ISO 13485 overview - quality management requirements for medical device companies

Wendy Levine
March 29, 2022
ISO 13485 overview - quality management requirements for medical device companies

What is ISO 13485?

ISO 13485:2016 defines quality management system (QMS) requirements for organizations producing medical devices. Based on ISO 9001, the ISO 13485 standard is a stand-alone document with specific requirements for medical device manufacturers, including a greater focus on risk management and additional documentation requirements.  

Note that this standard is based on ISO 9001:2008, not the more recent ISO 9001:2015, because of the focus on customer satisfaction and continuous improvement in the newer ISO standard. 

Globally, ISO 13485 is the most common regulatory standard addressing quality management systems for medical devices. The standard is focused on QMS effectiveness and meeting regulatory and customer requirements. For a good source of additional information, and step-by-step implementation guidance, see ISO 13485:2016 – Medical devices – A practical guide, published by the committee that drafted the standard.

Where is ISO 13485 compliance required?

Compliance with ISO 13485 is required of most medical devices by all European Union members, UK, Canada, Japan, Australia, and many other countries. ISO 13485 is the quality standard accepted as the basis for CE marking in the EU.  Medical devices marketed in the United States, however, must meet the requirements of the FDA’s Quality System Regulation (QSR), which is sometimes referred to as Current Good Manufacturing Practice (CGMP).

An audit of an organization’s QMS by an independent certifying body or registrar is required to demonstrate compliance with the ISO 13485  standard.

ISO 13485 vs FDA QSR

While the QSR and ISO 13485 are structured differently, they have no conflicting requirements. Currently, companies who are marketing a medical device in the U.S. and in other markets, will need to comply with both ISO 13485 and the FDA’s QSR, as defined in 21 CFR 820. 

However, the FDA is moving towards harmonizing these standards and on February 23, 2022 issued a proposed rule to amend the QSR to align more closely with the international consensus standard for Quality Management Systems, primarily by incorporating reference to the ISO 13485 standard. The FDA has published FAQ’s about the proposed rule.

On September 9, 2021, the European standardization bodies CEN and CENELEC published the 2021 amendment, EN ISO 13485:2016+A11:2021, “Medical devices. Quality management systems . Requirements for regulatory purposes”, featuring new annexes ZA and ZB that link the requirements of the Medical Device Regulation (MDR, EU 2017/745) and the In Vitro Diagnostics Regulation (IVDR, EU 2017/746), respectively, to specific clauses of the standard. Note that  EN ISO 13485 is a parallel standard issued by the European Union, which is identical in its requirements to the ISO 13485 international standard, with the exception of the new annexes.

ISO 13485 requirements

ISO 13485 contains eight sections. This article focuses on the last five sections as the first three are introductory, and include scope, definitions, and other general information.

Quality Management System (Clause 4)

  • General requirements: General requirements set forth the overarching requirements for the implementation of a quality management system, including an adherence to the standard and the commitment to having written procedures around documentation and risk management—along with the assurance that those procedures are being followed.
  • Documentation requirements: ISO 13485 documentation requirements include the creation of a quality manual, or its equivalent. In addition, this clause specifies unique record requirements for medical device manufacturers, including; product specifications and guidance on intended use, a document control plan that ensures document integrity, and a record control plan that ensures the security and authenticity of the data in the system.

Management Responsibility (Clause 5)

ISO 13485 details specific responsibilities that must be demonstrated by the management team of the organization implementing this standard. In general, Management must ensure that the organization is committed to the quality policy by:

  • Focusing on the end user and ensuring that they have the tools they need to adhere to the standard.
  • Ensuring that all rules are followed during the manufacturing process.
  • Communicating to employees the importance of quality policies and procedures, and affirming Management's commitment to the system.
  • Delegating authority as necessary to ensure the implementation of and adherence to the quality plan.
  • Performing periodic reviews of the quality system and implementing any necessary improvements (Management Review).

Resource Management (Clause 6)

An organization’s top management must provide the necessary resources to ensure compliance with ISO 13485. It is not enough to put a quality system in place, it must be supported throughout the organization. Management must allow the proper resources to be assigned to quality system activities by providing proper personnel, infrastructure, tools and equipment, succession planning, and risk aversion planning. 

Product Realization (Clause 7)

The process of developing a new product includes everything from the original conceptualization through design and implementation. This clause of ISO 13485 places importance on communication and processes throughout the entire product life cycle. An organization with a strong quality system in place will have processes that detail how they capture initial ideas and requirements, plan and develop the product, and monitor customer use.

Measurement, Analysis, and Improvement (Clause 8)

ISO 13485 also stresses the importance of following your product once it is released by tracking customer feedback and then monitoring and measuring product performance by:

  • Managing complaints.
  • Making appropriate notifications and reports to regulatory authorities.
  • Identifying and addressing any nonconforming products.
  • Continually monitoring product performance and working to improve processes.

The importance of ISO 13485

ISO 13485 is the international standard for quality management systems within the medical device industry. Implementing this standard is not only required for market entry in the EU and other countries, but provides a solid foundation for quality throughout your product’s full life cycle.

Additional information on Rimsys standards management can be found here.

Similar posts

 Introducing Rimsys Intel: A Free, Centralized Global Regulatory Intelligence Hub for Medtech
Introducing Rimsys Intel: A Free, Centralized Global Regulatory Intelligence Hub for Medtech
Evolving global cybersecurity regulations: Challenges and opportunities for medtech teams
Evolving global cybersecurity regulations: Challenges and opportunities for medtech teams
Quick reference guide - global medical device UDI requirements and timelines
Quick reference guide - global medical device UDI requirements and timelines