Illustration of an Integrated ISO 13485 QMS

ISO 13485:2016 Compliant QMS [Role of an eQMS]

by | Feb 7, 2023 | QMS, Regulations

The ISO 13485:2016 is an international regulatory standard that specifies the requirements for Quality Management Systems (QMS) in the medical device industry.

A QMS that meets the ISO 13485:2016 requirements demonstrates a commitment to quality and customer satisfaction, which is essential to any medical device manufacturer.

This article will discuss the purpose of the ISO 13485:2016 standard, its main requirements, and eQMS software’s role in supporting compliance with the ISO 13485:2016.

SimplerQMS helped several medical device companies transition from paper-based and hybrid systems to eQMS and easily manage all quality management processes in one system. We are ISO 13485:2016 certified, and our software supports compliance with QMS requirements outlined in ISO 13485:2016, US FDA 21 CFR Part 820 (QSR), and EU MDR.

Request a personalized demo if you want to learn more about how SimplerQMS can support compliance with ISO 13485.

Learn about the ISO 13485:2016 standard by exploring these topics:

What Is the ISO 13485:2016 Quality Management System Standard?

The ISO 13485:2016 is an international regulatory standard that specifies medical device manufacturers’ Quality Management System (QMS) requirements. It can be used by an organization involved in one or more stages of the life cycle of a medical device.

Any company involved in the design, development, manufacturing, storage, delivery, installation, or technical support of medical devices must be able to prove that its products and related services consistently meet customer and regulatory requirements.

Medical device manufacturers that comply with the ISO 13485:2016 requirements have processes in place to ensure device quality and safety to their customers.

The processes required by the ISO 13485:2016 standard concern quality management for medical devices, much like the FDA 21 CFR Part 820, also known as the Quality System Regulation (QSR).

The FDA QSR specifies the current good manufacturing practice requirements for finished devices in the US market for human use.

Both the ISO 13485:2016 and FDA 21 CFR Part 820 requirements are entirely comparable. And in February 2022, the FDA issued a proposed rule to harmonize the 21 CFR Part 820 with the ISO 13485:2016.

The goal is to align the US regulation more closely with the international consensus standard of QMS for medical devices used by many other regulatory authorities worldwide in the years to come.

The ISO 13485:2016 is also related to the EU Medical Device Regulation (MDR) regarding the QMS requirements for medical device manufacturers.

However, the MDR is more comprehensive than the ISO 13485:2016 and specifies other requirements for medical devices.

Manufacturers of medical devices in the European market usually adhere to the ISO 13485:2016 standard. ISO 13485:2016 certified manufacturers can speed up the MDR certification process regarding the QMS requirements.

To become ISO 13485:2016 certified, obtain FDA clearance, and MDR certification, medical device manufacturers must have a QMS that complies with the relevant regulations and standards requirements.

It is possible to comply with the QMS requirements in these regulations and standards using paper-based or hybrid QMS systems, but it can be challenging. Various issues can arise, including losing documents, physical storage issues, auditing problems, etc.

While with electronic quality management systems (eQMS), medical device manufacturers can count on workflow automation, electronic signatures, data security, and cloud-based storage. It is also possible to ensure responsibility by assigning specific people to specific tasks.

That is why companies are increasingly turning to eQMS software solutions. Electronic QMS solutions allow medical device companies to effectively manage their QMS documentation and simplify the process of achieving compliance with the ISO 13485:2016. 

Such software offers a convenient way to manage the required records and documents, including procedures and protocols. It also streamlines various processes, such as managing customer complaints, changes, non-conformances, and CAPAs.

SimplerQMS is an eQMS software solution that offers a cloud-based platform to help medical device companies manage their documentation and processes in compliance with the ISO 13485:2016.

What Is the Purpose of ISO 13485:2016 QMS Standard?

The purpose of ISO 13485:2016 is to set forth the QMS requirements for medical device organizations to ensure their devices and services consistently meet customer and regulatory requirements.

Having ISO 13485:2016 compliance facilitates medical device manufacturers to align their QMS more closely with relevant requirements in FDA 21 CFR Part 820 and MDR.

Previously, in the European Economic Area, the Medical Devices Directive (MDD) set all the necessary steps to ensure that medical devices were placed on the market legally and safely. Being a directive, it was voluntary and individual countries could create their regulations.

The MDD was replaced by the Medical Device Regulation (MDR) in May 2021.

The MDR is a regulation and, therefore, mandatory for the medical devices industry in the EU. It ensures that medical devices produced in or supplied to the EU must be safe for the end user and of high and uniform quality. MDR covers the whole device’s life cycle processes and specifies the QMS requirements for medical devices.

