WHAT IS ISO 13485

QUALITY
MANAGEMENT
SYSTEM STANDARD
FOR MEDICAL
DEVICES?
WHAT IS ISO 13485?
GENERAL INFORMATION

ISO 13485 is an international standard that defines the Quality Management System requirements
for the medical device industry. This standard is specific to medical devices and covers the entire
lifecycle, from design and development to production, installation, and servicing. Its purpose is to
ensure that medical devices are safe and effective for their intended purposes. The standard is
designed to be flexible and scalable to meet the needs of organizations of all sizes and types within
the medical device industry. It was last updated in 2016.

WHAT IS THE PURPOSE OF ISO 13485 STANDARD?

Adopting ISO 13485 provides a practical foundation for manufacturers to ensure compliance with
the EU Medical Device Regulation (MDR) and other regulations, while demonstrating a
commitment to the safety and quality of medical devices.
Starting with management support and identifying customer requirements for the Quality
Management System, you will need to develop documentation, including the Quality Policy,
Quality Objectives, and Quality Manual, among others. These documents collectively define the
overall scope and implementation of the Quality Management System. In addition, you will be
required to establish the mandatory and additional processes and procedures that your organization
needs to create and deliver your product or service correctly.

WHY IS ISO 13485 IMPORTANT?

ISO 13485 is significant for medical device manufacturers because it provides a framework to
ensure that their products consistently meet regulatory and customer requirements. It also helps
them comply with regulatory requirements in many world markets. Compliance with this standard
can assist in identifying and mitigating risks associated with the lifecycle of a medical device. As a
result, it aids in process improvement and increased efficiency.

8 PARTS OF ISO 13485

The main purpose of the standard is to define and specify the quality management systems for
medical devices and related services. These requirements aim to establish a quality management
system that consistently meets customer expectations and relevant regulatory requirements.
The requirements of ISO 13485:2016 can be applied regardless of the size or type of organizations
and are also applicable to organizations providing services associated with medical devices. In other
words, irrespective of an organization's size or its type, it must meet the requirements of ISO
13485. Furthermore, the requirements applied to medical devices are equally applicable to the
services provided by the organization.
The main purpose of the standard is to define and specify the quality management systems for
medical devices and related services.

The first three sections are introductory, and the last five contain the mandatory requirements for
the Quality Management System. Here are some of the key requirements and explanations in these
five main sections:

4.QUALITY MANAGEMENT SYSTEM

Compliance with the Standard: Full compliance with ISO 13485 standard is necessary. This
entails organizations adhering strictly to the requirements specified in the standard.
Documentation Requirements: Organizations must meet documentation requirements to
support their quality management systems. This includes organizations documenting specific
procedures, instructions, and records.
System Effectiveness: Organizations must continually assess and improve the effectiveness
of the quality management systems they implement. This involves evaluating whether the
system is achieving its specific purpose and objectives.
Risk Factors: Risk factors should be considered at every stage of an organization's activities.
Steps should be taken to identify and minimize potential risks.
 Determination of Processes: It signifies the need for organizations to clearly define which
processes will be followed and how they will be implemented. This means that organizations
need to make detailed plans when defining the production processes for medical devices,
quality control steps, documentation requirements, and other relevant activities. This applies to
every stage, starting from the design of medical devices to material selection, production
phases, and quality control tests. Determining processes is crucial to minimize errors, optimize
processes, and ensure the quality of products.
Activity Monitoring: Organizations must monitor their activities, rectify any process errors or
omissions, and maintain records of all activities.
Compliance with Legal Requirements: Full compliance with legally mandated requirements
is essential. This includes organizations complying with local and international regulations in
the production of medical devices and services.
Use of External Resources: When external resources are employed, organizations must still
retain responsibility for the work and confirm the effectiveness of the processes.
Documentation Requirements: Most quality systems require a fundamental component, a
Quality Manual. This manual outlines the organization's quality management system, its
objectives, and commitments. Furthermore, organizations need to establish a commitment to
providing an environment and culture consistent with prioritizing quality in all activities. This
commitment can be expressed through a policy or objective statement.

ISO 13485 emphasizes the need for organizations to manage documents and records. The
documents and records used in the production of medical devices must adhere to specific
requirements. Here are the two main requirements highlighted in this section:

Document Control Plan: Organizations must determine how the documents used will be
controlled and updated. This plan includes the processes required to manage document versions,
distribution, and revisions. It outlines how organizations will follow a plan to ensure that
documents are current and used appropriately.

