Introduction to the ISO 13485 standard
Who is the Standard for?
The ISO 13485 standard can be used by organisations that are involved in one or more of the following activities against medical device products, software or services;
- Design and development
- Manufacturing/ production
- Storage/ Distribution
- Labelling/ packing
- Importing/ exporting
- Installation and servicing
- Disposal/ decommissioning
The standard is also used by 3rd party providers and sub-contractors who offer services such as;
- Sterilisation
- Equipment calibration
- Maintenance services
- Providers of raw materials
- Consultants/ service providers
What is the Structure of ISO 13485?
The ISO 13485 standard was built around the structure of ISO 9001 which is a standard for Quality Management Systems Requirements applied across all industry settings other than medical device companies. Some companies choose to have a dual-QMS which complies to the ISO 9001 standard and the ISO 13485 standard, having separate certificates issued against one all-encompassing system. Unfortunately, ISO 13485 can not be used as a ‘standalone’ certification to show full compliance to ISO 9001 as the standards to contains some additional/ separate requirements.
The ISO 13485 standard consists of 8 clauses; These 8 clauses are ISO 13485 Requirements.
- Scope
- Normative references
- Terms and definitions
- Quality management system
- Management responsibility
- Resource management
- Product realisation
- Measurement, analysis and improvement
ISO 13485 - Clause by clause guidance
Implementing a Quality Management System (QMS) in compliance to the ISO 13485 standard brings focus to various aspects of a business. Working through implementing the standard may highlight the need for involvement from other departments such as human resources, purchasing, production, IT managers, top management, customer services etc. Clause 1,2, and 3 don’t require any supporting documentation for compliance, however an understanding of these clauses is beneficial in navigating the rest of the document.
Clause 1 - SCOPE
This clause is fairly short; it provides an ‘introduction’ to the rest of the clauses and background into who may benefit from applying the standard.
In summary:
The scope focus on establishing a company’s ability to consistently design/ manufacture/ distribute a medical device or service that meets customer and applicable regulatory standards.
The scope of ISO 13485: 2016 is not just for manufacturers, it can be applied to other companies involved in offering medical device services, supply chain companies and any other applicable third party providers for activities such as design and development.
Within Clause 1 is the first mention of ‘non-applicable’ clauses, which is discussed in more detail within the paragraphs below.
Clause 2 - NORMATIVE REFERENCES
This clause makes reference to ISO 9001: 2015. It is explained that for any dated references, only the edition cited in the standard applies, but for any undated references the latest edition of that standard applies.
Clause 3 - TERMS AND DEFINITIONS
The terms and definitions given in ISO 9001:2015 apply to ISO 13485 but there are additional definitions provided more specific to medical device terminology.
When producing quality management system documentation, these exact terms do not have to be used, however it does help to clarify the meaning of the terms that have been used. Providing a glossary within system documentation may be useful for external auditors if there are a lot of in-house specific abbreviations/ acronyms.
This list can be helpful as a ‘training tool’ for those stepping into the industry, becoming familiar with the jargon is vital in understanding and working with standards effectively.
Clause 4 - QUALITY MANAGEMENT SYSTEM
Clause 4 outlines the documentation requirements for the QMS including;
- Establishing the quality manual
- Having available any medical device technical files
- Records and procedures required by ISO 13485 and any other applicable regulations
- Record and document/ change control
Clause 4 is referred to throughout the standard, whenever documented evidence is required.
Additionally, clause 4 outlines the system’s general requirements such as;
- Meeting the requirements of the standard and any applicable regulations
- Defining the scope of the QMS
- Defining processes needed for the QMS
- Risk control (including quality agreements)
- Resource availability across the organisation
- Monitoring, measurement and analysis of data
- Change control and maintenance of documents and records
- Validation and revalidation of software used within the scope of the QMS
Clause 5 - MANAGEMENT RESPONSIBILITY
Clause 5 focuses on establishing a quality policy and setting at minimum yearly objectives for the QMS/ company-wide.
Clause 5 also requires QMS planning evidence.