Since the ISO 13485:2016 is a QMS standard for the medical device industry, compliance with it reflects the QMS requirements stated in the MDR and FDA 21 CFR Part 820.

What Are the Requirements of ISO 13485:2016 Standard?

ISO 13485:2016 standard has several sections to cover all the requirements for QMS. It brings a greater emphasis on risk management and risk-based decision-making than in previous editions.


Below, we will briefly discuss some of the sections presented in the ISO 13485:2016 standard. The information here is just a part of the standard and has educational purposes only. Please always refer to ISO 13485:2016 standard for official information.

Sections 1 to 3 are related to the scope, normative references, and terms and definitions. This article will not focus on these sections. If you want to learn more, please refer to the complete ISO 13485:2016 standard.

Quality Management System (Section 4)

Medical device organizations must document QMS-related procedures and ensure they comply with the ISO 13485:2016 requirements.

This means manufacturers need to implement and maintain processes regarding quality manuals, medical device files, control of documents, control of records, and any other procedure regarding the manufacturing of medical devices.

Documentation is a core element of QMS. Having well-documented procedures ensures that processes are consistently performed, and that personnel is aware of the processes for each task.

Document changes also need to be controlled. The change control ensures the distribution and record of responsibility, records the workflow of the change and provides audit traceability.

SimplerQMS provides a complete eQMS solution for the medical device industry, having all QMS modules in place, including the core modules such as document control, change management, training, audit management, risk management, CAPA, non-conformance, supplier management, and so on.

Moreover, any computer software used as an eQMS should always be fully validated. After any update, a full validation must be performed, and all validation documentation must be readily available at any time.

The SimplerQMS system is fully validated according to GAMP5. We perform monthly re-validation of the system, freeing our customers from spending time on software validation activities. The system fully complies with the ISO 13485:2016, 21 CFR Part 11 and 820, and the EU Annex 11 requirements regarding validation and electronic signatures.

Medical Device Quality Management System Processes

Management Responsibility (Section 5)

Medical device companies’ top management must ensure that responsibilities and authorities are defined, documented, and communicated within the organization.

The top management is responsible for monitoring the efficiency and effectiveness of the QMS.

Resource Management (Section 6)

Medical device manufacturers must provide the necessary resources to implement QMS, maintain effectiveness, and meet applicable regulatory and customer requirements. These resources can be in the form of infrastructure and personnel ongoing training and competencies management.

Infrastructure includes buildings, workspace, equipment, transport, and communication systems. All maintenance activities are required to be documented.

Regarding the equipment, it is important to have QMS software that supports equipment management. SimplerQMS offers a solution that allows medical device organizations to create a list of all equipment, monitor the current state of equipment, schedule calibrations, send automatic notifications for maintenance tasks due dates, and more.

One important part of personnel resources management is providing training. Employees need to receive training in a wide range of documents to ensure that their competencies match company requirements and that the knowledge of their impact on the quality and safety of the products is known.

You can achieve efficient, well-recorded, and compliant training processes with SimplerQMS Training Management Software.

Various features are available, including creating training plans, routing training plans for review or updating, measuring training effectiveness with customizable quizzes, monitoring training with status reports, and automatically setting periodic tasks so training will be repeated after one year, for example, and much more.

Product Realization (Section 7)

As part of product realization, efficient quality procedures are established for the design, development, manufacture, packaging, labeling, and transportation of every medical device manufactured by your company.

When using an eQMS, such as SimplerQMS, the final product release document can easily be reviewed, approved, and linked to all the people and processes related to medical device manufacturing.

Design and Development (Section 7.3)

The design and development of a medical device must be planned and controlled to ensure performance, usability, and safety requirements according to the intended use.

A high volume of documents is generated during this phase of a medical device lifecycle, and all input, output, and changes need to be recorded.

SimplerQMS Design Control Software facilitates the development of your medical devices by managing design and development plans, design review, verification, validation, and design transfer.

The system allows the creation of customizable views, snapshots of document collections, and more. You can also relate design control documentation to relevant documents and regulatory chapters.

Recommended Reading: Design Controls for Medical Devices

SimplerQMS Medical Device Technical File View

Purchasing (Section 7.4)

This subsection of the ISO 13485:2016 specifies that manufacturers must select and evaluate suppliers.

For instance, manufacturers need to have a plan for monitoring, re-evaluating, and auditing suppliers. During these audits, eventual audit findings must be assessed and documented.

Medical device organizations can manage and monitor suppliers more effectively with eQMS software that also supports supplier management processes.

SimplerQMS Supplier Quality Management Software allows you to create and maintain Approved Supplier List, schedule supplier audits, set up automatic reminders for tasks’ due dates and certificate expiration dates, etc.

