ISO 13485:2016 defines quality management system (QMS) requirements for organizations producing medical devices. Based on ISO 9001, the ISO 13485 standard is a stand-alone document with specific requirements for medical device manufacturers, including a greater focus on risk management and additional documentation requirements.
Note that this standard is based on ISO 9001:2008, not the more recent ISO 9001:2015, because of the focus on customer satisfaction and continuous improvement in the newer ISO standard.
Globally, ISO 13485 is the most common regulatory standard addressing quality management systems for medical devices. The standard is focused on QMS effectiveness and meeting regulatory and customer requirements. For a good source of additional information, and step-by-step implementation guidance, see ISO 13485:2016 – Medical devices – A practical guide, published by the committee that drafted the standard.
Compliance with ISO 13485 is required of most medical devices by all European Union members, UK, Canada, Japan, Australia, and many other countries. ISO 13485 is the quality standard accepted as the basis for CE marking in the EU. Medical devices marketed in the United States, however, must meet the requirements of the FDA’s Quality System Regulation (QSR), which is sometimes referred to as Current Good Manufacturing Practice (CGMP).
An audit of an organization’s QMS by an independent certifying body or registrar is required to demonstrate compliance with the ISO 13485 standard.
While the QSR and ISO 13485 are structured differently, they have no conflicting requirements. Currently, companies who are marketing a medical device in the U.S. and in other markets, will need to comply with both ISO 13485 and the FDA’s QSR, as defined in 21 CFR 820.
However, the FDA is moving towards harmonizing these standards and on February 23, 2022 issued a proposed rule to amend the QSR to align more closely with the international consensus standard for Quality Management Systems, primarily by incorporating reference to the ISO 13485 standard. The FDA has published FAQ’s about the proposed rule.
On September 9, 2021, the European standardization bodies CEN and CENELEC published the 2021 amendment, EN ISO 13485:2016+A11:2021, “Medical devices. Quality management systems . Requirements for regulatory purposes”, featuring new annexes ZA and ZB that link the requirements of the Medical Device Regulation (MDR, EU 2017/745) and the In Vitro Diagnostics Regulation (IVDR, EU 2017/746), respectively, to specific clauses of the standard. Note that EN ISO 13485 is a parallel standard issued by the European Union, which is identical in its requirements to the ISO 13485 international standard, with the exception of the new annexes.
ISO 13485 contains eight sections. This article focuses on the last five sections as the first three are introductory, and include scope, definitions, and other general information.
Quality Management System (Clause 4)
Management Responsibility (Clause 5)
ISO 13485 details specific responsibilities that must be demonstrated by the management team of the organization implementing this standard. In general, Management must ensure that the organization is committed to the quality policy by:
Resource Management (Clause 6)
An organization’s top management must provide the necessary resources to ensure compliance with ISO 13485. It is not enough to put a quality system in place, it must be supported throughout the organization. Management must allow the proper resources to be assigned to quality system activities by providing proper personnel, infrastructure, tools and equipment, succession planning, and risk aversion planning.
Product Realization (Clause 7)
The process of developing a new product includes everything from the original conceptualization through design and implementation. This clause of ISO 13485 places importance on communication and processes throughout the entire product life cycle. An organization with a strong quality system in place will have processes that detail how they capture initial ideas and requirements, plan and develop the product, and monitor customer use.
Measurement, Analysis, and Improvement (Clause 8)
ISO 13485 also stresses the importance of following your product once it is released by tracking customer feedback and then monitoring and measuring product performance by:
ISO 13485 is the international standard for quality management systems within the medical device industry. Implementing this standard is not only required for market entry in the EU and other countries, but provides a solid foundation for quality throughout your product’s full life cycle.