Every business has rules to follow, sometimes self-imposed, sometimes related to regulatory requirements, certifications or legal obligations. Understanding and communicating these rules effectively can often be the lynchpin in ensuring a company remains free of entanglements. The first step in understanding these differences begins with compliance and conformance.
Conformance is what a company commits itself to (formally or informally) and compliance is what is required from an organization based on local state and federal laws.
Many organizations find benefit in maintaining industry certifications such as ISO, ASME, NCCR, NIMS or others. These certifications are frequently accompanied by the cost of annual renewals, audit visits and maintenance of records to validate activities. The key to all conformance related certifications begins with a choice the business made to commit to participation, and irrespective of the benefits, the company can at any time decide to surrender the accolades, remove the certificates and give up the bragging rights because conformance is ultimately voluntary.
Programs, products and industries that fall under the term ‘compliance’ may feel very similar to conformance certifications. They are often accompanied with similar audit requirements and mandatory record retention. Activities and processes may require documentation and there are certainly evaluations and certificates to be displayed showing a company has met the requirements. The singular difference is critical; compliance is not voluntary. Compliance is what a company must do to remain within the bounds of local, state and federal regulations.
In many cases there are parallel systems of conformance to aid an organization with its compliance requirements. A great example of this is the contrast of ISO 13485:2016 for Medical Device Manufacture and the Code of Federal Regulations CFR 21, part: 820 regarding the requirement for medical device manufacturers to maintain a Quality System that meets certain requirements.
ISO is a conformance system any company can participate in that helps provide a structure for maintaining Quality Systems and process-based organization.
The ISO 13485 standard helps organizations meet the needs outlined in CFR 21, however, there is no legal requirement that a company maintain ISO certification regardless of what they produce or whom they sell it to.
Conversely, any company producing a medical device must remain compliant with the CFR 21 mandates and be ready to demonstrate that at any time. Most but not all medical device manufacturers do find it beneficial to maintain an ISO 13485 certification as the audits are more frequent and will help mitigate against the chances of a difficult visit with an FDA auditor. Some companies will even maintain an ISO 13485 certification without producing any medical devices.
This is seen in organizations who work in or support medical device manufacturing and are committed to providing their customers with a high level of service even though they do not produce their own medical devices.
Companies make choices about conformance and compliance programs every day that only impact their operational capacity, performance and ability to serve their customers and community.
When shopping for who to do business with, it is important to be informed about the differences between conformance and compliance because ultimately it can be a clear indicator of which companies may be doing the bare minimum, which ones take their regulatory commitments seriously and which companies are willing to go the extra mile voluntarily to ensure they are providing the very best service to their customers.
We provide our customers with quality performance, value, schedule adherence and technical compliance by maintaining the highest standards of conformance and ISO Certifications.
Learn more about the Keller Technology Corporation’s commitment to quality.