• (0)

    What is ISO 13485? Overview of the standard.

    ISO 13485 is the medical device industry’s most widely used international standard for quality management. Issued by the International Organization for Standardization (ISO), the ISO 13485 standard is an effective solution to meet the comprehensive requirements for a Quality Management System in the medical device industry.

    What is the purpose of ISO 13485?

    Adopting ISO 13485 provides a practical foundation for manufacturers to address the EU Medical Device Directive (MDD), the EU Medical Device Regulation (MDR), and other regulations, as well as demonstrating a commitment to the safety and quality of medical devices.

    Starting with management support and identifying the customer requirements for the QMS, you will need to start developing documentation including the Quality Policy, Quality Objectives, and Quality Manual. Together, these define the overall scope and implementation of the Quality Management System. Along with these, you will need to create the mandatory and additional processes and procedures necessary for your organization to properly create and deliver your product or service. For a good explanation on this, take a look at the article List of mandatory documents required by ISO 13485:2016.

    A survey of ISO 13485-certified companies shows that the number of companies that have implemented an ISO 13485 Quality Management System still shows a general positive trend worldwide (the drop in 2018 was mainly due to a different measurement methodology).

    What is ISO 13485? Easy-to-understand explanation.

    Data taken from 2018 ISO Survey

    What is the current version of ISO 13485?

    The latest revision of ISO 13485 for ISO medical devices is from March 2016. Among the additions to this update are included: a focus on risk, clarification of management responsibilities, clarification of training responsibilities, improvement to the facility requirements, better alignment of design and development requirements to many regulations, more emphasis on control of suppliers, requirements for traceability procedures, addition of complaint handling, and enhancement of product cleanliness requirements. See all the changes here: Infographic: What’s new in the 2016 revision of ISO 13485.

    The ISO 13485:2016 standard aligns with the previous version of ISO 9001, ISO 9001:2008. ISO 9001 is an internationally recognized standard for Quality Management Systems (QMS), which is published by ISO (the International Organization for Standardization). Its requirements are recognized around the world as an acceptable basis for implementing a QMS. Although the ISO 13485:2016 standard came out after the major update of ISO 9001:2015, the ISO 13485 standard does not align with this new revision of ISO 9001. Instead, it was determined that the most recent changes in ISO 9001:2015 were not necessary for medical devices.


    What are the requirements of ISO 13485?

    ISO 13485:2016 specifies requirements for a Quality Management System to produce ISO medical devices and related services that consistently meet customer and applicable regulatory requirements. Requirements of ISO 13485:2016 are applicable to organizations regardless of their size and regardless of their type, except where explicitly stated. Wherever requirements are specified as applying to medical devices, the requirements apply equally to associated services supplied by the organization.

    The ISO 13485 structure is split into eight sections, with the first three being introductory, and the last five containing the mandatory requirements for the Quality Management System. Here is what the five main sections are about:

    Section 4: Quality Management System – This section talks about general QMS requirements, as well as the documentation requirements of the standard. It includes the requirements for the Quality Manual, Control of Documents, and Control of Records, all of which are required documents in the QMS.

    Section 5: Management Responsibility – The management responsibility requirements cover the need for top management to be instrumental in the implementation and maintenance of the QMS. Along with planning for the QMS, there is a need for top management to be involved in the ongoing review of the system to ensure customer satisfaction and improvement.

    Section 6: Resource Management – The section on management of resources is short, but covers the necessity to control all resources, including human resources, buildings, and infrastructure and the working environment.

    Section 7: Product Realization – The product requirements deal with all aspects of the planning and creation of the product or service. This section includes requirements on planning, product requirements review, design, purchasing, creating the product or service, and controlling the equipment used to monitor and measure the product or service. ISO 13485 allows for requirements in the section to be excluded if they are not applicable to the company (such as a company that does not design products or services).

    Section 8: Measurement, Analysis and Improvement – This last section includes the requirements needed to make sure that you can monitor whether your QMS is functioning well. It includes assessing customer satisfaction, internal audits, monitoring products and processes, dealing with non-conforming product, and corrective and preventive actions.

    These sections are based on a Plan-Do-Check-Act cycle, which uses these elements to implement change within the processes of the organization in order to drive and maintain improvements within the processes. See also: ISO 13485 structure and requirements.

    What is the difference between ISO 13485 and EN ISO 13485?

    As stated above, ISO 13485 is an internationally recognized standard set of requirements issued by the International Organization for Standardization (ISO) to create a Quality Management System for those in the medical device industry. The ISO standard includes all of the requirements that are needed to create a QMS to demonstrate your ability to provide medical devices that consistently meet the requirements of customers and regulators.

    EN ISO 13485 is a parallel standard that is issued in the European Union for the purpose of creating a QMS in the medical device industry for use in the European Union. The requirements of these two standards are identical, and the entirety of the ISO 13485:2016 standard is included in the EN ISO 13485:2016 document. However, the European version of the standard (EN ISO 13485) also includes several invaluable tables that align the ISO 13485:2016 requirements to the three EU directives for medical devices (EU directive 90/385/EEC, EU directive 93/42/EEC, and EU directive 98/79/EC). This makes it easy to see how implementing the ISO 13485:2016 standard will help you to meet these particular EU directives.

