Introduction to ISO 13485: Medical Device Quality Management System

Medical Device Quality Management System

What is ISO 13485?

The ISO 13485: Quality Management System for Medical Devices is an international standard that was specifically published to define the requirements of a quality management system for organisations within the medical device industry.

This covers processes spanning the entire product life-cycle, including design and development, production, warehousing, distribution, installation and servicing activities. Besides ISO 13485, US FDA 21 CFR Part 820 compliance is also mandatory for companies entering the United States market.

The framework of this quality management system focuses on the need to handle risk management, in line with ISO 14971. In addition, medical device software (both standalone and embedded ones) are to comply with IEC 62304.

Stendard Solution™-generated documents include details that meet all the ISO 13485, US FDA 21 CFR Part 820, ISO 14971 and IEC 62304 requirements.

Brief History of ISO 13485

The standard, officially known as the ISO 13485 Medical devices – Quality management systems – Requirements for regulatory purposes, was first published by  International Organization for Standardization (ISO) in 1996. The standard states the requirements of comprehensive quality management systems for the design and manufacture of medical devices products. Since then, it was revised twice in 2003 and 2016 respectively — with the latest being the 3rd edition ISO 13485:2016.

In 2012, as part of the harmonisation process with the European Union directives for the medical sector (93/42/EEC, 98/79/EC and 90/385/EEC), the EN ISO 13485: 2012 was released. Comparatively, there are no major differences with ISO 13485:2016, except for the Z-Annexes. As such, your notified body may require you to conform to both standards, especially if you need to meet regulatory compliance in the EU.

Comparing ISO 13485 to other Annex SL ISO standard

Despite being one of the Top 10 ISO standards being adopted by companies all over the world, ISO 13485 remains one of the hardest standards to conform with. Besides the stringency of the medical device industry, since it relates to the healthcare and medical sectors, the ISO 13485 does not follow the Annex SL framework. The Annex SL framework refers to the way a standard is being written. When a standard follows the Annex SL framework, the terminology, the way it is written and defined are mostly similar to one another.

Some of the famous standards following the Annex SL framework includes ISO 9001, ISO 14001, ISO 45001, ISO 22000 and ISO 27001. What this means is that a large majority group of consultants, experts and certification body auditors familiar with the Annex SL standards, would still find ISO 13485 hard to implement, to correct gaps and to audit.

Difference between ISO 13485 and ISO 9001

To add to the challenge, the most commonly adopted ISO standard — the ISO 9001 standard is also known as a Quality Management System, though the ISO 9001 standard applies to many other industries, including construction, engineering, manufacturing, hotels & hospitality, just to name a few. Being the number 1 most popular standard being certified to, anyone in this industry would be familiar with the ISO 9001 standard or have worked with an organisation with the ISO 9001 certification. This greatly impacts the impression that the ISO 13485 standard is very similar in nature, which is far from the truth due to the differences in structure and framework of the standard.

Looking deeper into their differences, the ISO 9001 requirements are set towards ensuring that your organisation put more focus on achieving customer satisfaction, while ISO 13485 puts a lot more emphasis on patient safety during the usage of the medical devices, and greater efficacy in the results of diagnosis for example. In addition, ISO 9001 now requires the product manufacturers to focus on continuous improvement, while ISO 13485 requires the company to demonstrate implementation and consistent maintenance of the quality management system.

Challenges of the ISO 13485 certification

In terms of documentation, based on our experiences in setting up the Quality Manual, Procedures, Form templates and Work Instructions, the amount of ISO 13485 documentation is on average more than twice of those needed for ISO 9001, though the number of documents may differ between different companies and should not be a definitive gauge towards actual compliance.

Lastly, the ISO 13485 has got more requirements for the management of risk. The companies need to show how risk management principles are incorporated into the entire product realisation and post-market feedback. This also includes additional regulatory requirements with regards to complaint handling, regulatory notifications and post-market surveillance.

As you can see now, the amount of knowledge and stringency required of an ISO 13485 consultant and certification body is of a different scale altogether and should not be compared against ISO 9001. Because of this, our team also pays a lot more attention to the training of your organisation’s management and team members before jumping right into the set-up, implementation and improvement work in the lead up towards a certification audit.

Potential benefits for organisations with ISO 13485 certification

The most tangible benefit of the ISO 13485 certification is access to markets. In most countries, the lack of this certification means that the company cannot operate in the sector of medical device industry, and the products would not be able to be marketed for the same reason. That usually forms the largest barrier to market entry.

If that is not already the most obvious benefit, companies with the ISO 13485 certification can also:

  • Meet customer requirements and increase customer satisfaction, through quality systems, meet product requirements and brand reputation;

  • Meet the requirements of an applicable statutory and regulatory requirement;

  • Address product requirements, product quality and product safety without losing focus on business operations;

  • Improve clarity on management responsibility, decision making processes;

  • Provide guidance towards proper resource management, including the people, infrastructure, processes involved, and overall work environment; and

  • Show commitment and focus towards patient safety.

Why Work With Stendard?

As we have mentioned earlier, we put a lot of focus on the training of your team to ensure that everyone knows what the entire certification process is like, and what the requirements are under the ISO 13485, and other associated standards and regulations. 

Our step-by-step process:

  • Understanding your medical devices products and/or services and identifying the needs for additional standards like ISO 14971 (Application of risk management for medical devices) and IEC 62304 (for medical devices software life cycle)

  • Providing a detailed walkthrough of your certification journey towards the end goal of achieving ISO 13485 certificate;

  • Crafting the quality objectives, quality policy, quality manual and all related procedures, forms templates and records together with your team;

  • Ensuring good design and development work, all the way through production and manufacturing processes;

  • Ensuring that your outsource partners and distribution channels are well-managed and conforming to ISO 13485 requirements too;

  • Ensuring the competency of your management and team, which includes the conduct of e-learning courses and physical training courses;

  • Explaining the auditable requirements of ISO 13485;

  • Performing internal audits with your departments, gearing your team up towards third party audits; and

  • Recommending your team to third-party certification bodies.

Related Resources

Find out all the details you need to know about ISO 13485 Certification.

Learn general and in-depth concepts of ISO 13485 online.