What is ISO 13485?

RESOURCES > GLOSSARY

ISO 13485 Definition

International Organization for Standardization defines ISO 13485 for companies involved in the design, production, installation, and servicing of medical devices and related services. This standard specifies requirements for a quality management system (QMS). ISO 13485 can also be used by internal and external parties, such as certification bodies, to help with auditing processes. ISO 13485 compliance occurs when impacted organizations can demonstrate that their QMS follows regulatory best practices throughout a product’s lifecycle from creation through service and delivery of medical devices that are safe and effective for their intended purpose. ISO 13485:2016 was published in March of 2016 and is the latest version of ISO 13485 as of March 25, 2021.

DIFFERENCE BETWEEN ISO 13485 AND ISO 9001

Although ISO 13485 is heavily based on the ISO 9001 standard for quality management systems, there are some key differences.

• ISO 9001 applies to organizations across any industry, whereas ISO 13485 is specific to entities involved in the design, production, and servicing of medical devices.
• ISO 13485 places greater emphasis on documentation control and risk management as compared to ISO 9001.
• With ISO 9001, quality management responsibilities can be distributed across an organization. In contrast, ISO 13485 requires medical device companies to assign quality management duties to certain employees within the management team.
• Customer satisfaction is a primary focus of ISO 9001, whereas ISO 13485 emphasizes customer and patient safety.

BENEFITS OF AN ISO 13485 QUALITY MANAGEMENT SYSTEM

By aligning their quality management system with ISO 13485, medical device manufacturers reduce the risk of product nonconformities and ensure patient safety. Additional benefits include:

• Ability to minimize errors, waste, and rework, resulting in increased efficiency and cost savings
• Consistency of products and services through increased traceability
• Insight into process and product performance through ongoing monitoring and data analysis
• Easier certification process for other regulations such as FDA and EU MDR
• Opportunity to enter new markets and expand customer base
• Increased customer satisfaction
• Strengthened brand reputation

KEY REQUIREMENTS OF ISO 13485

ISO 13485 outlines the requirements for designing, developing, and maintaining a medical device throughout its entire lifecycle. This includes the implementation of a quality management system and processes centered around documentation and risk management.

• Quality Management System
  The QMS should include a quality policy which documents the organization’s overall purpose and mission. It should also include a quality manual which outlines the organization’s processes and requirements for complying with ISO, FDA, EU MDR, and other applicable regulations. Additional documentation to support the design and development of a medical device include software validation procedures, technical information, statement of the product’s intended use, a device master record (DMR), and a plan for document and record control.

• Management Responsibility
  An organization’s management team must ensure adherence to the quality system. This involves:
  • Communicating the organization’s mission and objectives to employees and emphasizing the importance of following quality policies and procedures
  • Staying focused on the needs of the customer/end user
  • Following all applicable laws throughout the manufacturing process
  • Performing periodic reviews of the quality system and implementing improvements as needed (i.e., management review)
• Resource Management
  Adequate resources (e.g., personnel, infrastructure, equipment, succession planning, risk aversion planning) must be in place to ensure that operations run smoothly and that all product work complies with regulations.
• Supply Chain Management
  Because medical device manufacturers rely heavily on external suppliers and contract manufacturers to design and develop their products, supplier quality agreements, approved supplier/vendor lists (ASLs/AVLs), and other documentation must be established to ensure best practices and minimize risks.
• Employee Training
  Manufacturers must implement an employee training program to ensure continued awareness and proficiency on the latest processes and procedures. Training records must be maintained for each employee to demonstrate compliance.

