Home / QMS / ISO 13485: Definition, Requirements, and Certification

ISO 13485: Definition, Requirements, and Certification

Published:

Updated:

Illustration of an Integrated ISO 13485 QMS

ISO 13485 is an international standard that specifies quality management system (QMS) requirements for organizations involved in the lifecycle of medical devices. ISO 13485:2016 is the current version, superseding the 2003 version.

The key requirements of ISO 13485 span Clauses 4 to 8. These clauses cover system documentation, management responsibility, resource allocation, product realization, and performance monitoring.

Implementing ISO 13485 involves understanding the standard’s requirements, conducting a gap analysis, securing management support, and developing a compliant QMS with defined roles, documented procedures, and risk controls. Organizations must train personnel, perform internal audits, and hold management reviews to assess QMS performance. Once ready, organizations can apply for ISO 13485 certification through a recognized body.

The ISO 13485 certification process involves selecting an accredited certification body, undergoing a Stage 1 documentation review and a Stage 2 on-site audit, and addressing non-conformities. ISO 13485 certification is granted upon successful assessment, followed by regular surveillance audits and recertification every three years. The ISO 13485 certification confirms QMS compliance with ISO 13485.

Using a medical device QMS platform can streamline processes, which aids compliance with regulatory requirements and global standards in the medical device industry.

SimplerQMS is a comprehensive QMS software designed specifically for medical device companies. SimplerQMS streamlines compliance with ISO 13485 by automating core QMS processes, including document control, CAPA, training, and supplier management.

What Is ISO 13485?

ISO 13485:2016 is an internationally recognized standard that outlines the requirements for a quality management system (QMS) specifically developed for organizations involved in the design, development, production, installation, and servicing of medical devices.

ISO 13485, published by the International Organization for Standardization (ISO) to replace the 2003 version, supports the consistent delivery of medical devices that meet customer and regulatory requirements and strengthens quality processes across the device lifecycle.

ISO 13485 applies to manufacturers, suppliers, service providers, and any organization involved in one or more stages of the medical device lifecycle. This includes raw material suppliers, contract manufacturers, testing laboratories, distributors, electronic quality management system (eQMS) providers, and calibration service providers.

ISO 13485 supports compliance with international medical device regulations. The U.S. Food and Drug Administration (FDA) recognizes ISO 13485 as part of its harmonization of the Quality System Regulation (QSR) through the Quality Management System Regulation (QMSR) rule finalized in February 2024.

The EU MDR and EU IVDR require a quality system aligned with ISO 13485 principles.

ISO 13485 is the core quality system requirement for the Medical Device Single Audit Program (MDSAP), covering regulatory requirements in countries including the U.S., Canada, Australia, Brazil, and Japan.

ISO 13485 is based on ISO 9001 but includes additional requirements specific to medical devices. ISO 13485 adopts a more prescriptive approach, with defined procedural and documentation requirements, to support medical device safety and effectiveness.

Why Is ISO 13485 Important?

ISO 13485 is important for the medical device industry, as it provides a globally harmonized framework for implementing a QMS that ensures regulatory compliance and promotes medical device safety. By standardizing QMS practices, ISO 13485 helps manufacturers reduce quality variation, enhance process control, and minimize risks throughout the entire product lifecycle.

ISO 13485 supports consistent and compliant performance of medical devices by requiring documented procedures, traceability, control and monitoring of manufacturing processes, and effective change control throughout the product lifecycle. Risk management spans design, production, and post-market activities, reducing nonconformities and improving patient safety across the device lifecycle.

Moreover, ISO 13485 certification is essential for accessing regulated markets and is a core requirement for participation in the Medical Device Single Audit Program (MDSAP).

ISO 13485 recognition by regulatory bodies such as the FDA, Health Canada, Therapeutic Goods Administration (TGA), and EU-notified bodies underscores its global relevance.

ISO 13485 certification demonstrates that a company has a robust, independently assessed QMS, strengthening trust with both customers and regulators.

What Are the Benefits of ISO 13485?

The benefits of implementing ISO 13485 are listed below.

