Introduction to ISO 13485 for Medical Devices

by

The medical device industry is a highly regulated and closely monitored sector where various guidelines and regulatory standards must be adhered to.

ISO 13485 for Medical Devices

ISO 13485 is a medical device-specific Quality Management System that defines the design, manufacture, and monitoring of medical devices for safe and effective product delivery.

Overview of the ISO 13485 Standard

ISO 13485:2016 (latest revision) is an international standard for organizations that design, develop, and manufacture medical devices. It specifies QMS requirements for organizations involved in medical devices from design and development to production, installation, servicing, and even the services and software they provide. Safety, efficacy, and risk management are the major focus of this standard to minimize risks while using medical devices. ISO 13485 ensures compliance with global medical device regulations like FDA QSR and EU MDR. It is a global standard that is recognized in almost every country worldwide and provides global market access to medical products, ensuring constant quality.

Importance in the Medical Device Industry

The major importance of ISO 13485 in the medical device industry is:

  • It builds credibility and provides trust to consumers and regulators about the consistent design, production, and delivery of safe and effective devices.
  • It ensures patient safety and health as it has a stringent framework for safety and effectiveness and a risk-based standard to mitigate risk.
  • It is a cornerstone for global and regional regulatory harmonization and it eases global market access. 
  • It ensures traceability for medical devices and monitoring devices in the market by post-market surveillance.

Key Differences Between ISO 13485 and ISO 9001

  • ISO 13485 and ISO 9001 are both QMS; however, they differ in their focus. ISO 13485 is specifically designed for the medical device industry, whereas ISO 9001 is generic and business-oriented. 
  • ISO 13485 has a stronger emphasis on safety, regulatory compliance, and risk management throughout the device lifecycle. 
  • ISO 13485 includes market surveillance after release of the product and feedback management, which is not stated in ISO 9001.
  • ISO 13485 has more prescriptive requirements for documentation, traceability, sterile products, and design controls than ISO 9001. 

Structure and Core Requirements (Clauses 4-8)

ISO 13485:2016 follows a structured clause layout. It consists of 8 sections, where the first 3 are introductory, and Clauses 4-8 are mandatory requirements as stated for QMS. The sections include: 1) Scope, 2) Normative references, 3) Terms and definitions, 4) Quality Management System, 5) Management responsibility, 6) Resource management, 7) Product realization, and 8) Measurement, analysis, and improvement.

The clauses 4-8 are the core and auditable requirements for compliance, which are described briefly below:

  • Clause 4: Quality Management system – This clause establishes general and documentation requirements to be fulfilled by organizations, such as documentation, records, and document control, to ensure proper implementation of QMS.
  • Clause 5: Management responsibility – This focuses on the commitment and accountability of top management of the organization to operations, Quality policy, quality objectives, planning, and procedures to meet consumer needs. 
  • Clause 6: Resource management – It ensures that sufficient resources are available in the organization for QMS to function effectively. Resources include trained and competent personnel, equipment, infrastructure, and a work environment, among others. 
  • Clause 7: Product realization – This is an extensive clause covering the product lifecycle from conceptualization to design and development to final product verification. It includes proper documentation and record-keeping at every step, as well as the traceability of components and validation of the effectiveness of production processes.
  • Clause 8: Measurement, Analysis and improvement – It includes monitoring of manufactured products by measurements, internal audits to verify compliance, handling customer complaints, managing non-conformities, and CAPA. It focuses on continual improvement of process and product to mitigate risk. 

Role in the Medical Device Single Audit Program (MDSAP)

The Medical Device Single Audit Program (MDSAP) was developed by the International Medical Device Regulators Forum to allow a single regulatory audit to satisfy QMS. It uses ISO 13485 as its core QMS and allows one audit to cover 5 member countries, i.e., the US, Canada, Australia, Brazil, and Japan. MDSAP layers specific regulatory requirements of each member country on top of the ISO standard; however, ISO 13485 is the common thread in this process. 

Harmonization with US FDA (21 CFR Part 820)

FDA’s Quality System Regulation (QSR, 21 CFR 820) and ISO 13485 have similar expectations regarding design controls, production, CAPA, and documentation. Comparison shows that both treat nonconforming product control and CAPA as core requirements for patient safety as well as continual improvement.

Regulatory Compliance in Canada (Health Canada) and Australia (TGA)

Both Canada and Australia recognize ISO 13485 along with their regulations, i.e., Health Canada and TGA, respectively. Canada has directly tied its medical device licensing to ISO 13485- based audits. Now, it has also associated with MDSAP, and manufacturers must maintain a compliant QMS for licenses. Australia also recognizes ISO 13485-based QMS, including MDSAP certificates, as part of conformity assessment. TGA uses its design and manufacturing controls for regulatory assurance as well. 

Post-Brexit Context: UKCA and MHRA Requirements

After the Brexit period, the UK operates its own regulatory framework separate from the EU, overseen by the Medicines and Healthcare products Regulatory Agency (MHRA). Now it requires UK Conformity Assessed (UKCA) instead of or alongside CE marking. Even though detailed future alignment is evolving, ISO 13485 can be expected to remain central in UK conformity regulation, as it is in many notified bodies and regulators of other countries. ISO 13485 remains a prerequisite for licensing in many strictly regulated areas.

