Back to the Glossary

ISO 13485

ISO 13485 is the international standard that defines the requirements for a Quality Management System (QMS) specifically for medical devices. It is known as the medical industry's equivalent of ISO 9001.

The standard places particular emphasis on management reviews, process and design control in manufacturing, documentation, and the review of Corrective and Preventive Actions (CAPA). Compliance with ISO 13485 (specifically, the 2016 edition) is often a mandatory requirement for medical device manufacturers under global regulatory frameworks.

Frequently Asked Questions (FAQs) Associated with ISO 13485

The sources detail the relationship between ISO 13485 and other critical medical device regulations, its history, and key compliance requirements.

1. What is the relationship between ISO 13485 and ISO 9001?

ISO 13485 is closely linked to the broader ISO 9000 family of standards.

  • Foundation: ISO 13485 was originally developed based on the existing ISO 9001 standard at the time, but included more specific requirements related to medical devices.
  • Stand-Alone Status: ISO 13485:2016 is a stand-alone standard. Due to the specialized requirements for medical devices, particularly concerning continual improvement, achieving compliance with ISO 13485 does not necessarily mean compliance with ISO 9001 (and vice versa).
  • Documentation: Organizations that require comprehensive QMS documentation may utilize toolkits covering multiple standards, including ISO 13485 and ISO 9001.

2. How does the FDA (21 CFR Part 820) relate to ISO 13485?

The FDA has officially recognized and incorporated ISO 13485 into its Quality Management System Regulation (QMSR).

  • QMSR Incorporation: The FDA's 2024 Final Rule (QMSR) incorporates by reference ISO 13485:2016. This means that the definitions in ISO 13485 apply to the QMSR, along with definitions from Clause 3 of ISO 9000:2015.
  • Superseding Definitions: Although ISO 13485 definitions apply generally, the QMSR, through 21 CFR 820.3(b), provides definitions from the Federal Food, Drug, and Cosmetic (FD&C) Act that supersede correlating terms and definitions in ISO 13485 (such as "medical device" and "labeling").
  • Inspection: Achieving an ISO 13485 certificate does not exempt manufacturers from FDA inspections. The FDA retains its inspectional authority and will not issue ISO 13485 certificates as a result of an FDA inspection.
  • Stringency: While the content of ISO 13485 and 21 CFR 820 is described as very similar, the actual FDA inspection process is considered more stringent than ISO 13485 audits, as FDA inspectors are federal agents with greater power of investigation.

3. What are the key requirements mandated by ISO 13485, specifically concerning CAPA and Improvement?

ISO 13485 dictates a structured approach to quality improvement and compliance.

  • CAPA System: The standard requires a mandatory CAPA system for medical device manufacturers.
    • CAPA is addressed under Section 8.5 Improvement.
    • Corrective action (Section 8.5.2) requires organizations to investigate nonconformities, implement actions to prevent recurrence, and evaluate the effectiveness of these actions.
    • Preventive action (Section 8.5.3) mandates proactive measures to identify and eliminate potential nonconformities before they occur, typically involving data trend analysis and risk assessment.
  • Risk Management Integration: ISO 13485 specifies that risk must be considered throughout the entire QMS. The risk management process (ISO 14971) must be integrated into early Design Controls (specifically section 7.3.3 of ISO 13485).
  • Post-Market Surveillance and Feedback: ISO 13485 requires feedback mechanisms (Section 8.2.1). This includes fulfilling regulatory requirements for a post-market surveillance system and reporting serious incidents and field safety corrective actions.

4. How does ISO 13485 compliance interact with European Union (EU) regulations?

ISO 13485 is the standard most closely aligned with EU medical device laws.

  • EU MDR (Regulation 2017/745): The EU MDR requires manufacturers to establish a robust QMS. The QMS requirements in the EU MDR largely correspond to the sections of EN ISO 13485:2016.
  • Specific MDR Fulfillment: Manufacturers must demonstrate that the ISO 13485 QMS fulfills specific MDR requirements, such as including requirements for risk management (Section 3 of Annex I of the Regulation) and for clinical evaluation (Article 61 and Annex XIV of the Regulation).
  • IVDR (Regulation 2017/746): Like the MDR, the EU IVDR requires manufacturers to document and assess the effectiveness of corrective and preventive actions, integrating them into their overall QMS.

5. What documentation support is available for implementing ISO 13485?

Consulting services and commercial tools are widely available to assist with implementation and maintenance.

  • Toolkits: Organizations offer ISO 13485 Documentation Toolkits that contain the required policies, procedures, and forms necessary to implement a medical device QMS according to the standard.
  • Training: Accredited ISO 13485 Online Courses are available for individuals and medical device professionals seeking training and certification.
  • QMS Integration: The standard is often implemented alongside other standards relevant to the medical device industry, such as ISO 27001 (cybersecurity), ISO 9001 (quality), ISO 14001 (environmental), ISO 45001 (health & safety), and GDPR (privacy).

Ready to see what Botable can do for you?

Book your demo now to see how Botable can transform your workplace.

Identify your unique challenges

Flexible pricing options

Easy integrations

Step-by-step implementation plan

Customize Botable for your workflow

Book a demo

Find out how Botable can answer your employee’s questions in just 30 minutes.