  • Achieve Regulatory Compliance: Aligns quality systems with the EU Medical Device Regulation (MDR), FDA Quality System Regulation, and MDSAP, simplifying global audits and approvals.
  • Improve Product Quality: Establishes controls through design, production, and post-market processes that minimize variability and defects.
  • Implement Risk Management: Requires documented risk analysis, risk evaluation, risk control, and ongoing risk monitoring throughout the product lifecycle.
  • Build Customer Confidence: Demonstrates commitment to safety and quality, improving reputation and trust among clients and partners.
  • Expand Market Access: Enables entry into multiple international markets through certification.
  • Increase Process Efficiency:  Standardizes procedures and documentation, reducing waste, rework, and errors.
  • Strengthen Supplier Control: Enhances oversight of external parties by consistently evaluating and monitoring external providers throughout the product lifecycle.
  • Ensure Audit Readiness: Maintains records and documentation required for traceability, internal, regulatory, and customer audits.

What Is the Structure of ISO 13485?

The structure of ISO 13485 is divided into eight (8) clauses that cover quality system components, which are listed below.

  • Clause 1 Scope: Defines the standard’s applicability and limitations regarding medical device organizations and allowable exclusions.
  • Clause 2 Normative References: Lists essential referenced standards for applying ISO 13485 consistently and correctly.
  • Clause 3 Terms and Definitions: Standardizes terminology used throughout the document to ensure uniform interpretation across quality processes.
  • Clause 4 Quality Management System: Establishes general QMS requirements, including document control, quality manual, and records management procedures.
  • Clause 5 Management Responsibility: Specifies top management duties including policy, planning, communication, and management review of QMS.
  • Clause 6 Resource Management: Provides and maintains resources, including competent personnel, infrastructure, and a suitable work environment.
  • Clause 7 Product Realization: Plans and implements product lifecycle processes, from design and purchasing to production, installation, and servicing.
  • Clause 8 Measurement, Analysis, and Improvement: Monitors and evaluates QMS performance through monitoring and measurement of processes/products, audits, nonconformity management, data analysis, corrective actions, and continual improvement.

What Are the Key ISO 13485 Requirements?

The key ISO 13485 requirements span from clause 4 to clause 8, forming the foundation of a compliant QMS for medical device organizations. Clauses 4, 5, 6, 7, and 8 cover essential areas of documentation, leadership, resource planning, product lifecycle management, and continual improvement.

Clause 4 Quality Management System

The foundation of a Quality Management System (QMS) is outlined in clause 4 of ISO 13485, which specifies the requirements for establishing, documenting, implementing, and maintaining a quality management system.

Clause 4 QMS governs system documentation, process interaction, record control, and document change management.

Clause 4 serves as the operational backbone of ISO 13485, ensuring a systematic and traceable framework to support consistent compliance and continuous improvement.

Clause 4 QMS has two (2) subclauses, namely the general requirements and documentation requirements.

General Requirements

The general requirements section under clause 4 in ISO 13485 sets foundational expectations for establishing and managing the QMS. The general requirements focus on defining, implementing, and maintaining process control within the organization.

The primary expectations set forth in the standard are itemized below.

  • Establish the QMS: Define, document, and implement the quality management system, including identification of processes, their interactions, sequence, and how they are controlled and measured.
  • Maintain the QMS: Operate and continually improve the QMS to sustain effectiveness, ensure product conformity, and meet regulatory obligations.
  • Manage Outsourced Processes: Control outsourced processes that impact product quality through documented agreements and verification of compliance.
  • Apply Risk-based Control: Integrate risk management principles across applicable QMS processes to align with safety and regulatory expectations.                

Documentation Requirements

The documentation requirements section under clause 4 of ISO 13485 outlines how medical device organizations must create, control, and maintain documentation essential to the effective operation of the QMS.

The subclauses for documentation requirements are listed below.     

  • General: Define, approve, and implement quality policy, objectives, and manual along with procedures, work instructions, and records necessary for effective QMS operation and regulatory alignment.       
  • Quality Manual: Create and control a quality manual that includes the scope of the QMS, referenced procedures, and a description of process interactions.             
  • Medical Device File: Maintain a file for each medical device or device family that contains a general description of the device, product specifications, manufacturing procedures, labeling, and quality controls.            
  • Control of Documents: Review, approve, and update documents while preventing the unintended use of retired/obsolete/superseded versions.               
  • Control of Records: Identify, protect, and retain records that serve as objective evidence of conformity to requirements and QMS effectiveness.          