Record Control Plan: Similarly, organizations need to define how they will retain and manage
records created during the production of medical devices. This includes procedures for the
creation, storage, access, and maintenance of records.
5. MANAGEMENT RESPONSIBILTY
BThis section is a part of ISO 13485 standard known as 'Management Responsibility,' which
explains the responsibilities of an organization's management regarding the quality management
system.

Management Commitment: Organizational management must demonstrate their commitment to

the quality management system. This commitment should align with the quality policy and should
not deviate from the needs of end users. Additionally, it should ensure compliance with local legal
requirements.
Quality Policy: Management is responsible for supporting and communicating the quality policy
to employees. The quality policy outlines the organization's quality objectives and commitments. It
should serve as a guiding principle for employees and relevant stakeholders.
Planning and Delegation: Management should determine the organization's objectives and goals,
delegate authority, and facilitate effective communication. Planning includes defining how the
organization will proceed to achieve its quality objectives.
Management Review: Management is responsible for periodically reviewing processes within the
organization and making improvements. This process, known as the 'Management Review,'
evaluates the effectiveness of the organization's quality management system.

6. RESOURCE MANAGEMENT

Top-level management is responsible for ensuring that the Quality Management System complies
with ISO 13485 and adheres to local regulatory requirements. This includes ensuring that there are
adequate resources available to carry out the committed tasks of the organization.
ISO 13485 requires organizations to provide the necessary resources to fulfill their obligations.
These resources may encompass various elements, such as personnel, infrastructure, consumables,
equipment, succession planning, and risk aversion.
Taking preventative measures can range from controlling daily workflow to prevent contamination
to ensuring that operations continue smoothly in the coming years, considering impending
retirements.

7.PRODUCT REALIZATION

This section emphasizes the need for organizations to document, monitor, and effectively manage
the design and development processes of their medical devices. This plays a critical role in ensuring
the safety and quality of the devices and includes the following key stages:
 Planning 2 Documentation 4 Effectiveness
Monitoring

1 3 Monitoring
5
Communication

It involves
monitoring each
Communication is
The organization stage of the The effectiveness
crucial for the design
must manage and Transferring ideas, process, ensuring related to
and development
document the design controlling the cleanliness, traceability,
process. Throughout
and development the process, every design, monitoring customer property
process from the step, from planning to documenting any installation, management, and
inception of the inputs, from outputs changes made as performing product
product idea, how to reviews, from needed, and necessary preservation must
verification to retaining all files services, and be monitored.
concepts are verified,
validation, should be involved in the meeting the Taking these steps is
and how products are
monitored process are critical. specific important to
designed and
requirements of achieve ISO 13485
developed.
medical devices compliance.

8. MEASUREMENT, ANALYSIS and IMPROVEMENT

This section is based on the Plan-Do-Check-Act (PDCA) cycle, using these elements to implement
changes within the organization's processes and drive ongoing improvements within the processes.

Collecting Feedback: Your product has been manufactured and released for general use, now
you have a responsibility to ensure that it meets your customers' needs. This includes collecting
feedback. It involves addressing customer complaints, reporting events to regulatory authorities,
conducting internal evaluations through audits, continually assessing processes and product
internally, identifying and controlling products that don't meet the original design requirements
(nonconforming products), and analyzing data generated and continually improving the process.
These sections are based on the Plan-Do-Check-Act cycle, which uses these elements to implement
change within the processes of the organization in order to drive and maintain improvements
within the processes.
Monitoring and Measuring Product Success: To effectively monitor and measure product
success, a procedure should be developed. This includes handling complaints, reporting events to
regulatory authorities, conducting internal evaluations through audits, continually assessing
processes and products internally, identifying and controlling products that don't meet the original
design requirements, analyzing generated data, and continually improving the process. These
elements are essential for achieving ISO 13485 compliance.
IS ISO 13485 MANDATORY?

"In short, ISO 13485 is not mandatory. However, it emphasizes the need to establish Quality
Management System (QMS) processes as long as they meet the legal and regulatory requirements
for the medical devices you intend to manufacture and sell.
Especially for compliance with the European Medical Device Regulation (EU MDR), ISO 13485 is
not required, but the EU MDR regulation mandates having a QMS in place, and ISO 13485:2016 is
the only QMS standard listed in the EU's list of harmonized standards. Therefore, most companies
use the ISO 13485 requirements to implement their QMS.
The reference to ISO 13485 on the list indicates that the EU understands that by implementing the
ISO 13485 requirements, all the EU MDR QMS requirements will be met. By using the ISO 13485
requirements to create your QMS, you can ensure that you have a world-class system for meeting
the needs of customers and legislators for your medical devices. ISO 13485 provides you with
more than the bare minimum to meet a legal requirement; it provides a whole system that is
devoted to helping you make your quality processes better.