• Product Realization
  Organizations should document all processes that support product realization, from conceptualization to implementation. This includes:
  • Processes for capturing initial design ideas and customer requirements
  • Design and development plans, procedures, and outputs (i.e., design history file [DHF] and device master record [DMR])
  • Design verification and validation procedures
  • Calibration and installation records
  • Software validation records

• Measurement, Analysis, and Improvement
  Once the medical device is released to market, manufacturers must implement processes to effectively monitor the product and ensure patient safety. This includes:
  • Handling customer complaints and gathering feedback
  • Reporting adverse events to regulatory authorities
  • Identifying product nonconformities
  • Implementing corrective and preventive actions (CAPAs)
  • Continually analyzing product performance and making process improvement

HOW EQMS SOFTWARE HELPS STREAMLINE ISO 13485 COMPLIANCE

ISO 13485 compliance is demonstrated when organizations can demonstrate that their quality management system (QMS) follows regulatory best practices throughout a product’s lifecycle from creation through service and delivery. The International Organization for Standardization (ISO) is a non-governmental organization that creates and publishes international standards to support innovation, quality, and challenges across the globe.

Maintaining all the documentation necessary for ISO 13485 compliance can be time-consuming and prone to errors if you use paper, spreadsheets, and other manual, disconnected systems. It is difficult to identify the latest revisions when files are stored in multiple locations. And you don’t have full visibility into product nonconformities and other quality issues which create audit risks.

By leveraging electronic quality management system (eQMS) software, companies can take advantage of a paperless approach to quality management with more control over documentation and processes needed to prove compliance. With a product-centric eQMS, all team members can access the latest product and quality records from a centralized location and efficiently execute their product development activities. Through automated change processes and revision controls, you can be confident that information is always accurate and up to date. This gives way to better visibility and traceability throughout the product lifecycle. In addition, you can effectively manage training records, supplier information, CAPA processes, and other critical documentation that is addressed in the ISO 13485 standard.

8 STEPS TO OBTAIN ISO 13485 CERTIFICATION

Although ISO 13485 certification is voluntary, many countries such as the European Union (EU) base their regulatory standards for medical devices on ISO 13485. Thus, it is beneficial to earn certification if you plan to market and sell your products in those regions.

To obtain your ISO 13485 certification, follow these steps:

1. Familiarize yourself with the ISO standard.
   Thoroughly review the ISO 13485 guidelines to understand what is required of your organization and help streamline the implementation.
2. Conduct a gap analysis.
   Assess your existing processes to determine how they align with the ISO 13485 requirements. Identify areas that do not comply with ISO 13485.
3. Develop a plan for implementing ISO 13485.
   Develop a plan to address the gaps identified in your initial assessment. This will lay the foundation for how you implement ISO 13485 and help define the scope of your QMS. Identify processes and procedures that need to be developed and/or modified to reach compliance. Also, identify all the necessary resources throughout your organization.
4. Prepare supporting documentation.
   Develop documentation to clearly outline your processes for designing, developing, and maintaining your medical device. Start by documenting your quality policy, manual, and other QMS essentials.
5. Train employees.
   Ensure all employees are aware of the plan to implement ISO 13485. They should have a clear understanding of how ISO 13485 will benefit the organization and impact their daily work. Employees should be trained on new processes as well as any new roles or responsibilities.
6. Implement ISO 13485.
   Carry out your plan for implementing the QMS under ISO 13485. Monitor your processes and make adjustments to address any issues that arise. Be sure to document any changes and train employees accordingly.
7. Perform internal audits and management reviews.
   After operating your QMS for at least three months, conduct internal audits to assess its performance. Document your findings and use them as evidence to show that your processes are meeting the requirements of ISO 13485. The management team should also evaluate the effectiveness of your QMS and confirm that sufficient resources are in place to drive continuous improvement.
8. Complete third-party audit and certification process.
   Select a third-party certification body to conduct the ISO audit. The initial certification typically involves two on-site audits. During the initial visit, the auditor will review QMS documentation. During the second visit, the auditor will review various processes to verify that your QMS meets the full requirements of ISO 13485.

If any significant nonconformances are revealed during the audit, your organization will need to implement the necessary corrective actions and have them verified by the auditor prior to receiving a certification.

Upon passing the audit, you will be issued an ISO 13485 certification that is valid for three years.