Clause 5 Management Responsibility

Clause 5 management responsibility of ISO 13485 defines the obligations of top management to ensure the effectiveness and regulatory alignment of the QMS.

Clause 5 management responsibility emphasizes leadership involvement in setting the strategic direction of the QMS by requiring the establishment and communication of a clear quality policy and objectives.

Management must also conduct regular QMS reviews, assign roles and responsibilities to ensure regulatory compliance and plan for resource allocation and system improvements. This clause provides that the QMS is driven by informed leadership, fostering a culture of quality and compliance throughout the organization.

Clause 5 Management Responsibility has six (6) subclauses listed below.

  • Management Commitment: Top management shall demonstrate leadership and commitment to the QMS by aligning quality objectives with regulatory requirements, product safety, and continual improvement in the medical device lifecycle. 
  • Customer Focus: The organization shall ensure that customer requirements are understood and fulfilled, emphasizing enhancing customer satisfaction and meeting applicable statutory and regulatory compliance.
  • Quality Policy: Top management must establish and maintain a documented quality policy that aligns with ISO 13485 requirements.                
  • Planning: QMS planning shall ensure alignment with ISO 13485 clauses and risk management activities, addressing quality objectives, resource needs, and changes affecting the integrity of the system.
  • Responsibility, Authority, Communication: Organizational roles, responsibilities, and authorities shall be defined and communicated clearly to ensure accountability and effective internal communication.
  • Management Review: The organization shall conduct planned management reviews at defined intervals to assess the QMS’s suitability and effectiveness, based on defined inputs and resulting in documented outcomes (e.g., improvement actions).             

Management Commitment

The management commitment section of ISO 13485, Clause 5, requires top management to actively support and maintain the QMS. This responsibility includes providing strategic direction, allocating necessary resources, and performing management reviews to ensure the QMS remains effective, compliant, and aligned with both regulatory requirements and customer expectations.

Through visible commitment, clear communication of quality objectives, and ongoing oversight, leadership ensures that the QMS is effectively implemented. The management involvement also drives continuous improvement to support product quality and patient safety.

Customer Focus

The customer focus section under clause 5 emphasizes that top management must identify and fulfill customer and regulatory requirements to maintain product quality and compliance.

Companies must identify applicable customers, statutory, and regulatory obligations, and integrate them into QMS processes.             

Quality Policy

A quality policy is a formal, high-level statement of an organization that defines its commitment to quality, regulatory compliance, and continuous improvement within the scope of a medical device QMS.

Under ISO 13485:2016, Clause 5.3, the quality policy must comply with the following.

  • Be appropriate to the purpose and context of the organization, including the nature of the medical devices being produced.
  • Include a commitment to meet applicable regulatory requirements and maintain the effectiveness of the QMS.
  • Provide a framework for setting quality objectives.
  • Be communicated and understood within the organization.
  • Be reviewed for continued suitability.                                 

Planning

The planning section under clause 5 ensures that organizations define measurable quality objectives and plan how to achieve them within the QMS. 

Two aspects of planning are listed below.

  • Quality Objectives: Define measurable quality objectives consistent with the quality policy.              
  • Quality Management System Planning: Plan QMS by ensuring compliance with quality objectives and ISO 13485 requirements, and planning changes to ensure the integrity of the system is preserved.

Responsibility, Authority, Communication

Responsibility, authority, and communication section of ISO 13485 Clause 5 ensures that organizational roles and responsibilities are clearly defined, assigned, and communicated to support the effective operation of the QMS.

The primary expectations of responsibility, authority, and communication sections are listed below.

  • Responsibility and Authority: Define roles, assign, and document responsibilities and authorities for all personnel managing or performing QMS-related processes.
  • Management Representative: Appoint a representative or designate a member of management with authority to oversee QMS implementation and ongoing conformity.
  • Internal Communication: Establish communication processes to promote awareness of QMS effectiveness and applicable regulatory requirements.

