ISO 13485:2016

Learn more about the international standard for the QMS of medical device life cycles

Medical manufacturing facility

Published 18 Oct 2021

What is ISO 13485?

ISO 13485:2016 is an international standard for the Quality Management System (QMS) of organizations and providers of activities involved in the design, manufacture, distribution, servicing, and disposal of medical devices.

As an internationally accepted standard set by the International Organization for Standardization (ISO), companies with ISO 13485:2016 certification are recognized to produce medical devices that consistently perform according to specifications, meet the high expectations of the healthcare industry, and operate in compliance with regulations.

Why is ISO 13485 Important?

It cannot be stressed enough how the quality of medical devices impact the quality of services that the healthcare industry provides. Having a benchmark for the standardization of medical devices’ production, distribution, servicing, and disposal gives the assurance that medical devices are of high quality, will do no harm to the patient and medical professional when used correctly, and will perform as expected.

During the first quarter of 2020, there were individuals and groups that initiated the use of 3D printers to supplement the urgent need of valves for ventilators when the COVID-19 pandemic began. It was a quick and creative solution that helped save lives when hospitals ran out of ventilator valves during a COVID-19 surge and patients were pouring in.

The unorthodox method of producing ventilator valves, however, raised concerns over the safety of materials used to produce the 3D-printed ventilator valves, risk of contamination, and other possible legal issues. There are authorized bodies that have since provided guidelines to facilitate the safe and legal production of 3D-printed medical devices and recognized ISO 13485:2016 as a benchmark for validating production processes.

Differences Between ISO 9001 and ISO 13485

ISO 9001 is the foundation for a variety of QMS-based ISO standards aimed to ensure the best quality of products and services, among which is ISO 13485:2016 intended for medical devices. That said, ISO 9001:2015 and ISO 13485:2016 have essential differences:

ISO 9001:2015 ISO 13485:2016
Used by a variety of organizations from different industries and can serve as the basis of their QMS. Designed exclusively for the QMS of organizations involved in any of the life-cycle of medical devices.
Puts emphasis on the enhancement of customer satisfaction. Prioritizes safety and performance of medical devices.
Requires documentation of processes for the implementation of QMS according to the standard. Because of the nature of the products manufactured, the required recordkeeping or documentation is more extensive and necessitates traceability.

If a company is involved in the life-cycle of medical devices, they may find that ISO 13485 is more appropriate for their QMS needs.

History of the ISO 13485 standard

The first iteration of ISO 13485 was published in 1996 and it was created based on two standards: ISO 9001:1994 and EN 46001. Together with ISO 13488 intended for suppliers, ISO 13485 provided a framework for the QMS of medical device manufacturers. ISO 13485:2003 was later published as an updated standard and it replaced both 1996 versions ISO 13485 and ISO 13488.

ISO 13485:2016 is the current version of the standard and it was based on ISO 9001:2008.

As a side note, ISO 13485:2016 was already being worked on for years before ISO 9001:2015 came out and both were ready for release with 6 months in between them. This is why ISO 13485:2016 was based on an older version of ISO 9001.

ISO 13485 Requirements

Here is a summary of the requirements for compliance with the ISO 13485:2016 standard:

Management Controls

  • ISO 13485 requires the need to define the scope of QMS as well as procedures and processes involved in the implementation of QMS
  • Methods for monitoring effectiveness of processes
  • Management reviews are done at least once a year
  • Training needs are addressed and auditors are competent

Design and Development

  • Products are subjected to design controls and risk management is applied
  • Ambiguous and conflicting design requirements are addressed
  • Product is subject to review, verification, and validation at each stage
  • Independent reviewers are included

Corrective and Preventive Actions (CAPA)

  • CAPA procedures comply with regulations
  • Quality issues and device failures are analyzed
  • Controls are in place to prevent non-confirming products from being released
  • Quality issues are communicated to personnel and management

Medical Device Reporting (MDR)

  • MDR procedure comply with regulations
  • MDR reportable events are identified
  • Complaint files are accessible
  • Complaint investigations properly identify the device involved

Production and Process Controls (P&PC)

  • Requirements are defined for suppliers, contractors, and consultants
  • Acceptable suppliers, contractors, and consultants are identified
  • Rejects are removed and handled properly
  • Software driven processes are validated for users

Sterilization Process Controls

  • Sterilization processes and equipment calibration processes are current

Purchasing Controls

  • Suppliers are evaluated to ensure that they meet requirements
  • Records of supplier evaluations are maintained

Documentation and Records

  • Secures and maintain sound recordkeeping with quality system record in place
  • Change records are subject to review and approval
  • Supplier records are maintained
  • Sterilization records are maintained for each batch

Customer Requirements

  • Customer and regulatory requirements are reviewed and addressed

Technical Files

  • Documentation is maintained and addresses the product, sterilization, labeling, and other requirements

ISO 13485 Audit Template

Organizations that wish to get third-party certification for the ISO 13485:2016 standard can utilize gap analysis tools or internal auditing forms like this audit template to identify areas for improvement in implementing processes that are intended to conform with the standard. Review this ISO 13485 audit checklist for internal audits and download for free as PDF or as a digital checklist on the iAuditor mobile app so you can begin your internal audits right away.

How to Prepare for ISO 13485:2016 Certification

It takes time, resources, and a concerted effort to get third-party certification. See these tips to get an idea on how to prepare for ISO 13485:2016 certification.

  1. Review and get a better understanding of the ISO 13485:2016 standard.
  2. Identify areas for improvement in the current QMS by conducting internal audits of processes using an ISO 13485 audit checklist to ensure alignment with the standard’s requirements.
  3. Formulate training programs based on learnings from the internal audits. Use training tools that can help improve QMS and address areas for improvement.
  4. Perform quality monitoring audits and maintain good recordkeeping of results. All parties involved should be kept in the loop.
  5. Ensure competency needs are met and coordinate with a third-party auditor for ISO 13485:2016 certification.

ISO 13485 Software

Help in implementing QMS that is aligned with ISO 13485:2016 with the use of a powerful auditing software used around the world for quality and safety. iAuditor by SafetyCulture can help capture and correct gaps in quality and efficiently utilize resources as your organization prepare for ISO 13485:2016 certification. With iAuditor, you can:

  • Conduct mobile ISO 13485 audits and automate reporting
  • Empower teams to implement efficient monitoring procedures and analysis
  • Secure recordkeeping that is essential for the standard