Recommended Reading: Medical Device Supplier Management Process (8 Steps)

Control of Monitoring and Measuring Equipment (Section 7.6)

Medical device organizations must monitor and control equipment related to devices providing evidence of device conformity with the ISO 13485:2016 standard.

Among other things, companies need to implement and record periodic equipment tasks, such as calibrations and adjustments, according to the applicable guidelines.

SimplerQMS supports equipment management processes, including calibration and maintenance activities.

For instance, the system sends notifications to specific personnel to inform them about a calibration or maintenance task before due dates. It automatically creates a complete equipment calibration and maintenance log readily available for audits.

Measurement, Analysis, and Improvement (Section 8)

This section of the ISO 13485:2016 emphasizes the monitoring, measuring, analyzing, and improving processes needed to demonstrate product conformity and ensure the effectiveness of the QMS.

To comply with post-market surveillance requirements, medical device manufacturers must gather and monitor information if their device has met customer requirements, using appropriate methods, including statistical techniques, feedback, and customer complaints.

Complaint handling is one of several important processes since it is through complaints that customers give feedback on non-conformance and adverse events of medical devices.

In SimplerQMS software, companies can create complaint documents using templates based on requirements. These complaints can be initiated from several different sources. SimplerQMS has pre-configured workflows that can guide you in handling complaints.

One way of handling a complaint can be escalating it to a CAPA. For example, during an external audit, any audit findings must be escalated to a CAPA.

SimplerQMS CAPA Management Software allows medical device companies to initiate the CAPA process directly from audit findings with just a few clicks and link all documents together.

Furthermore, companies can easily use SimplerQMS Audit Management Software to schedule, conduct, document, and report on internal, regulatory, and supplier audits. This helps manage and track audit-related activities, assign tasks and responsibilities, and ensure the timely completion of assignments.

What Does It Mean To Be ISO 13485:2016 Certified?

To be ISO 13485:2016 certified means that an organization has a QMS that complies with the requirements of the ISO 13485:2016 standard and is certified by an external certification body.

Medical device companies can choose the scope of their certification. This means a manufacturer can have a QMS ISO 13485:2016 certificated only in specific standard sections.

For example, a medical device manufacturer can still achieve ISO 13485:2016 certification despite not having Design and Development processes. The certificate will list the excluded sections that are not relevant to the manufacturer’s QMS.

Having ISO 13485:2016 certification allows companies to:

  • Demonstrate compliance with regulatory requirements
  • Ensure the establishment of QMS processes to manufacture safe and effective medical devices
  • Demonstrate validated processes to manage risk effectively
  • Gain a competitive advantage in the market

How To Be ISO 13485:2016 Certified?

Due to the complex certification process, this article will only provide a brief overview of how to become ISO 13485:2016 certified.

The first step is to choose a certification body. They audit medical device organizations and issue certificates proving that the QMS complies with the ISO 13485:2016 requirements.

Note that ISO is not involved in certification and does not issue certificates. So, it is important to check if the certification body uses relevant ISO’s Committee on Conformity Assessment (CASCO) standards and is nationally accredited to provide independent confirmation of competence.

You can contact your national accreditation body or visit the International Accreditation Forum (IAF) CertSearch to find an accredited certification body.

In the second step, the certification body evaluates medical device companies’ documents regarding the ISO 13485:2016 scope under which they wish to be certified in a Stage 1 audit.

If the certification body finds that the documents are compliant, it will conduct an on-site audit, also known as a Stage 2 audit.

Finally, the certification body will issue a certificate if the organization QMS complies with the ISO 13485:2016 requirements in the audited scopes.

Benefits of Being ISO 13485:2016 Certified

Here are some of the main benefits medical device organizations have from being ISO 13485:2016 certified.

Comply With Regulatory Requirements

If certified, you can prove compliance with a set of requirements of an international regulatory standard that reflects the QMS requirements of EU MDR and US FDA 21 CFR Part 820.

Attract New Customers

It improves the confidence of potential customers of your product when they acknowledge compliance and certification to the ISO 13485:2016 standard.

Become a Top Manufacturing Supplier

It is easier to be approved as a medical device manufacturing supplier since you can demonstrate validated quality processes.

Assess and Manage Risks Efficiently

The quality and safety of your medical devices are ensured through ISO 13485:2016 compliant processes being consistently followed by personnel. This way, non-conformances or risks can be detected and assessed more easily.

Improve Processes and Efficiency

By streamlining quality processes, you will reduce non-conformances and avoid rework, resulting in greater efficiency, cost savings, and ensuring continuous improvement.

Implement Evidence-Based Decision-Making

You are constantly provided with relevant and useful information from processes that help you make decisions in line with your goals.

The ISO 13485:2016 is a regulatory standard in the medical device industry. As mentioned above, it can speed up the MDR certification process regarding QMS requirements and might be aligned with FDA 21 CFR Part 820 in the future, adding even more benefits to achieving ISO 13485:2016 compliance and certification.