Management Review

The management review section, under Clause 5, requires top management to systematically evaluate the QMS at planned intervals to ensure its effectiveness and regulatory compliance.

The management review has subclauses listed below.              

  • General: Organizations must conduct management reviews at defined intervals to assess the suitability, adequacy, and effectiveness of the QMS. Each review must include assessing improvement opportunities and the need for change within the QMS.
  • Review Input:  Review input refers to the data and information assessed during management reviews.Performance data such as audit findings, customer feedback, process metrics, nonconformities, corrective actions, and relevant external factors must inform management reviews.
  • Review Output: Review output refers to the decisions and actions taken due to the review. Review output includes resource changes, corrective actions, or updates to product design.  

Clause 6 Resource Management

The resource management section, under clause 6, ensures that organizations allocate the necessary resources to implement, maintain, and continually improve the QMS. These resources must also support compliance with product specifications and regulatory requirements. 

Resource management covers four sections listed below.

  • Provision of Resources: The organization shall determine and provide adequate resources to establish, implement, maintain, and continually improve the QMS.         
  • Human Resources: The organization shall establish competence evaluation criteria, ensure competency, and maintain training records while promoting awareness of quality and regulatory requirements throughout the organization.
  • Infrastructure: The organization shall provide and maintain suitable infrastructure, including buildings, workspace, process equipment, and supporting utilities.
  • Work Environment and Contamination Control: The work environment shall be managed to ensure product conformity.     

Provision of Resources

The provision of resources under ISO 13485, Clause 6, mandates that organizations ensure the adequacy of resources needed to maintain the effectiveness of the QMS and ensure product conformity.

The provision of resources includes providing appropriate personnel, infrastructure, equipment, and work environments to support all processes that affect product quality.

Additionally, organizations must allocate sufficient resources to meet regulatory and customer requirements. The provision of resources supports continuous compliance, operational consistency, and patient safety throughout the medical device lifecycle.

Human Resources

The human resources section of ISO 13485 clause 6 requires organizations to ensure that all personnel performing tasks that affect product quality are competent, based on appropriate education, training, skills, and experience.

Companies must establish procedures to verify and maintain employee qualifications. Training must align with current regulatory and operational requirements. Organizations must maintain documented records of all training activities, competence assessments, and employee qualifications. These training records support ongoing compliance and readiness for audits and inspections.

Infrastructure

Infrastructure under ISO 13485 clause 6 requires organizations to establish and maintain the infrastructure to ensure product conformity. Infrastructure includes adequate buildings, equipment, utilities, and information systems.

Organizations must implement processes for infrastructure and equipment maintenance. Effective infrastructure control prevents quality issues caused by environmental or equipment-related deficiencies. Adequate and appropriate infrastructure supports consistent product performance and compliance with regulatory standards.

Work Environment and Contamination Control

The work environment and contamination control section of ISO 13485 clause 6 requires organizations to manage and maintain a controlled working environment that supports product quality and safety.

  • Work Environment: The organization shall identify and control environmental conditions that can impact device performance, such as cleanliness, humidity, temperature, and particulate contamination, particularly for sterile or sensitive medical devices.
  • Contamination Control: The organizationimplements contamination control procedures, including cleanroom controls, personnel hygiene, and special handling protocols.                         

Clause 7 Product Realization

Product realization under ISO 13485 clause 7 defines the requirements for planning and implementing processes to deliver medical devices that meet customer and regulatory requirements. The product realization applies across the entire product lifecycle, including planning, design, development, purchasing, production, and delivery.

Organizations must establish product acceptance criteria, manage design verification and validation, and control suppliers. Where applicable, organizations must also implement traceability and cleanliness controls. Risk management must be embedded throughout all stages. Any outsourced processes must be monitored and controlled to ensure compliance.

Planning of Product Realization

The planning of the product realization section of ISO 13485 clause 7 requires organizations to establish documented plans for all stages of product realization, including design and development, purchasing, production, and servicing.

