A Guide to ISO 13485 Certification

Learn about the ISO 13485 certification, its importance, benefits, process, and some FAQs. Also, see how a digital tool can help you prepare for certification.

Certificación ISO 13485 destacada

What is ISO 13485 Certification?

An ISO 13485 certification is a way to exhibit an organization’s compliance with the ISO 13485 standard created by the International Organization for Standardization (ISO) for the medical device manufacturing industry. Its current version is the ISO 13485:2016 standard, which is typically valid for 3 years as with other ISO certifications.

Why is ISO Certification Important to a Medical Device Manufacturer?

Complying with the ISO 13485 standard helps organizations establish a Quality Management System (QMS) that will let them build and sustain effective methods and processes in manufacturing medical devices. In addition, aligning your quality standards to internationally recognized guidelines enables your organization to ensure top-notch and streamlined systems in designing, producing, and distributing safe and well-functioning medical devices.

It’s also worth noting that many ISO standards are recognized by regulatory bodies like the US Food and Drug Administration (FDA) and patterned with similar standards from other parts of the world, such as the European Union (EU). Hence, being ISO-certified means you have a competitive advantage not just among similar organizations but also among international manufacturers of medical devices.

In summary, the following factors reinforce the importance of having an ISO 13485 certification:

What are the Benefits of ISO 13485 Certification?

Closely related to its importance, being certified for the ISO 13485 standard merits organizations the following major benefits:

  • Reduced need for repeating processes
  • Streamlined quality management
  • Recognition of being up to par with international industry standards
  • Increased profitability
  • Continuous customer satisfaction

Improve your GRC management

Simplify risk management and compliance with our centralized platform, designed to integrate and automate processes for optimal governance.

Explore now

ISO 13485 Certification Process

5 Steps of the ISO 13485 Certification Process

Depending on the business or organization, some of the initial requirements and steps on how to get an ISO 13485 certification may vary. Nonetheless, the following steps should be able to get you started:

1. Planning

This is where your organization plans how to establish your QMS and align it to the standard’s quality planning requirements. Part of such is to create a quality manual and provide an optimized method of documenting quality plans when implementing relevant changes to your QMS.

Apart from those, the following tasks must also be completed:

  • Obtain a copy of the ISO 13485 standard and other related documents.
  • Determine and establish relevant processes.
  • Assign internal auditors and teams to such processes.
  • Set a schedule, create workflows, and define guidelines for each process.
  • Conduct gap analyses for each task or process.
  • Provide ISO 13485 certification training for process owners.
  • Improve and finalize processes.
  • Standardize processes and document necessary records.

2. First internal audit

The first internal audit helps your organization to verify the effectiveness of your QMS even before the third-party certification body conducts the initial audit. This way, you can pinpoint nonconformities and their root causes from the get-go and design necessary actions to mitigate and address them.

Create your own ISO 13485 Audit Checklist

Build from scratch or choose from our collection of free, ready-to-download, and customizable templates.

Browse ISO 13485 Audit Checklists

3. Corrective actions

Based on the internal audit report, you can now determine if there are issues needing to be eliminated or areas needing improvement. This is where you initiate a Corrective and Preventive Action (CAPA) process. Such a quality management procedure will help you devise the necessary actions and process improvements to be done by everyone involved in those areas.

4. First management review

Just before applying for the third-party audit, it’s essential that you let your top management review your organization’s quality objectives. After the review, the management finalizes a list of action items found in internal audits and improvements to be implemented. The list can then be used as a guiding document for the next management review before applying for the certification.

5. Initial ISO 13485 certification audit

In this step, start by researching and choosing which third-party organization will conduct the certification among recognized ISO 13485 certification bodies. Then, the overall application for the certification begins—from filling out the form, reviewing it, and submitting it to the certification body. In most cases, this is where contract signing is also accomplished.

Furthermore, this step is comprised of two stages:

  1. Stage 1 (Documentation Survey) – The third-party auditor focuses on checking how well an organization documents its systems. Hence, the CAPA process, management review schedule, and overall QMS should be in place. Some of the documents you need to prepare for the first stage include the following:
    • Quality manual
    • Organizational chart
    • Internal auditing process and schedule
    • CAPA protocols and log
    • Management review process and findings
  2. Stage 2 (Primary Audit) – This is where you ensure that the rest of the ISO 13485 certification requirements are complete in your organization. The certification auditor now checks if all regulatory requirements have been met, especially those that are recognized in international markets. In addition, the auditor evaluates the effectiveness of your overall quality system by sampling records from each and every process your organization implements. Lastly, the second stage of the initial certification will also help you identify the schedule of surveillance audits (typically done yearly) and reassessment.


While having an ISO 13485 certification isn’t required for all medical device manufacturers, it’s highly crucial to have one to help them prove their efficiency and commitment to safety to the buying public. Hence, the certification applies to organizations regardless of type and size.

This type of certification is also essential when selling or distributing medical devices in global markets such as Canada and the EU. This is because manufacturers that are ISO 13485-certified follow international standards, making them aligned with country-specific requirements as well.

While third parties provide certification to companies, businesses, and manufacturers, they can’t issue ISO 13485 certification for individuals directly. However, an ISO 13485 auditor certification can be given after receiving relevant training. Certified auditors can then take charge of auditing other companies on their compliance with the standard.

Normally, an ISO 13485 certification is valid for up to 3 years. Also, annual surveillance audits are conducted to help organizations monitor their progress, as well as check if their current processes are up to date and if quality standards are still being followed.

Apart from having an ISO 13485 certification, organizations in the medical devices industry are also encouraged to be certified for the following ISO standards:

  • ISO 9001: Quality Management System (QMS)
  • ISO 14971: Medical devices – Application of risk management to medical devices
  • ISO 20417: Medical devices – Information to be supplied by the manufacturer
Patricia Guevara
Article by

Patricia Guevara

SafetyCulture Content Specialist
Patricia Guevara is a content writer and researcher for SafetyCulture. With her extensive content writing and copywriting experience, she creates high-quality content across a variety of relevant topics. She aims to promote workplace safety, operational excellence, and continuous improvement in her articles. She is passionate about communicating how technology can be used to streamline work processes, empowering companies to realize their business goals.