Introduction
Ask any medical-device founder what keeps them up at night, and you’ll hear the same answer: documentation.
ISO 13485 demands proof; proof that every process is defined, controlled, and recorded. Without the proper paperwork, you don’t just risk a poor audit; you risk losing months of progress and thousands in corrective rework.
For medical-device start-ups and SMEs, getting your ISO 13485 documentation requirements right from the outset can be the difference between a smooth certification and a regulatory slog.
In this guide, we’ll unpack the seven essential QMS documents every manufacturer needs, why they matter, and how to streamline your workload with expert-approved quality management system templates.
Download your free ISO 13485 Documentation Checklist now → CLICK HERE
Why ISO 13485 Documentation Matters
Documentation is the backbone of ISO 13485:2016. It provides the evidence auditors and regulators need to confirm that your system is both implemented and effective. Each document tells a part of your story. The story of how you control quality, manage risk, and ensure patient safety.
Not all documentation is created equal. ISO 13485 distinguishes between:
- Mandatory documents (explicitly required by the standard), and
- Recommended documents (good practice for risk control and consistency).
According to a 2024 Team-NB survey, 75% of MDR submissions arrived with less than 50% of the required technical documentation complete at initial review.
– 36 % had under 25 % of documents ready.
– 39 % had only 25 – 50 %.
Incomplete documentation is now the leading cause of audit delays and additional Q&A cycles.
A compliant document set doesn’t just please auditors, it accelerates certification, protects market access, and strengthens your company’s valuation.
The 7 QMS Documents Every Medical-Device Manufacturer Must Have
1. Quality Manual
The Quality Manual is your QMS at a glance. It’s the first document auditors request. It defines the scope, process map, and management commitment.
Common pitfalls: generic language, missing interaction diagrams, or statements that don’t match reality.
Include:
- QMS scope and exclusions
- Process-interaction map
- Quality objectives and policy
- Management accountability
Time to create: ≈ 40–60 hours
Solution: Ready-to-use Quality Manual Template (from £9.99)
See also: Patient Guard – ISO 13485 Management Responsibilities Procedure
2. Document Control Procedure
The Document-Control Procedure is the nervous system of your QMS. It defines how every form, record, and policy is created, approved, and retired.
Why it matters: Poor control leads to instant nonconformity.
Include:
- Document hierarchy and numbering
- Version-control method
- Approval and change-control workflow
- Master Document List
Time to create: ≈ 20–30 hours
Solution: Document Control Procedure Template + Master Template (from £9.99)
3. Internal Audit Plan and Reports
Clause 8.2.4 of ISO 13485 makes internal audits mandatory. They prove your QMS works.
Common pitfalls: skipped audits, missing CAPA follow-up, or untrained auditors.
Include:
- Annual audit schedule
- Clause-by-clause checklists
- Audit reports and CAPA linkage
Time to create: ≈ 30–40 hours
Solution: Internal Audit Package (Plan + Checklists + Reports) (from £49.99)
Coming soon: ISO 13485 Internal Audit Collection.
4. Management Review Procedure and Templates
Management review shows leadership is actively steering quality—not just approving it.
Common pitfalls: no inputs from audits, complaints, or CAPA; unrecorded outputs.
Include:
- Review the agenda and frequency
- Required inputs (audits, KPIs, customer feedback)
- Outputs (decisions, resource plans, actions)
Time to create: ≈ 15–25 hours
Solution: Management Review Bundle (Procedure + Agenda + Minutes) (from £5.99)
5. CAPA (Corrective and Preventive Action) Procedure
CAPA is where problems go to die, or linger forever if poorly managed. It remains the top source of audit findings globally.
Include:
- Triggers and escalation routes
- Investigation tools (5 Whys, Fishbone)
- Effectiveness-check process
- Closure evidence
Time to create: ≈ 25–35 hours
Solution: CAPA Procedure with Forms and Logs (from £39.99)
6. Risk Management File (ISO 14971)
Risk Management ties your technical and quality systems together. MDR, IVDR, and FDA regulations require it.
Include:
- Risk Management Plan
- Hazard Analysis and Control Measures
- Residual-risk evaluation
- Post-market surveillance link
Time to create: ≈ 60–100 hours (device-specific)
Solution: Risk Management File Template + Assessment Tools (from £19.99)
See also: Patient Guard’s Risk Assessment and ISO 14971 consulting services
7. Design and Development Procedures
Design control defines how you translate ideas into safe, compliant products.