Examples of QMS planning inputs include:
• Establishing a quality policy for your company
• Setting Specific, Measurable, Achievable and Realistic ‘SMART’ quality/ companywide objectives
• Keeping up to date and in compliance with current and new regulatory requirements
Examples of QMS planning outputs include:
• Quality Manual
• Gap Analysis
• Action Plans
Other important aspects of QMS planning include carrying out Management Review Meetings (see below), conducting internal audits as per the internal audit plans and schedules and tracking your continual improvements/ current QMS actions issued.
Management review meetings FAQ’s.
Such meetings should be held a minimum of once per year as they allow for top management to review the effectiveness of the QMS. If the QMS is new or meeting agenda is lengthy it may be better to hold more regular meetings focusing on different topics each time.
Depending on the size and structure of the organisation different employees may attend but generally at a minimum the management representative and an appointee from top management would be present. Additionally, a company may wish to include 3rd party providers for PRRC (Person Responsible for Regulatory Compliance) or Management Representative, if these responsibilities are outsourced.
The meeting plan, schedule, list of attendees agenda, minutes and actions need to be formally documented as evidence for compliance to ISO 13485.
Clause 6 - RESOURCE MANAGEMENT
Resource management covers four main aspects;
- PROVISION OF RESOURCES: To have the resources available for successful implementation and management of the QMS such as qualified personnel/ IT equipment/ software etc.
- HUMAN RESOURCES: Ensuring the organisation has well trained, skilled and competent employees for the established job roles, with clear and defined job descriptions in place.
- INFRASTRUCTURE: To provide and maintain buildings, technology, hardware and software and any other infrastructure needed to achieve product conformity such as storage and manufacturing facilities.
- WORK ENVIRONMENT AND CONTAMINATION CONTROL: To provide a suitable environment appropriate to the activities performed, such as an office or factory. Ensuring the environment is suitable for purpose with regards to cleanliness, sanitation, hygiene and contamination control.
Clause 7- PRODUCT REALISATION
Clause 7 is the lengthiest of clauses within the standard and mainly focuses on the product/ software/ service-related activities such as;
- The product requirements and customer journey/ communication
- Risk management for the business/ QMS (in addition to managing product risks)
- Design and development activities, such as inputs and outputs
- Purchasing processes
- Supplier evaluation and monitoring processes
- Production controls, such as product cleanliness, sterilisation, servicing, installation, validation etc.
- Goods in checks and quality control
- Traceability and identification of products/ software/ services
- Preservation of customer property and products/ software/ services
- The monitoring and measurement of equipment used within production-related activities
Clause 8- MEASUREMENT, ANALYSIS AND IMPROVEMENT
This clause is about managing the QMS and focusing on continually improving the system. The tools provided to do so are;
- Logging, monitoring and as applicable investigating customer feedback and complaints
- Conducting internal audits against the QMS as per the internal audit plan and schedule
- Raising and processing non-conformances against products, suppliers, processes and procedures
- Keeping track of continual improvements and actions assigned during audits and management review meetings
- Measurement & analysis of data from various places within the QMS
- Processing corrective and preventive action plans
Non-applicable clauses
Certain clauses of ISO 13485 will not fit within the scope of the business. If this is the case, a detailed justification as to why the clause is non-applicable must be produced and presented clearly in the Quality Manual. Within the scope of ISO 13485 it specifically states ‘’if any requirement in clause 6,7 or 8…is not applicable…the organisation does not need to include such a requirement in its quality management system…’’. Therefore, an auditor wouldn’t expect to see non-applicable justifications for clause 4 or 5.
A common example of this would be clause 7.5.5 – Particular requirements for sterile medical devices; if the company does not handle any activities relating to sterilisation then procedures/ parameters and records would not need to be established.
The benefits of implementing ISO 13485
- To ensure the reliability and quality of medical devices across different territories.
