March 5, 2022

QMS – ISO 13485

A medical device quality system is a structured system of procedures and processes covering all aspects of design, manufacturing, supplier management, risk management, complaint handling, clinical data, storage, distribution, product labeling, and more. Most medical devices will require some form of a Quality Management System (QMS); the complexity of the QMS will vary based on the classification of the device.

For example, companies making medium-risk (Class II) or high-risk devices (Class III) devices will require a different QMS implementation than companies making low-risk, non-sterile, non-measuring, non-reusable surgical instrument devices (Class I).

Importance of ISO 13485

The standard is important to various parties including manufacturers and distributors of medical devices. In addition, suppliers and providers can enhance their marketability with this certification as manufacturers require ISO 13485 certification in order to do the business. 

The FDA has proposed a rule to harmonize USFDA 21CFR 820 with ISO 13485:2016 making ISO 13485 the FDA’s mandatory QMS for Medical Devices.

ISO 13485 Medical Device Quality Management Systems

ISO 13485: 2016

The International Standard ISO 13485:2016 can be used by internal and external parties, including certification bodies, to assess the organization’s ability to meet customer and regulatory requirements applicable to the QMS and the organization’s own requirements.

The International Standard ISO 13485:2016 is based on a process approach to quality management. Any activity that receives input and converts it to output can be considered as a process. Often the output from one process directly forms the input to the next process.

Reasons to update ISO 13385:2003 to ISO 13485:2016 

Evolution of Medical Device regulation since 2003

a) Shift in focus to risk management and risk based decision making processes

b) ISO 13485:2016 no longer aligns with the current version of ISO 9001, but rather aligns with the previous revision, ISO 9001:2008

c) Basically, ISO 13485:2016 = ISO 9001:2008 + additional requirements specific to medical devices arranged in 8 clause format. Additionally, ISO 13485:2016 has common requirements to address FDA 21 CFR 820. 

Overview of ISO 13485:2016

The standard contains requirements arranged in 8 clauses which are briefly explained below:

Clause 1: Scope

Talks about the standard and how it applies to organizations and 

a) The importance of process approach

b) Inclusion of regulatory requirements of company’s products and services

c) Processes in place for continual improvement

Clause 2: Normative reference

It outlines the QMS’s fundamentals and vocabulary.

Clause 3: Terms and Definitions

Gives definition used in the standard, from ISO 9001:2008 and other definitions specific to medical devices.

Clauses 4-8 are the ISO 13485:2016 requirements that need to be met within the organization to become certified under ISO 13485.

Clause 4: General requirements 

– Outlines the overall QMS documentation requirements, including:

-Quality Manual with Scope of the QMS

-Required Procedures

-Required Forms & Records

-Control of Documents

-Control of Forms

Clause 5: Management Responsibility 

Outlines the management’s role in the QMS

-Management Responsibility

-Quality Policy & Objectives

-Customer Focus & Customer Satisfaction

-Management Review

Clause 6: Resource Management 

Outlines the requirements for resources including:

-Personnel and training

-Resource management

Clause 7: Product Realization

-The clause outlines following requirements:

-The production of the product or service

-Planning

-Customer related processes and Customer Feedback

-Design

-Purchasing

-Process control

-Identification and Traceability

-Customer Property

Note: Majority of section 7 is modified from ISO 9001:2008

Clause 8: Measurement, Analysis and Improvement

The clause outlines the requirements on monitoring processes and improving the below processes which includes:

-Customer Satisfaction

-Internal Audits

-Control of Non-Conforming Product

-Corrective and Preventive Action

Note: Majority of section 8 is modified from ISO 9001:2008

ISO 13485:2016 certification

“ISO 13485 Certified” means an organization has implemented an ISO 13485 QMS and successfully met all of the applicable requirements in the standard. ISO 13485 evaluates whether the company’s QMS is appropriate and effective while emphasizing on the safety and effectiveness of medical devices.

To become ISO 13485 certified, an organization must –

a) Follow steps to implement ISO 13485 QMS 

b) Next, a certification body audits the performance of the organization against the latest version of standard requirements. Once the audit is successfully completed, the auditing body issues ISO 13485 certificate demonstrating that the organization is registered to ISO 13485 for a period of three years

c) Recertification has to be completed every three years to maintain the ISO 13485 status

Benefits of being ISO 13485: 2016 certified

-The beneficial outputs of an effective audit include:

-Meaningful feedback on the effectiveness of the QMS

-Confidence in compliance with regulations

-Identification of areas requiring attention

-Detection of areas of non-compliance and risk

-Reporting and certification that is valuable and recognized

Conclusion

ISO 13485 is the best internationally accepted model for a medical device organization to help demonstrate compliance to laws and regulations of the medical device industry.

Certified organizations are able to demonstrate the effective interconnectivity of their processes. It is essential to be able to demonstrate how outputs from complaints can feed into processes such as management review, improvement processes, Technical Documentation and risk management updates, etc.

KN CONSULTING AND SERVICES is a well-oiled marvel in the field of Medical devices regulatory consulting. We can provide you with flexible and detailed planning and consulting services suiting to your needs.

Other Resources
Quality assurance

History: The Medical Audit Single Audit Program (MDSAP) was developed by the International Medical Device Regulators Forum (IMDRF) to allow third party auditors to conduct a single audit of a medical manufacturer that covers ISO 13485:2016 and the respective regulatory requirements. A working group was established for MDSAP in 2012. Then, IMDRF initiated a three […]


November 12, 2022 | 4 mins Read

Hop on this transformational journey with us.

Contact Us