Risk Management Integration (ISO 14971)

ISO 14971 – Application of risk management to medical devices is an international standard for risk management throughout the product lifecycle. The primary objective is to ensure that risks are systematically identified, evaluated, and controlled. It promotes a risk-based approach and ensures residual risk acceptability.  Regulators in Europe make ISO 14971 mandatory, and the FDA considers it acceptable. This standard provides the framework that runs throughout the product lifecycle, encompassing risk analysis, risk evaluation, risk control, residual risk evaluation, risk management reports, and production and post-production feedback. ISO 13485 also requires risk management to be applied; however, ISO 14971 provides methodology and vocabulary to achieve effective risk management. Integration of ISO 14971 with ISO 13485 is the best approach for medical device manufacturers.

Steps to Achieving Certification

The step-by-step process for achieving certification is very lengthy. For understanding purposes, the process broadly consists of the following steps:

  • Gap analysis by comparing current practices against ISO 13485:2016 to identify where improvements need to be implemented. 
  • Defining the scope of the processes the QMS will cover, such as which sites, products, etc. 
  • Designing QMS and documentation, including Quality manual, well-defined standard operating procedures (SOPs), records, and validation where required.
  • Training of personnel and management to implement new processes in the operational area. 
  • Internal audit to verify the effectiveness of applied changes in the system or the system’s effectiveness itself and identify non-conformities.
  • Management review of audit results and QMS performance by top management to check effectiveness and readiness.
  • Corrective and preventive actions (CAPA) on identified gaps, addressing all the findings from gap analysis.
  • External certification audit, which happens in two stages, where firstly, documentation is reviewed by the certification body, and then an on-site audit is conducted to verify implementation. 
  • Certification is finally issued after successful completion of the above processes, followed by periodic surveillance audits. 

Organizations often start with ad hoc practices; however, the use of maturity models and structured assessment methodologies helps them to move towards an optimized, compliant QMS and to successful FDA approvals. 

Conclusion

In conclusion, ISO 13485:2016 serves as a global standard for medical devices to achieve regulatory compliance. It has been closely harmonized with programs like MDSAP and aligns closely with FDA QSR, EU MDR, and other nation-specific regulators. For manufacturers it is very useful to integrate this robust QMS (ISO 13485) and risk management (ISO 14971) for continual improvement and meet compliance obligations. This drives manufacturers to produce better products, improve patient safety, and provide easy access to global markets.

References

  1. Aggarwal, S. (2016). Maintaining Regulatory Compliance in Medical Devices through ISO 13485 and 14971. Cancer Therapy & Oncology International Journal, 2(3). https://doi.org/10.19080/CTOIJ.2016.02.555589 
  2. (2018). ISO 13485: Medical devices – quality management systems – requirements for regulatory purposes.
  3. Jadhav, N. M., & Shendge, R. S. (2024). ISO 13485:2016 – The Gateway of Global or Regional Harmonization for Medical Device Regulations. INTERNATIONAL JOURNAL OF PHARMACEUTICAL QUALITY ASSURANCE, 15(01), 502–511. https://doi.org/10.25258/ijpqa.15.1.76
  4. Linders, P. W. J. (n.d.). ISO 13485: Challenges in Achieving High-Level Structure Compliance.
  5. Pacheco, D. A. de J., Bonato, S. V., & Linck, W. (2025). Advancing quality management in the medical devices industry: Strategies for effective ISO 13485 implementation. International Journal for Quality in Health Care, 37(1), mzaf004. https://doi.org/10.1093/intqhc/mzaf004 
  6. Ramos, J., Rodríguez, A., & Camacho, H. (2021). Quality management of medical devices. ISO 13485 Implementation Guide. SIGNOS – Investigación en sistemas de gestión. https://doi.org/10.15332/24631140.6663.

About Author

Photo of author

Liza Bhusal

Liza Bhusal is a microbiology graduate with a strong foundation in laboratory science, quality control, and applied microbiological analysis. She is currently doing her M.Sc. in Microbiology at GoldenGate International College and completed her Bachelor of Science degree in Microbiology from GoldenGate International College, Tribhuvan University, where her coursework covered medical microbiology, molecular biology, immunology, genetics, biostatistics, and microbial physiology. Her academic project focused on the microbiological analysis of the external auditory canal in healthy individuals with varying hygiene and earphone use habits. Liza previously worked as a Quality Control Technician at the Fred Hollows Intraocular Lens Laboratory, Tilganga Eye Center. In this role, she performed routine quality inspections of intraocular lenses, ensuring compliance with ISO 13485 standards and internal quality systems. Her responsibilities included defect identification, documentation of test results, calibration support, and collaboration with production and quality assurance teams to address nonconformities and support continuous improvement. Her technical skills include aseptic technique, microbial culturing, staining, microscopy, biochemical testing, GMP-aligned workflows, and audit-ready documentation. She also holds certification in Good Clinical Laboratory Practice and has basic training in digital marketing and data handling tools. Through Science Info, Liza contributes clear, structured, and quality-focused articles that reflect practical laboratory science, microbiology fundamentals, and the importance of standardization in research and healthcare settings.

Leave a Comment