Get 4 FREE months of Conformio to implement ISO 27001

What is ISO 13485?

ISO 13485 is an international standard that outlines the requirements for a Quality Management System in the medical device industry. This standard is specific to medical devices and covers the entire life cycle of a device, from design and development to production, installation, and servicing. It is intended to ensure that medical devices are safe and effective for their intended use. Compliance with ISO 13485 is often required for regulatory approval of medical devices in many countries around the world. The standard is designed to be flexible and scalable, allowing it to be adapted to the needs of organizations of all sizes and types within the medical device industry. Learn more about ISO for medical devices in this thorough ISO 13485 overview.

What is ISO 13485? - 13485Academy
What is ISO 13485? - 13485Academy
What is ISO 13485? - 13485Academy
The basics

What is the purpose of ISO 13485?

Let’s start with the ISO 13485 definition. ISO 13485 is the medical device industry’s most widely used international standard for quality management. Issued by the International Organization for Standardization (ISO), the ISO 13485 standard is an effective solution to meet the comprehensive requirements for a Quality Management System in the medical device industry. Here is more about ISO 13485 as the leading ISO standard for medical devices.

Adopting ISO 13485 provides a practical foundation for manufacturers to address the EU Medical Device Regulation (MDR), and other regulations, as well as demonstrate a commitment to the safety and quality of medical devices.

Starting with management support and identifying the customer requirements for the QMS, you will need to start developing documentation including the Quality Policy, Quality Objectives, and Quality Manual. Together, these define the overall scope and implementation of the Quality Management System. Along with these, you will need to create the mandatory and additional processes and procedures necessary for your organization to properly create and deliver your product or service.

For a good explanation on this, take a look at the article List of mandatory documents required by ISO 13485:2016. Every year, the ISO organization conducts a survey of certifications to its management system standards.

The ISO survey counts the number of certificates issued by certification bodies accredited by members of the International Accreditation Forum (IAF). In 2021, the total number of valid certificates for ISO 13485 worldwide was 27,229, while in 2020, there were 25,656. Data is taken from the 2021 ISO Survey.

Why is ISO 13485 important?

ISO 13485 is important for medical device manufacturers because it provides a framework for ensuring that their products consistently meet regulatory and customer requirements. Compliance with this standard demonstrates a company's commitment to producing safe and effective medical devices. It also helps companies meet regulatory requirements in many markets around the world. ISO 13485 can help companies identify and mitigate risks associated with the design, development, and production of medical devices. Finally, it can help companies improve their processes and increase efficiency, leading to better products and higher customer satisfaction.

What is the current version of ISO 13485?

The latest revision of ISO 13485 for ISO medical devices is from March 2016. Among the additions to this update are included: a focus on risk, clarification of management responsibilities, clarification of training responsibilities, improvement to the facility requirements, better alignment of design and development requirements to many regulations, more emphasis on control of suppliers, requirements for traceability procedures, addition of complaint handling, and enhancement of product cleanliness requirements. See all the changes here: Infographic: What’s new in the 2016 revision of ISO 13485.

The ISO 13485:2016 standard aligns with the previous version of ISO 9001, ISO 9001:2008. ISO 9001 is an internationally recognized standard for Quality Management Systems (QMS), which is published by ISO (the International Organization for Standardization). Its requirements are recognized around the world as an acceptable basis for implementing a QMS. Although the ISO 13485:2016 standard came out after the major update of ISO 9001:2015, the ISO 13485 standard does not align with this new revision of ISO 9001. Instead, it was determined that the most recent changes in ISO 9001:2015 were not necessary for medical devices.

Requirements & structure

The eight sections of ISO 13485

ISO 13485:2016 specifies requirements for a Quality Management System to produce ISO medical devices and related services that consistently meet customer and applicable regulatory requirements. Requirements of ISO 13485:2016 are applicable to organizations regardless of their size and regardless of their type, except where explicitly stated. Wherever requirements are specified as applying to medical devices, the requirements apply equally to associated services supplied by the organization.

The ISO 13485 structure is split into eight sections:

  1. Scope
  2. Normative references
  3. Terms and definitions
  4. Quality management system
  5. Management responsibility
  6. Resource management
  7. Product realization
  8. Measurement, analysis and improvement

The first three sections are introductory, and the last five contain the mandatory requirements for the Quality Management System. Here is what the five main sections are about:

Clause 4 – Quality Management System (“Intersection”). Clause 4 targets two very specific aspects of a Quality Management System: General Requirements and Documentation Requirements.

