CALL US 1-888-553-2256

ISO 9001 Blog

Mark Hammar

ISO 9001 vs. ISO 13485

ISO 13485 is the international standard requirements for a quality management system for medical devices. Like many other quality management system requirements for special purposes (such as ISO/TS 16949 for automotive production and service parts and AS9100 for use by aviation, space and defense organizations), the ISO 13485 standard is based on the requirements of ISO 9001.

Just like these other standards, ISO 13485 includes the entire ISO 9001 standard with additional requirements included in blue italics text. One major distinction of ISO 13485 is that it is intended to also be requirements for regulatory purposes as well as non-statutory requirements for a quality management system.

(For information on how ISO/TS 16949 and AS9100 compare to ISO 9001, see ISO 9001 vs. ISO/TS 16949 and ISO 9001 vs. AS9100.)

What is ISO 13485 based on?

The current version of ISO 13485 was released in 2003 (ISO 13485:2003). This version is based on the version of ISO 9001 released in 2000 (ISO 9001:2000) and was not updated when ISO 9001 was updated in 2008. Most of the changes in ISO 9001:2008 were clarification and added notes, with only a few minor updates that would affect processes and procedures – these changes were not deemed necessary for the medical devices industry (in fact, some of the changes in ISO 13485 were included in the ISO 9001 update), so no update was made to ISO 13485.

For information on the differences between ISO 9001:2008 and ISO 9001:2000, see ISO 9001 version 2008: How has it changed since version 2000.

What are the additional requirements?

After some information added in the introductory section that is mostly to tailor the text to the medical device industry, such as the relationship to ISO/TR 14969 – a technical report to provide guidance for ISO 13485, the first inclusions are in the terms and definitions. Here, eight terms used by the medical device industry such as active medical device, advisory notice, and sterile medical device, are defined.

When it comes to the quality management system (QMS) requirements in sections four through eight, there are several small additions, mostly involved in the identification and application of pertinent legal requirements for the medical devices produced by the organization. Here is a brief listing of the main additions:

Section 4 – Quality Management System

  • Actions required to maintain effectiveness of the QMS (section 4.1)
  • Documentation requirements per regulations (section 4.2.1)
  • Documented file for each medical device maintained by the organization (section 4.2.1)
  • Quality manual, to include scope of the QMS and outline of documentation used (section 4.2.2)
  • Document controls to review and approve prior to use; re-approval by a designated function with pertinent information and control of obsolete document to include at least the lifetime of medical device it pertains to (or specified by law) (section 4.2.3)
  • Records maintained for at least the lifetime of the medical device or as specified by law (section 4.2.4)

Section 5 – Management Responsibility

  • Management commitment to ensure effectiveness of the QMS (section 5.1)
  • Quality policy, to include commitment to comply with requirements and QMS effectiveness (section 5.3)
  • Responsibility & authority communication and interaction of personnel to be ensured (section 5.5.1)
  • Management Rep to promote awareness of regulatory requirements (section 5.5.2)
  • Management review to include review of revised regulatory requirements (section 5.6.2) and output to identify improvements for QMS effectiveness (section 5.6.3)

Section 6 – Resource Management

  • Resource management to include effectiveness of the QMS and regulatory and customer requirements (section 6.1)
  • Documents required for maintenance activities (section 6.3)
  • Requirements for work environment, including cleanliness of clothing, temporary work conditions, and contaminated product controls (section 6.4)

Section 7 – Product Realization

  • Procedures for risk management associated with product realization planning (section 7.1)
  • Need for documented product requirements (section 7.2.2)
  • Advisory notices added to customer communication channels (section 7.2.3)
  • Design and development procedures need to be documented (section 7.3.1). Additionally, throughout the sub-sections of section 7.3 on design and development, there are requirements relating to function, performance and safety requirements, risk management and the need for clinical evaluations.
  • Purchasing procedures need to be documented (section 7.4.1).
  • Throughout the sub-sections of section 7.5 (production and service provision), there are many specific medical device requirements that stress the need to follow regulations, including: cleanliness of product and contamination control, installation activities, servicing activities, requirements for sterile medical devices, documented procedures for validation of sterilization processes, identification and traceability requirements, status identification and additional product preservation information.
  • Documented procedures needed for monitoring and measurement (section 7.6)

Section 8 – Measurement, Analysis and Improvement

  • Measurement, analysis, and improvement, to include QMS effectiveness (section 8.1)
  • Documented procedure required for a feedback system to establish if the company has met customer requirements (section 8.2.1)
  • Additional requirements on monitoring and measurement of product include identification of the personnel performing inspections (section 8.2.4)
  • Inclusion of the acceptance of a non-conformance only if regulatory requirements are still met, and control and authorization of rework instructions (section 8.3)
  • Feedback included in analysis of data (section 8.4)
  • The section on improvement general requirements includes the effectiveness of the QMS and record of customer complaints, including those not followed by corrective actions and notification when required by national or regional regulations (section 8.5.1)
  • Including update of documents in the actions taken for corrective actions (section 8.5.2)
  • Including records of investigations for corrective and preventive actions (section 8.5.2 & 8.5.3)
  • Including effectiveness in the review of corrective and preventive actions (section 8.5.2 & 8.5.3)

While some of these updates are precursors to the ISO 9001:2008 update, such as the inclusion of reviews for effectiveness of corrective and preventive actions and the QMS, many are included as necessary and often legally required additions. If your organization is at all involved in the medical device industry, ISO 13485 is the QMS standard you should look at for additional requirements above and beyond ISO 9001.

Click here to see a free white paper with  clause by clause explanation of ISO 9001 that will give you an insight into requirements of ISO 9001.

If you enjoyed this article, subscribe for updates

Improve your knowledge with our free resources on ISO 9001 standard.

You may unsubscribe at any time.

For more information on what personal data we collect, why we need it, what we do with it, how long we keep it, and what are your rights, see this Privacy Notice.

Leave a Reply

Your email address will not be published. Required fields are marked *



  • Advisera is Exemplar Global Certified TPECS Provider for the IS, QM, EM, TL and AU Competency Units.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.