The product realization plans must clearly define process steps, acceptance criteria, and resource requirements, and align with the broader QMS. Planning must incorporate required verification, validation, traceability, and documentation.

Additionally, a risk-based approach must be applied throughout each phase to identify and control potential product and process risks, ensuring product safety and regulatory compliance.                          

Customer-related processes

The customer-related processes section of clause 7 Product Realization is divided into three (3) subclauses listed below.

  • Determination of Requirements related to Product: Determine explicit and implicit customer requirements, including regulatory, functional, and performance needs.         
  • Review of Requirements Related to Product: Check feasibility by reviewing customer and regulatory requirements before committing to supply and document the review results and changes.
  • Communication: Implement processes to communicate effectively with customers regarding product information, feedback, contracts, and complaints. Handle customer inquiries and reports through controlled, documented processes.

Design and Development

The Design and Development section requires medical device organizations to implement structured and documented product development processes. These processes must ensure that devices meet both regulatory and customer requirements. The requirements apply to all stages of device development.

The specific subsections of Design and Development are listed below.

  • General: Establish and document a design and development process with appropriate controls and records based on device type and regulatory requirements.
  • Design and Development Planning: Plan design and development by defining team responsibilities and outlining stages, reviews, verification, validation, and design transfer activities.          
  • Design and Development Inputs: Collect input data by defining functional, performance, usability, safety, and regulatory requirements.
  • Design and Development Outputs: Define manufacturing, inspection, and servicing specifications that ensure product safety and efficacy. Ensure outputs are in a form suitable for verification against design inputs.
  • Design and Development Review: Perform systematic reviews of design and development to assess the ability of the results of design and development to meet requirements and determine any necessary actions.                              
  • Design and Development Verification: Verify output matches input requirements by using verification procedures and documenting acceptance criteria.
  • Design and Development Validation: Validate that the final product meets user needs under actual or simulated conditions, with documented methods, acceptance criteria, results, and conclusions.     
  • Design and Development Transfer: Ensure all finalized production specifications are complete, approved, and effectively transferred to production, supported by documented procedures and records confirming readiness for manufacture.
  • Control of Design and Development Changes: Evaluate, document, and control all design changes, ensuring traceability of review, verification, validation (as required), approval, and implementation.
  • Design and Development Files: Maintain design and development files for each product, including records that confirm conformity to design and development requirements and records for any design changes.

Purchasing

The purchasing section, under clause 7 of Product Realization, ensures control over externally provided products and services that impact the quality of medical devices.

Organizations must establish documented processes to select, evaluate, and monitor suppliers, ensuring ongoing compliance and performance.

The subclauses under purchasing include the following.

  • Purchasing Process: The purchasing process involves selecting and evaluating suppliers based on their ability to meet defined requirements, maintaining records of evaluations and approvals, and controlling outsourced processes that affect product quality.
  • Purchasing Information: Purchasing information must define product, material, and process requirements. This information includes relevant data such as specifications, drawings, and supplier responsibilities, and should be reviewed for clarity and adequacy before release.
  • Verification of Purchased Product: Verification of purchased products involves inspecting incoming items to ensure they meet defined requirements. Other requirements include documenting verification results, addressing nonconformities, and preventing the use of materials that do not conform to purchase specifications.

Production and Service Provision

The production and service provision section of ISO 13485 clause 7 defines the requirements for planning, executing, and controlling operational processes to ensure that medical devices and related services meet specified requirements.

Organizations must establish documented procedures that govern manufacturing operations, installation, and servicing, ensuring that each activity is carried out under controlled conditions. These controls must address the use of appropriate equipment, environmental conditions, personnel qualifications, and monitoring activities to verify that final products conform to both customer expectations and regulatory obligations.

Production and service provision are divided into the subsections listed below.