General Requirements. In evaluation of any ISO standard, there are a few systematic requirements that are the driving force for establishment and implementation of a Quality Management System. The requirements specific to ISO 13485 include the following:

  1. Adhere to the standard.
  2. Document what needs to be documented.
  3. Maintain what is required of you.
  4. Have written procedures in place and ensure the effectiveness of the system that you implement.
  5. Consider the risk factors in all activities.
  6. Introduce steps to minimize the risks identified, and aim to not cause catastrophic events.
  7. Identify how things should be done to generate your medical device, and stick to those processes.
  8. Determine ways to track your activities, correct any process failures or oversights, and generate records to show all the activities are being done.
  9. Determine the requirements that you are legally bound to, and follow them!
  10. Even when outsourcing work, ensure you maintain responsibility for that work.
  11. Any systems used in your manufacturing processes should be confirmed to ensure they work as intended and don’t negatively affect your processes.

Documentation Requirements. Most quality systems require a key component, a Quality Manual. Beyond the Quality Manual, an organization should determine the promise that they will make to ensure an environment and culture that can be consistent with putting quality first in all activities. This commitment can be captured with a policy or objective statement. The standard includes very specific requirements for both procedures and records, each of which must be fulfilled:

  1. Medical device creation should be accompanied by a file that includes product specifics and guidance on intended use.
  2. Plan for controlling documents.
  3. Plan for controlling records.

Clause 5 – Management Responsibility (“Highway”). Management must demonstrate their commitment by showing they can be held accountable for the operations within their organization. They have to ensure that their focus does not deter from the needs of the end user, and that all laws are followed in the manufacturing process. Management has an absolute responsibility to support the quality policy, confirm its alignment with the laws of the country of work, and communicate the mission to employees. They have a responsibility to plan, delegate authority, and communicate effectively. They are also responsible for a periodic review of operations and improvement within the organization, known as the Management Review.

Clause 6 – Resource Management (“Roadway”). Top management has a responsibility to ensure that the Quality Management System is compliant with ISO 13485 and adheres to local regulatory requirements. As a requirement within ISO 13485, top management must ensure that adequate resources are available to perform the work promised by the organization. Providing resources can refer to personnel, infrastructure, consumables, equipment, succession planning, and risk aversion. This can be as specific as controlling the daily workflow to prevent contaminants or ensuring that operations are seamless in years to come with an awareness of looming retirements. This commitment from management, although it may seem minimal, is critical to the organization’s success in medical device manufacturing and is required according to Clause 6.

Clause 7 – Product Realization (“Overpass”). An organization must plan for the journey from conceptualization to implementation. This can include developing a process for documenting how thoughts are initiated, concepts are verified, and products are designed and developed, as well as how to verify and validate to fulfill the requirements for ISO 13485, Clause 7. Communication is critical for the design and development of the device.

The key is to follow the process from planning to inputs, outputs to review, onward to verification, followed by confirmation through validation. Transferring ideas, controlling the design, documenting any required changes, and retaining any and all files included in the process is critical in product realization. Defining and tracking supplies, retaining critical information associated with each product, and determining how to verify these products should be clearly documented within a procedure.

Monitoring each part of the process involves ensuring cleanliness, monitoring installation, performing the necessary service, and fulfilling the requirements specific to medical devices. Effectively monitoring and maintaining equipment, as well as ensuring that identification requirements are met for the device itself, are also components of product realization. Lastly, monitoring the effectiveness of the product as it relates to traceability, managing customer property, and ensuring preservation of product will help achieve compliance with ISO 13485.

Clause 8 – Measurement, Analysis and Improvement (“Bridge”). Now that your product has been manufactured and has been released for general use, you kind of have a responsibility to ensure that the people have what they want. So, how do you accomplish that? It’s simple: you seek feedback. According to Clause 8, development of a procedure for effectively monitoring and measuring product success must include:

  • handling complaints
  • reporting events to regulatory authorities
  • undergoing internal evaluations through auditing
  • continual process and product evaluation internally
  • identifying and controlling products that don’t meet the original design requirement (nonconforming product)
  • analyzing data generated and continually improving the process

These sections are based on the Plan-Do-Check-Act cycle, which uses these elements to implement change within the processes of the organization in order to drive and maintain improvements within the processes. To learn how to implement the ISO 13485 requirements and get certified, read this article: How to get ISO 13485 certified?