    With the release of the European Union Medical Device Regulation (EU MDR) in May 2017, which supersedes these previous directives, it is expected that a new version of EN ISO 13485 will be released showing closer alignment with the EU MDR.

    What is the difference between ISO 9001 and ISO 13485?

    Even though ISO 13485:2016 is a stand-alone standard, it is based on ISO 9001:2008, as mentioned above. So, while ISO 9001 is an internationally recognized standard for any organization in any industry, the ISO 13485 standard includes additional requirements that are specific for companies that manufacture ISO medical devices. Some additional requirements of ISO 13485 for ISO medical devices include:

    • Documentation requirements for medical device files,
    • Work environment requirements,
    • Contamination control requirements,
    • Production requirements for cleanliness of products,
    • Production requirements for sterile medical devices, and
    • Requirements for reporting to regulatory authorities.

    As can be seen, these additional requirements are applicable only to medical device manufacturers.

    ISO 9001 was updated in 2015, and the ISO 9001:2015 standard supersedes the ISO 9001:2008 standard. However, as the changes made to the ISO 9001 standard were not seen as appropriate for the medical device industry, the ISO 13485 standard was not updated to align with these new ISO 9001:2015 requirements and has remained to be based on the ISO 9001:2008 standard.

    The ISO 9001:2015 updates include several requirements for identifying the context of the organization, which were not added into the ISO 13485 standard, such as identification of internal and external issues as well as identifying interested parties and their needs and expectations.

    Is ISO 13485 mandatory?

    The short answer is no, ISO 13485 is not mandatory. You can create a QMS that suits your needs for your organization, so long as the processes of the QMS meet the legal and regulatory requirements for medical devices where you intend to manufacture and sell them. Even though ISO 13485 is not required for EU MDR compliance, the EU MDR regulation requires that you have a QMS in place, and the ISO 13485:2016 standard is the only QMS standard listed in the EU list of harmonized standards, so most companies will use the ISO 13485 requirements to implement their QMS. The reference to ISO 13485 on the EU list of harmonized standards indicates that the EU understands that, by implementing the ISO 13485 requirements, all of the EU MDR QMS requirements will be met. Learn more here: How can ISO 13485 help with MDR compliance?

    By using the ISO 13485 requirements to create your QMS, you can ensure that you have a world-class system for meeting the needs of customers and legislators for your medical devices. ISO 13485 provides you with more than the bare minimum to meet a legal requirement; it provides a whole system that is devoted to helping you make your quality processes better.

    What is “ISO 13485 certified”?

    What is ISO 13485 certification?

    There are two types of certification: certification of a company’s Quality Management System against the ISO 13485 requirements, and certification of individuals to be able to audit against the ISO 13485 requirements.

    ISO 13485 certification for your company involves implementing a QMS based on the ISO 13485 requirements, and then hiring a recognized certification body to audit and approve your QMS as meeting the requirements of the ISO 13485 standard.

    Once all of the processes and procedures are in place, you will need to operate the QMS for a period of time. By doing this, you will be able to collect the records necessary to go to the next steps: to audit and review your system and get certified. After finishing all your documentation and implementing it, your organization also needs to perform these steps to ensure a successful certification:

    Internal audit – The internal audit is in place for you to check your QMS processes. The goal is to ensure that records are in place to confirm compliance of the processes and to find problems and weaknesses that would otherwise stay hidden.

    Management review – A formal review by your management to evaluate the relevant facts about the management system processes in order to make appropriate decisions and assign resources.

    Corrective actions – Following the internal audit and management review, you need to correct the root cause of any identified problems and document how they were resolved.

    Learn more here: Checklist of ISO 13485 implementation and certification steps.

    The company certification process is divided into two stages:

    Stage One (documentation review) – The auditors from your chosen certification body will check to ensure your documentation meets the requirements of ISO 13485.

    Stage Two (main audit) – Here, the certification body auditors will check whether your actual activities are compliant with both ISO 13485 and your own documentation by reviewing documents, records, and company practices.

    ISO 13485 training and certification for individuals

    Training on ISO 13485 is available, and there are a range of course options for individuals to choose from. Each of these courses differ in their purpose, but upon the completion of the course, the participant will get the certificate:

    ISO 13485 Lead Auditor Course – This is a four- to five-day training course focused on understanding the ISO 13485 QMS standard and being able to use it for auditing management systems against these requirements. The course includes a test at the end to verify knowledge and competence, and it is only with an accredited course that an individual can become approved to audit for a certification body.

    ISO 13485 Internal Auditor Course – This is commonly a two- or three-day course that is based on the lead auditor course above, but does not include the test for competence, so this is most useful for someone beginning to do internal audits within a company.

    ISO 13485 Awareness and Implementation Course – Several courses are offered that provide knowledge of ISO 13485 and how to implement it. These can be one- or two-day courses, and they can even include online e-learning sessions as a method of teaching the material. These courses are good for those who need an overview of the ISO 13485 standard, or those who will be involved in the implementation within a company, and many are more economical than investing in the lead auditor course for those involved at this level.

    There are a number of accredited training organizations around the world where you can gain individual qualifications in ISO 13485.

    To learn more about the requirements of ISO 13485, download this free white paper: Clause-by-clause explanation of ISO 13485:2016.