  • Control of Production and Service Provision: Implement documented procedures and controlled conditions, including equipment, work instructions, and in-process monitoring.
  • Cleanliness of Product: Define and control cleanliness requirements and contamination control under specified conditions.
  • Installation Activities: Provide documented installation instructions and acceptance criteria for verification of installation as appropriate.
  • Servicing Activities: Establish procedures and acceptance criteria for servicing medical devices and ensure they are executed and recorded consistently.
  • Particular requirements for Sterile Medical Devices: Maintain records of sterilization process parameters and ensure traceability of records to each production batch.
  • Validation of Processes for Production and Service Provision: Validate processes whose outcomes cannot be fully verified (e.g., sterilization or welding), and revalidate after changes.
  • Particular Requirements for Validation of Processes for Sterilization and Sterile Barrier Systems: Establish and validate sterilization processes and barrier system performance to ensure they meet predefined sterility requirements.
  • Identification: Maintain product identification throughout production to differentiate conforming from nonconforming products at every stage.
  • Traceability: Track components, materials, and work environment conditions, and retain records linking each unit or batch to critical data.
  • Customer Property: Identify, verify, protect, and account for customer-supplied materials, components, or data to prevent loss or misuse.
  • Preservation of Product: Control labeling, packaging, handling, and storage to protect product integrity until delivery or point of use.

Control of Monitoring and Measuring Equipment

The control of monitoring and measuring equipment section of ISO 13485 clause 7 ensures that all instruments and tools used to verify product conformity are properly identified, calibrated, verified, and maintained.

Organizations must determine which equipment is required to ensure product specifications are met and calibrate these instruments at defined intervals or before use using traceable standards. Accurate and complete calibration records, including dates, results, and status, must be maintained. Equipment must also be protected from damage, environmental conditions, and unauthorized adjustments that could affect accuracy.

Additionally, any software used for measurement or monitoring must be validated before and after any changes. The organization must assess the potential impact on past measurement results and document any necessary corrective actions if equipment is discovered out of calibration.          

Clause 8 Measurement, Analysis, and Improvement

Clause 8 measurement, analysis, and improvement of ISO 13485 outlines the requirements for monitoring, measuring, analyzing, and improving the effectiveness of the QMS and the conformity of medical devices.

Clause 8 ensures organizations implement processes to evaluate performance, identify nonconformities, and drive continual improvement. Key elements include feedback mechanisms, such as customer complaints and post-market surveillance (PMS). Other components include internal audits, monitoring and measuring of processes and products, data analysis, and corrective and preventive actions (CAPA) to address issues systematically.

Moreover, Clause 8 requires that organizations monitor the trends and effectiveness of improvement actions, verify that processes remain compliant with regulatory requirements, and support device safety and effectiveness.                 

General

The general section under clause 8 mandates organizations to establish and implement documented procedures for monitoring, measuring, analyzing, and improving the QMS to ensure ongoing compliance, product conformity, and continual improvement.                   

Monitoring and Measurement

The monitoring and measurement section of ISO 13485 clause 8 requires organizations to systematically evaluate the performance and effectiveness of their QMS and related processes.

The monitoring and measurement include the following.

  • Feedback: Collect and assess feedback from production and post-production to evaluate device performance and identify opportunities for improvement.
  • Complaint Handling: Manage complaints and establish a documented complaint-handling procedure, including evaluation, investigation, and response.
  • Reporting to Regulatory Authorities: Report adverse events and submit required reports of serious incidents or nonconformities to relevant regulatory bodies.    
  • Internal Audit: Plan and perform audits at regular intervals to verify QMS effectiveness and compliance.
  • Monitoring and Measurement of Processes: Track the performance of QMS processes to confirm they are operating as intended and producing compliant results.
  • Monitoring and Measurement of Products: Inspect and test products at appropriate stages of realization.       

Control of Nonconforming Product

The control of nonconforming product section of ISO 13485 clause 8 requires organizations to establish documented procedures to identify, document, evaluate, and control nonconforming products at any stage of the medical device lifecycle.

Controls of nonconforming products prevent the unintended use or delivery of defective or noncompliant products. The process must include defined responsibilities for deciding the disposition of nonconforming items (e.g., rework, scrap, return) and implementing appropriate corrective actions.

Organizations must ensure the traceability of nonconformities to support root cause analysis and regulatory reporting where applicable.

The control of the nonconforming product section covers the following.