The Role of an eQMS in Supporting Compliance With the ISO 13485:2016 QMS Standard

Requirements for a QMS in the medical device industry are specified in the ISO 13485:2016. Companies can achieve compliance using paper-based, hybrid, or electronic QMS.

Small companies with sufficient resources can implement successful paper-based and hybrid QMS.

However, using a paper-based or hybrid QMS can present some challenges. Gathering all responsible personnel signatures can be time-consuming, and storing all the files requires a lot of physical space.

Implementing a digital solution to QMS is an important decision for a medical device company. With eQMS, you can easily streamline processes to save time and costs while improving efficiency.

SimplerQMS provides a complete eQMS software solution with all life science QMS modules. From document control and change control management to supplier management, audit management, and more.

SimplerQMS is a comprehensive eQMS platform that supports medical device companies achieving compliance with the ISO 13485:2016 while increasing efficiency and reducing costs.

If you are interested in identifying the value of an eQMS for your organization and presenting it to the decision-makers and stakeholders, download an eQMS business case template.

Downloadable eQMS Business Case Template Banner

Frequently Asked Questions About ISO 13485:2016

What Is the Current Version of ISO 13485?

The current version of the ISO 13485 standard is the ISO 13485:2016, published in March 2016. It is the third edition of the ISO 13485 that cancels and replaces previous versions.

It also summarizes the changes incorporated into the latest version compared with the previous one in Annex A.

Where is ISO 13485:2016 Compliance Required?

Compliance with the ISO 13485:2016 is required by medical device companies involved in the manufacturing of medical devices and related services.

Additionally, QMS that complies with the ISO 13485:2016 can be presumed to conform with QMS requirements in EU MDR and can be aligned with FDA 21 CFR Part 820 in the future.

Does the FDA Accept Compliance with ISO 13485:2016 QMS Requirements?

The FDA does accept compliance with the ISO 13485:2016 via the Medical Device Single Audit Program (MDSAP) regarding QMS requirements.

MDSAP allows a single regulatory audit of a medical device manufacturer to be valid across all program members: Australia, Brazil, Canada, Japan, and the United States.

Additionally, in February 2022, the FDA issued a proposed rule to align the QMS regulation, 21 CFR Part 820, with the ISO 13485:2016 standard. However, due to COVID-19, the decision was delayed and will be analyzed soon.

Who Enforces ISO 13485:2016 QMS Requirements?

The ISO 13485:2016 was created and issued by the International Organization for Standardization (ISO). ISO is an independent, non-governmental international organization with a membership of standards bodies from 167 countries.

ISO does not provide certification or conformity assessment. Medical device organizations need to contact an external certification body to be certified.

Authorized third-party certification bodies enforce the ISO 13485:2016 QMS requirements through audits. The certification is valid for three years.

Once your organization has received the ISO 13485:2016 certification, you will be regularly audited to ensure your compliance, usually once a year. Recertification audits are required as the 3-year validity expires.

What Is the Difference Between ISO 13485:2016 And EN ISO 13485:2016?

Both the ISO 13485:2016 and the EN ISO 13485:2016 are the same word-by-word standard. However, the European EN version has the Z annexes to compare sections where compliance with the international ISO 13485:2016 fails to address EU requirements adequately.

What Is the Difference Between ISO 9001:2015 And ISO 13485:2016?

The main difference between ISO 9001:2015 and ISO 13485:2016 QMS requirements is that the first is the internationally accepted standard for organizations in any type of industry.

On the other hand, the ISO 13485:2016 specifically addresses QMS requirements for medical device organizations and is a regulatory standard.

Final Thoughts

Medical device organizations must have a robust QMS to comply with Life Science regulations and standards, ensuring safe and effective devices are placed on the market.

The ISO 13485:2016 is a regulatory standard for medical device QMS. Manufacturers that comply with this standard demonstrate the ability to provide devices and related services that consistently meet customer and applicable regulatory requirements.

Using paper-based and hybrid QMS presents challenges, such as human errors, lost documents, time-consuming audits, the need for physical storage, and so on.

An alternative to these is eQMS. A digital solution helps medical device manufacturers to secure and store data in a cloud-based system, and streamline quality processes.

SimplerQMS Software provides a robust eQMS that complies with the ISO 13485:2016. We offer a complete solution with all core QMS modules, including document control, change management, training, audit management, risk management, CAPA, non-conformance, supplier management, and more.

Request a demo of the SimplerQMS solution and talk with our experts about streamlining your quality management processes and making ISO 13485:2016 compliance easier.

eQMS Business Case Template

Illustration of eQMS Business Case Template