ISO 13485 vs. other standards

What is the difference between ISO 13485 and EN ISO 13485?

As stated above, ISO 13485 is an internationally recognized standard set of requirements issued by the International Organization for Standardization (ISO) to create a Quality Management System for those in the medical device industry. The ISO standard includes all of the requirements that are needed to create a QMS to demonstrate your ability to provide medical devices that consistently meet the requirements of customers and regulators. EN ISO 13485 is a parallel standard that is issued in the European Union for the purpose of creating a QMS in the medical device industry for use in the European Union.

The requirements of these two standards are identical, and the entirety of the ISO 13485:2016 standard is included in the EN ISO 13485:2016 document. However, the European version of the standard (EN ISO 13485) also includes several invaluable tables that align the ISO 13485:2016 requirements to the three EU directives for medical devices (EU directive 90/385/EEC, EU directive 93/42/EEC, and EU directive 98/79/EC). This makes it easy to see how implementing the ISO 13485:2016 standard will help you to meet these particular EU directives. With the release of the European Union Medical Device Regulation (EU MDR) in May 2017, which supersedes these previous directives, it is expected that a new version of EN ISO 13485 will be released showing closer alignment with the EU MDR.

ISO 13485:2016 vs 13485:2012

The European standard, EN ISO 13485:2012 Medical Devices - Quality Management Systems - Requirements for Regulatory Purposes, has been published, after approval by CEN on January 24, 2012. This replaces EN ISO 13485:2003, although the text of the global standard ISO 13485:2003 is unchanged, only the foreword and annexes in the European version have been revised. Therefore, there is no different requirements in ISO 13485:2012 compared to ISO 13485:2003.

What is ISO 13485? - 13485Academy


To identify new requirements of ISO 13485:2016 vs. 13485:2003, at the end of the new ISO 13485:2016, in Annex A. there is a table: Comparison of content between ISO 13485:2003 and ISO 13485:2016, where you can see all new requirements and differentiation between these two versions. To learn more, read this article: List of mandatory documents required by ISO 13485:2016 or download the free matrix ISO 13485:2016 vs. ISO 13485:2003.

What is the difference between ISO 9001 and ISO 13485?

Even though ISO 13485:2016 is a stand-alone standard, it is based on ISO 9001:2008, as mentioned above. So, while ISO 9001 is an internationally recognized standard for any organization in any industry, the ISO 13485 standard includes additional requirements that are specific for companies that manufacture ISO medical devices. To learn more about how these two standards compare, read this article: Similarities and differences between ISO 9001:2015 and ISO 13485:2016.

Is ISO 13485 mandatory?

The short answer is no, ISO 13485 is not mandatory. You can create a QMS that suits your needs for your organization, so long as the processes of the QMS meet the legal and regulatory requirements for medical devices where you intend to manufacture and sell them. Even though ISO 13485 is not required for EU MDR compliance, the EU MDR regulation requires that you have a QMS in place, and the ISO 13485:2016 standard is the only QMS standard listed in the EU list of harmonized standards, so most companies will use the ISO 13485 requirements to implement their QMS.

The reference to ISO 13485 on the EU list of harmonized standards indicates that the EU understands that, by implementing the ISO 13485 requirements, all of the EU MDR QMS requirements will be met. Learn more here: How can ISO 13485 help with MDR compliance?

By using the ISO 13485 requirements to create your QMS, you can ensure that you have a world-class system for meeting the needs of customers and legislators for your medical devices. ISO 13485 provides you with more than the bare minimum to meet a legal requirement; it provides a whole system that is devoted to helping you make your quality processes better.

For deeper insight into ISO 13485, download this free white paper: Clause-by-clause explanation of ISO 13485:2016.

Advisera Mark Hammar
Mark Hammar
Mark Hammar is a Certified Manager of Quality / Organizational Excellence through the American Society for Quality and has been a Quality Professional since 1994. Mark has experience in auditing, improving processes, and writing procedures for Quality, Environmental, and Occupational Health & Safety Management Systems, and is certified as a Lead Auditor for ISO 9001, AS9100, and ISO 14001.