Understanding ISO 13485 for Medical Device Quality Management Systems (QMS)

By ETQ on January 8, 2018

ISO 13485 for Medical Device Quality Management Systems is growing in popularity, with the number of certified facilities jumping 13% from 2015 to 2016.

But how is ISO 13485 different from ISO 9001 for Quality Management, and who should certify?

In this post, we’ll take a look at the basics of ISO 13485 to help you decide whether it’s worth pursuing this certification.

What Is ISO 13485?

In the words of ISO,

“ISO 13485:2016 specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements.”

ISO 13485 is intended to help medical device manufacturers (and others in the industry) create a Quality Management System (QMS) that ensures quality and safety of finished products. The standard provides a step-by-step framework for creating a QMS and/or evaluating gaps in your current system in terms of monitoring and controlling processes.

What Are the Benefits of Certifying to ISO 13485?

The most important result of ISO 13485 certification is protecting the health of consumers by reducing the risk of defective devices. Other benefits of certifying to ISO 13485 include:

  • Gaining access to new clients, especially global companies who require the certification.
  • Improving operational efficiency as you examine your processes, how they fit together and any gaps that are increasing quality or safety risks.
  • Reducing quality costs due to better efficiency and fewer errors.
  • Demonstrating compliance with regulatory requirements.

Who Needs to Certify to ISO 13485?

Many companies require ISO 13485 certification as a condition of doing business. While not explicitly required by law, ISO 13485 is aligned with many global regulations. These include CE marking of medical devices under European Directives as well as U.S. Food and Drug Administration (FDA) requirements that medical device manufacturers establish and follow quality systems.

Medical device manufacturers are the most obvious candidates for certification, any organization in the industry can certify, including:

  • Medical device suppliers.
  • Device importers and distributors.
  • Service providers for related activities such as technical support, installation or QMS services.

What’s the Difference Between ISO 13485 and ISO 9001?

ISO 13485 is a standalone document based on its popular cousin, ISO 9001 for Quality Management Systems. ISO 13485 incorporates (almost) all of ISO 9001, applying the Plan-Do-Check-Act approach to medical device manufacturing.

Some key differences companies should pay attention to:

  • ISO 13485 adds some requirements on top of ISO 9001, specifically around documentation and identifying regulatory requirements for manufactured devices.
  • It also removes some requirements in ISO 9001, most notably those around demonstrating continuous improvement. Instead, ISO 13485 only requires implementation and maintenance of the QMS.
  • ISO 13485:2016 does not have the same high-level structure of most other ISO standards and revisions, including ISO 9001:2015.

ISO 13485 or ISO 9001?

ISO 13485 was most recently updated in 2016, with ISO 9001 most recently updated in 2015. On February 28, 2019, all certificates to the previous ISO 13485:2003 (and the related European standard EN ISO 13485:2012) will expire. ISO 9001:2008 certificates are only valid until September 15, 2018, with organizations required to transition to ISO 9001:2015 by that time.

Because ISO 9001 and ISO 13485 do not share the same structure, many companies would likely find it difficult to comply with both. That’s why for most organizations, it makes sense to go with one or the other.

As for which one to choose? For organizations that sell products globally, ISO 13485 is what companies are looking for. Both standards contain some significant updates in the new versions, particularly around risk-based thinking, training and documentation.

For those just getting started—as well as those who need recertification—the time is now to start preparing. Key steps include ISO 13485 training and performing a gap analysis, so you can quickly pinpoint the most important areas to focus your efforts.