- Helps businesses expand their selling potential and to gain approval to sell devices in the major markets such as the US, EU and Canada
- Allows businesses to demonstrate commitment to designing, manufacturing and distribution of high-quality medical devices
- Larger medical device businesses prefer to work with vendors who have ISO 13485: 2016, subcontractors that are certified are more likely to be prioritised
- The documentation required by the standard allows personnel to have comprehensive access to necessary information. It also helps identify any faults or potential failures, product improvements and manufacturing process efficiencies
Summary
Overall, the implementation of ISO 13485 brings additional structure to any medical device company, making it easier to monitor the day to day business activities. Its is vital for the wider organisation to have awareness of the QMS and understand its importance/ benefit from a ‘bigger picture’ perspective, rather than seeing it as a set of documents and paperwork. The QMS when implemented successfully can bring profit increase and success to a company and help achieve organisation wide aims and objectives. This standard is now being seen as a golden stamp for selling into the US and EU marketplaces; it shows investment in quality and makes sharing information and aligning with other companies much more effective.
How Can Patient Guard Help?
Patient Guard is a medical device consultancy that focuses on Regulatory Affairs and Quality Assurance. We have helped implement and manage hundreds of clients ISO 13485 Quality Management Systems (QMS) since our founding in 2017. All of our implemented and managed ISO 13485 Quality Management Systems have gone on to pass with 100% first time Notified Body and Assessment Body Audits. With us you have a safe pair of hands.
FAQs
ISO 13485 is primarily designed for medical device manufacturers, but it also applies to:
- Suppliers and subcontractors: Providing components or services for medical device production.
- Distributors: Ensuring proper storage and traceability of medical devices.
- Service Providers: Companies offering calibration, sterilization, or repair services for medical devices.
Key insight: Compliance is critical for any company involved in the medical device supply chain to ensure consistent product quality and regulatory acceptance.
While both are quality management standards, ISO 13485 is tailored to the medical device industry and focuses on:
- Regulatory Compliance: Incorporates specific requirements for medical device regulations (e.g., MDR, FDA).
- Risk Management: Aligns with ISO 14971 for risk-based approaches.
- Product Safety: Prioritizes patient safety over general process efficiency.
- Documentation: Requires extensive records for traceability and regulatory submissions.
Key takeaway: ISO 13485 is stricter and more specialized than ISO 9001, addressing the unique needs of the medical device industry.
ISO 13485 provides the framework for a Quality Management System (QMS), which is often a prerequisite for regulatory approvals:
- CE Marking (EU): Mandatory for demonstrating compliance with the MDR/IVDR.
- FDA Compliance (US): Aligns with 21 CFR Part 820 (Quality System Regulation).
- UKCA Marking (UK): Accepted as evidence of quality management under UK Medical Device Regulations.
Pro tip: Certification to ISO 13485 simplifies regulatory submissions and builds confidence with regulatory bodies.
The latest version, ISO 13485:2016, introduced key updates, including:
- Risk-Based Approach: Incorporating risk management throughout the QMS.
- Supply Chain Management: Strengthened requirements for supplier controls and traceability.
- Software Validation: Emphasis on validation of software used in QMS or production.
- Post-Market Surveillance: Enhanced focus on PMS and feedback systems.
Key insight: Staying up-to-date with ISO 13485 revisions ensures ongoing compliance and market access.
Common challenges include:
- Understanding Requirements: Interpreting the standard’s technical language and specific clauses.
- Resource Allocation: Ensuring sufficient personnel and funding for QMS implementation.
- Documentation Overload: Managing the extensive records required for compliance.
- Audit Readiness: Preparing for certification audits and addressing findings.
Solution: Partnering with experienced consultants simplifies the process and ensures successful implementation.
Yes! Patient Guard offers end-to-end support for manufactures implementing the ISO 13485 standard, including:
- Developing and implementing a compliant QMS tailored to your organization.
- Conducting gap analyses to identify and address deficiencies.
- Preparing for certification audits and regulatory inspections.
- Providing ongoing training and support for maintaining QMS compliance.
Why choose Patient Guard: With expertise in ISO standards and regulatory requirements, we ensure a smooth path to certification and long-term compliance.
