Take the ISO 13485 course exam and get the
ISO 9001 exam for free

ISO 13485 & MDR Knowledge base

Checklist of ISO 13485 implementation steps

Now that your company is thinking about implementing a QMS (Quality Management System) and getting certified against ISO 13485, you may be wondering about where – and how – to get started. To get you going on the right track, I’ve compiled this list of the 12 steps you need to take so that you don’t miss anything as you work through your implementation and get ready for certification.

1) Get management support. This step is number one for a reason: without management support, your ISO 13485 implementation project is doomed to failure (if it gets started at all). You’ll need to craft a well-though-out presentation outlining the benefits your company can realize through ISO 13485 implementation, and get your management team on board right from the start. To help you get organized, check out this article on Six Key Benefits of ISO 13485 Implementation.

2) Identify requirements. The next critical step toward a successful implementation is making sure that you ascertain all the requirements you need to satisfy with your QMS. Such requirements usually include legal and regulatory requirements, customer requirements, and other requirements depending on your company’s needs and culture.

3) Define the scope. You want to avoid applying the QMS to areas of your business that don’t pertain to quality, but you don’t want to make the scope so narrow that the company sees no benefit. When you define your QMS scope, you will have a better idea of what needs to be done, and the boundaries of your implementation. Your best tools to help you with scope definition are the quality policy and quality manual, so these need to be the first documents you develop for your QMS.

4) Define processes and procedures. The ISO 13485 standard defines certain mandatory procedures that must be part of your QMS, but you will also need to determine what processes and procedures within your company must be defined in order to ensure adequate and consistent quality. The first thing to do is to define all of your company’s processes, and then see how they interact with each other. These interactions are often where problems become evident.

5) Implement processes and procedures. For most companies, all that needs to happen is the documentation of existing processes and procedures to ensure consistent quality that meets requirements. You don’t have to document every process, but you do need to decide which processes need a documented procedure in order to guarantee consistency in the quality of products and services. For more explanation, see Mandatory Documentation Required by ISO 13485:2016.

6) Deploy training and awareness programs. It is vital to the success of your Quality Management System that every employee in your organization understands how the QMS works, and where they fit into the mix. All personnel need to be trained on the basics of ISO 13485, so they get an idea of the purpose of implementation; in addition, they need to be aware of any changes to be made in the processes they are a part of.

7) Choose a certification body. The right certification body can make all the difference, because this is the company that comes in after your implementation to audit your Quality Management System, and determine whether or not it conforms to ISO 13485 requirements. In addition, they will also decide how effective your QMS is, and whether it shows continual improvement. For help on choosing the right certification body for your company, take a look at this List of questions to ask an ISO 13485 Certification Body.

8) Operate the QMS / Measure the system. This is when you will collect the records that will be required in audits to show that your processes meet the requirements set out for them, that they are effective, and that improvements are being made in your QMS as needed. Certification bodies need this to happen over a certain length of time, which they will identify, in order to ensure that the system is mature enough to show compliance.

9) Conduct internal audits. After you have operated the QMS for the prescribed length of time, but before the certification body conducts their audit, you will need to perform an internal audit of each process. This will tell you whether or not the processes are performing as planned, and if not, you’ll have the opportunity to take corrective action to resolve any issues you find. For more information, check out Five main steps in ISO 13485 Internal Audit.

10) Conduct management review. Not only must management be supportive of the company’s ISO 13485 implementation – it is imperative that they stay involved in the ongoing maintenance of the Quality Management System. During the management review, they will examine data from the QMS activities to make sure that all processes have the resources they need to continue to be effective, and to improve over time. Take a look at How to perform management review according to ISO 13485 for more details.

11) Take corrective action. Here is where you look for the root cause of the problems discovered during internal audits, measurements, and management review, and then take the necessary action to correct the problems at the source. This is a crucial step in the continual improvement of the Quality Management System, which is a key aim of ISO 13485.

12) Perform the certification audit. Now is the time for the auditors from your chosen certification body to review your documentation and verify that all of the ISO 13485 requirements have been addressed in your QMS. Here you can learn more about how to get ISO 13485 certified.

A sound plan will go a long way toward helping you set up your ISO 13485-based Quality Management System. So, take the necessary time to make a plan and determine the necessary resources, as this will translate to savings in both time and resources down the line.

For a graphical representation of the implementation process, check out this free Diagram of ISO 13485:2016 Implementation Process.