  • General: Identify and control nonconformities to prevent unintended use or delivery of nonconforming products through defined procedures.
  • Actions in Response to Nonconforming Product Detected Before Delivery: Segregate and evaluate the nonconforming product, then decide on rework, acceptance under concession, or disposal.
  • Actions in Response to Nonconforming Product Detected After Delivery: Take corrective actions, investigate and resolve issues, and notify affected customers and authorities if needed.
  • Rework: Perform rework in accordance with documented rework instructions; reassess the product after rework to ensure it meets applicable acceptance criteria and regulatory requirements.

Analysis of Data

Analysis of data section under clause 8 mandates organizations to analyze feedback, audit findings, process and product performance metrics, suppliers, and nonconformities to identify trends, recurring issues, and potential risks. These insights help support data-driven decisions that improve product quality, regulatory compliance, and customer satisfaction.

Improvement

The improvement section under clause 8 requires organizations to implement systematic processes for identifying and acting on opportunities for improvement.

The improvement section includes the following.

  • General: Improve the effectiveness of the QMS by using data from monitoring, measurement, and analysis to support informed decisions.
  • Corrective Action: Investigate the root causes of nonconformities or issues and implement actions to eliminate their recurrence and restore compliance.
  • Preventive Action: Identify potential nonconformities and take proactive measures to prevent the occurrence of issues before they arise.

How to Implement ISO 13485?

To implement ISO 13485, an organization can consider the following steps listed below.

  1. Understand ISO 13485 Requirements: Review the full standard to determine applicable clauses, permitted exclusions, and documentation obligations relevant to your organization’s scope and operations.
  2. Secure Management Commitment: Engage top management to define the quality policy, allocate necessary resources, and assign clear responsibilities for implementing and maintaining the QMS.
  3. Conduct a Gap Analysis: Compare existing quality processes against ISO 13485 requirements to identify compliance gaps and system deficiencies.
  4. Develop a Project Plan: Create a structured QMS implementation roadmap with defined phases, timelines, task ownership, and resource planning.
  5. Establish Documentation: Draft the quality manual, procedures, work instructions, and records required by ISO 13485.
  6. Implement QMS Processes: Apply documented procedures across departments such as design, purchasing, production, and risk management to standardize operations.
  7. Train Personnel: Train all relevant staff in QMS roles, procedures, and regulatory expectations to ensure competent execution and compliance.
  8. Conduct Internal Audits: Evaluate process performance and compliance through internal audits to verify readiness for external certification.
  9. Review System Performance: Hold management reviews to assess QMS effectiveness, identify opportunities for improvement, and address customer and regulatory feedback.
  10. Apply for ISO 13485 Certification: Select an accredited certification body, undergo an external audit, and resolve nonconformities to achieve ISO 13485 certification.

What Is the ISO 13485 Certification Process?

The typical ISO 13485 certification process is listed below.

  1. Select a Certification Body: Choose an accredited certification body with expertise in medical device QMS audits and market-recognized accreditation.
  2. Submit Application: Provide company details, QMS scope, and site information to initiate the certification process with the selected certification body.
  3. Stage 1 Audit – Documentation Review: Undergo a review of QMS documentation to confirm completeness, structure, and alignment with ISO 13485 requirements.
  4. Stage 2 Audit – On-Site Assessment: Support a detailed, on-site audit of implemented procedures, process execution, records, and employee competence.
  5. Address Nonconformities: Implement corrective actions and submit evidence to resolve nonconformities identified during the audit stages.
  6. Certification Decision: Receive ISO 13485 certification upon successful verification of conformance by the certification body. Certification may be delayed until corrective actions are implemented and verified if nonconformities or inadequacies are identified.
  7. Surveillance Audits: Undergo surveillance audits to confirm ongoing compliance and continual improvement of the QMS.
  8. Recertification Audit: Complete a full recertification audit every 3 years to renew ISO 13485 certification and reassess system effectiveness.

ISO 13485:2016 certification provides significant benefits for medical device organizations. It confirms compliance with internationally recognized QMS standards for safety, performance, and regulatory alignment. Through third-party validation, it supports global market access, strengthens process control and risk management, and builds trust with regulators and stakeholders.

