type testing vs. CB scheme


Compliance with device or technology specific standards is proven by testing the device design (e.g., production equivalent prototypes) against the requirements of those standards. In some cases, assuming there is no regulatory requirements limiting the options, in-house testing may be appropriate. In most cases, however, formal testing by a third-party testing agency is preferred or even mandatory. Even in this case there are different options the manufacturer may choose from, the most rigorous of which is using an Accredited Testing Agency.


Type testing consists of testing the subject device against specified requirements or clauses of a specified standard. In case some requirements are not tested, the related section or clause in the test report is marked as “N/E” (Not Evaluated). Type test may also be a document review.


Term “certification”, e.g., CB certification, includes the assumption of full compliance with a specified standard, as applicable to the subject device. Accordingly, if the manufacturer wants or is required to go through the so called “CB Scheme”, the related CB testing covers all applicable standard requirements. The manufacturer cannot select the requirements to be tested and no marking of “N/E” is allowed in the test reports. This also means that the subject device, its documentation, and/or the manufacturer’s processes need to comply with all applicable requirements in standards referred to as normative.


For example, to complete and pass IEC 60601-1 CB testing and to obtain related CB certificate, the manufacturer must show compliance also against applicable collateral standards, including IEC 60601-1-2 on EMC and IEC 60601-1-6 (and IEC 62366-1) on usability engineering, as well as on ISO 14971 on risk management and IEC 62304 on software lifecyle management, to mention a few.


Where to start?


Medical device manufacturers need to be able to juggle multiple things at the same time. Device design process includes carefull analysis of related requirements, including those defined by the authorities and those established in different standards.


Because of this, each device design project should begin with carefull assessment of the intended use of the device, its qualification and classification, and the assessment of the requirements of the target markets, including related regulatory requirements, other requirements, and standards to be applied (e.g., national deviations). The manufacturer should also find out if there is other statutory requirements that apply to their device that are not specific to medical devices, including the NRTL and FCC requirements in the US, and others potentially affecting the selection of the method and of the agency performing the standard compliance testing.


This article was yet another writing in our series of discussing about the quality and regulatory management in medical device design and manufacturing. To read more about the regulatory process of the whole life cycle of medical device, you can download our free White Paper including insights related to the topic. It shows an illustrated outline of the stages in developing and building your idea into a worldwide selling product in the medtech/healthtech sector. These phases demonstrate how to ensure compliance to enable medical devices to be placed on the market as smoothly as possible. Please download your free white paper below!


how to ensure the quality compliance of your medical product

Picture of Linda Kellberg
Written by Linda Kellberg
Specialist, Product and Process Compliance
Blog, Quality & Regulatory Affairs