Include:
- Design Plan and Review Stages
- Inputs/Outputs and Verification Records
- Validation and Transfer Checklist
- Design History File (DHF) requirements
Time to create: ≈ 50–80 hours
Solution: Design and Development Procedure Template (from £9.99)
Did you know? In Team-NB’s 2024 survey, 44 % of new MDR certificates took 13–18 months and 31 % took 6–12 months from application to issue—delays driven primarily by documentation gaps.
Your QMS shouldn’t take nine months to build. Start with templates that work — and partners who know why they do. Get your ISO 13485 Documentation Bundle →
The Complete ISO 13485 Documentation Solution
If these seven documents are your foundation, the ISO 13485 Complete Template Bundle is the full blueprint.
Includes:
- 7 core documents + 50 supporting procedures, forms, and checklists
- Fully editable Word and Excel files
- Step-by-step guidance for fast implementation
Value snapshot:
- Saves ≈ 250 hours of manual drafting
- Cuts project timelines from 9 months to 3–4 months
- ROI ≈ £ 7,500 in labour cost savings (at £30/h quality-manager rate)
A Health Innovation Network UK 2024 guide estimates that building a first QMS from scratch takes ≈ 9 months across design, deployment, and training. Using ready-made templates can cut that by more than half, without cutting corners.
Get the ISO 13485 Complete Bundle (from £799.99) →
Free Resource – ISO 13485 Documentation Checklist
You don’t need to start from a blank page. Download the free “ISO 13485 Documentation Checklist: 75 + Required and Recommended Documents.”
What’s inside:
- Clause-by-clause breakdown of mandatory docs
- MDR/IVDR add-ons and FDA 21 CFR 820 cross-reference
- Suggested creation order and effort estimates
Download your free checklist →
Decision Framework – Build, Buy, or Hire?
Every start-up faces the same question: How should we build our QMS?
You have three options available to you.
Option 1: Build internally
- Ideal for teams with ISO experience and 6-12 months of dedicated time.
- Pros: Full control and customisation.
- Cons: High labour cost and long lead time.
Option 2: Buy templates (QMSRegs bundles)
- Best for SMEs needing speed and affordability.
- Pros: Pre-formatted, audit-ready documents.
- Cons: Requires light customisation to fit your processes.
Option 3: Hire consultants (Patient Guard)
- Recommended for complex devices or first-time founders.
- Pros: End-to-end implementation and training support.
- Cons: Higher initial investment but lowest risk.
Browse individual templates → | Book a consultation with Patient Guard →
Conclusion
Every successful medical-device company starts with the same seven documents. Get them right, and certification becomes predictable; neglect them, and every audit feels like a gamble.
Investing early in solid medical-device QMS documents saves time, protects revenue, and builds investor confidence. With ready-to-use quality-management-system templates, you can move from paperwork panic to polished compliance in weeks, not months.
Get the ISO 13485 Complete Bundle (from £799.99) | Download your free checklist | Book a consultation with Patient Guard
Frequently Asked Questions
Core mandatory documents include the Quality Manual, Document-Control Procedure, Internal Audit Plan, Management Review Procedure, CAPA Procedure, Risk Management File, and Design and Development Procedure.
On average, 9 months for a start-up team without templates. Pre-built systems can reduce this to 3-4 months.
Yes, as long as templates are customised to reflect your actual processes. Certification bodies approve content accuracy, not format.
ISO 13485 covers QMS processes and controls; MDR technical documentation covers device-specific safety and performance evidence. They work together for compliance.
At least annually, and whenever there are design changes, CAPA actions, or regulatory updates.
Absolutely. Patient Guard offers templates, training, and end-to-end support to get your documentation audit-ready and keep it that way.
Patient Guards Recent Posts
CE Marking vs UKCA: 2026 Guide for Manufacturers
Post-Brexit, many medical device manufacturers are still navigating the split between CE marking and the UKCA mark — and the rules keep evolving. As the MHRA advances its “future regime” for medical devices, regulatory teams face the ongoing challenge of complying with both EU MDR obligations and the UK’s own UK MDR 2002 (as amended) framework.
ISO 10993-1:2025 – What’s New in Biological Evaluation
The newly revised ISO 10993-1:2025 has quietly done something big: it’s turned biological evaluation from a “tick-the-box biocompatibility test list” into a fully integrated risk narrative that regulators now expect to hold together scientifically, from chemistry through to clinical data.
EUDAMED Mandatory from May 2026: What You Need to Know
After years of “coming soon”, the EU has finally put a fixed date on reality: the first EUDAMED mandatory modules must be used from 28 May 2026.
Sources
– Team-NB Survey 2024 – MDR Certification Readiness
– Health Innovation Network UK 2024 – Regulatory Timelines and Costs
– ISO 13485:2016 – ISO.org
– EU MDR Annex IX – QMS and Technical Documentation