According to the ISO Survey 2023 results, 32,963 valid ISO 13485:2016 certificates were issued globally, covering 52,950 certified sites across various countries. These figures reflect continued global adoption and the importance of ISO 13485 in maintaining a high-quality standard across the medical device lifecycle.

What Is the Difference Between ISO 13485 and EN ISO 13485?

The main difference between ISO 13485 and EN ISO 13485 lies in their application context. ISO 13485 is the internationally recognized standard for QMS in the medical device industry. ISO 13485 defines QMS requirements for organizations involved in designing, manufacturing, and servicing medical devices globally.

In contrast, EN ISO 13485 is the European-adopted version of the ISO 13485 standard. EN ISO 13485 is harmonized under the EU regulatory framework and includes a Z Annex. The Z Annex maps the ISO 13485 clauses to the specific requirements of the EU Medical Device Regulation (MDR) and EU In Vitro Diagnostic Regulation (IVDR).

Additionally, ISO 13485 provides a global QMS baseline. Compliance with EN ISO 13485 demonstrates that a manufacturer has a robust QMS, which is a key requirement for CE marking under EU regulations. CE marking is required to place medical devices in the European Economic Area (EEA) market.       

What Is the Difference Between ISO 13485 and ISO 9001?

The primary difference between ISO 13485 and ISO 9001 lies in industry application and structured clause format.

ISO 13485 is a QMS standard containing eight clauses specifically developed for organizations involved in designing, manufacturing, and servicing medical devices. ISO 13485 emphasizes regulatory compliance and includes specific requirements for risk management, product traceability,  sterile products, and implantable devices.

In contrast, ISO 9001 is a general QMS standard with 10 clauses applicable to all industries. ISO 9001 focuses on continual improvement and customer satisfaction but does not contain industry-specific or prescriptive regulatory-driven provisions.

What Is the Difference Between ISO 13485 and FDA 21 CFR Part 820?

The key difference between ISO 13485 and FDA 21 CFR Part 820 is their legal status and geographic scope.

ISO 13485 is a voluntary international standard that defines QMS requirements for medical device organizations. ISO 13485 supports compliance across multiple regulatory jurisdictions worldwide. Although certification is not mandatory, it is often a prerequisite for market access in many countries.

Conversely, FDA 21 CFR Part 820 is a legally binding regulation issued by the U.S. Food and Drug Administration (FDA). FDA 21 CFR Part 820 governs the Quality System Regulation (QSR) for medical device manufacturers selling products in the United States.

As part of a global harmonization initiative, the FDA has introduced the Quality Management System Regulation (QMSR), which formally incorporates ISO 13485 by reference. The final rule was published on February 2, 2024, and will take effect on February 2, 2026.

How Does Medical Device QMS Software Support ISO 13485 Compliance?

Medical device QMS software supports ISO 13485 compliance by digitizing and automating quality system processes essential for meeting regulatory and medical device safety requirements.

Medical device QMS software centralizes document control, automates CAPA management, streamlines supplier audits, and tracks training compliance. Other features include complaint handling, nonconformance handling, and vigilance compliance. These features collectively support a structured and traceable QMS by ensuring all processes are interconnected and the ability to link related documents.

SimplerQMS is a medical device QMS software purpose-built for companies operating under ISO 13485 and other regulatory frameworks such as EU MDR, EU IVDR, and FDA 21 CFR 820. SimplerQMS offers comprehensive QMS modules that automate processes for document management, CAPA, complaint handling, supplier oversight, audits management, design control, and more.

SimplerQMS

Cookie Policy

Privacy Policy

Copyright © 2025 SimplerQMS. All rights reserved.

Modules

Document Control

Training Management

Change Control

Nonconformance Management

CAPA Management

Complaints Management

Audit Management

Risk Management

Equipment Management

Supplier Management

Electronic Batch Records

Product Management

View all modules

Product

Overview (QMS Software)

Implementation

Compliance

Technology

Pricing

Solutions

Medical Device

Pharma & Biotech

Laboratories

CRO & CMO

Company

About Us

Contact Us

Contact Support

Contact Sales

Experience

Careers

Our Customers

Resources

Blog Articles

Quality Digest Newsletter

View all resources