What is ISO 13485?

ISO 13485 What Is it?

ISO 13485 isn't just another hoop to jump through; it's your ticket to credibility and compliance in the fiercely regulated world of medical devices regulated by international organization. So, buckle up, because we're diving deep into what this standard entails and why it's crucial for your success.

First off, ISO 13485 sets the gold standard for quality management systems (QMS) specifically tailored for medical device manufacturers. It's like your roadmap, guiding you through the complex landscape of regulations and requirements, ensuring that your products meet the highest standards of safety and efficacy.

Now, who should care about ISO 13485? Well, if you're in the business of making medical devices, whether you're a startup or a seasoned player, this international standard is for you. It's not just for large organizations; even the smaller players need to abide by the rules.

So, what's the big deal with ISO 13485? Let's break it down. Design controls? Check. Management plan template? Check. Clinical trials? You bet. This standard covers everything from product conception to retirement, ensuring that every step of the way is meticulously documented and controlled.

And let's talk about risk and risk management planning. ISO 13485 requires you to identify, assess, and mitigate risks at every stage of the product life cycle ensuring best practice application. From new hazards that pop up during development to unforeseen issues in the field, you need to stay one step ahead with a robust risk control measure in place.

What is ISO 13485?

ISO 13485 outlines the requirements for Quality Management Systems (QMS), specifically tailored to the unique needs and regulatory demands of the medical device industry. This standard serves as a guiding framework for organizations involved in the design, manufacture, and distribution of medical devices, ensuring that they adhere to stringent quality standards and regulatory obligations.

By adhering to ISO 13485, medical device companies can establish robust quality management systems that encompass every facet of their operations, from product development to post-market surveillance. This comprehensive approach not only fosters product safety and efficacy but also bolsters organizational efficiency and customer confidence.

In our recent video guide, we delve deeper into the intricacies of ISO 13485, offering insights into its key principles and practical implementation strategies. Whether you're a seasoned industry professional or a newcomer to the medical device arena, understanding and complying with ISO 13485 is essential for navigating the complex regulatory landscape and ensuring the highest standards of quality and safety in medical device manufacturing.

Why ISO 13485 is important?

The significance of ISO 13485, titled "Quality management systems - Requirements for regulatory purposes," cannot be overstated. This comprehensive standard serves as a cornerstone for the medical device industry, outlining the essential components of quality management systems (QMS) while aligning them with regulatory mandates.

The inclusion of "Requirements for regulatory purposes" in the standard's title underscores its critical role in ensuring compliance with stringent regulatory frameworks governing medical devices. Organizations operating within this sector must adhere to ISO 13485 to demonstrate their commitment to delivering medical devices, products and services that consistently meet customer expectations and comply with applicable regulations through a Quality Management System.

Compliance with ISO 13485 entails more than just implementing a set of procedures; it represents a commitment to excellence in every aspect of medical device manufacturing and distribution. By establishing and maintaining a robust QMS in accordance with ISO 13485, organizations can instill confidence in their stakeholders, from customers to regulatory authorities.

Whatsmore, ISO 13485 serves as a roadmap for organizations seeking to navigate the complex regulatory landscape governing medical devices. It provides clear guidelines for addressing regulatory requirements while fostering a culture of continuous improvement and innovation within the organization.

In essence, ISO 13485 is not merely a set of guidelines—it's a strategic tool that empowers organizations to enhance the quality and safety of their medical devices, foster regulatory compliance, and ultimately, ensure the well-being of patients worldwide.

Such organizations can be involved in one or more stages of the life-cycle, including design and development, production, storage and distribution, installation, or servicing of a medical device and design and development or provision of associated activities (e.g. technical support). ISO 13485:2016 can also be used by suppliers or external parties that provide product, including quality management system-related services to such organizations to achieve regulatory compliance. The size of the organization does not affect the requirements or compliance with ISO or your quality processes.

ISO 13485:2016 is the current version of this standard and is a harmonized standard for the Medical Device Regulation and a recognized standard for FDA. That means that for both legislation (and others as well), this standard serves as the reference for requirements for quality management systems for medical device companies.

Evolution of ISO 13485

The evolution of ISO 13485 underscores its critical role in shaping the quality management landscape within the medical device industry. With the current iteration, ISO 13485:2016, organizations are equipped with a single, comprehensive standard that streamlines and enhances quality management practices specific to medical devices.

The journey to ISO 13485 began with predecessors such as the EN 46001 standard, which necessitated integration with ISO 9001:1994. The initial iteration, ISO 13485:1996, was closely aligned with ISO 9001:1994, reflecting the foundational principles of quality management. However, the subsequent revisions and updates have propelled ISO 13485 into its own realm, tailored specifically to the unique requirements and challenges of the medical device industry.

While ISO 9001 serves as the basis for ISO 13485, it's essential to recognize that compliance with one does not automatically ensure compliance with the other. Each standard maintains its distinct certification scheme, emphasizing the need for organizations to adhere to the specific requirements outlined in ISO 13485 to avoid the risk of nonconforming products.

ISO 13485:2016 encompasses a comprehensive framework for establishing and maintaining effective quality management systems (QMS) tailored to the complexities of medical device manufacturing. From design controls to risk management and regulatory compliance, this standard serves as a guiding beacon for organizations striving to uphold the highest standards of quality and safety in the production and distribution of medical devices.

By aligning their practices with ISO 13485, organizations can not only demonstrate their commitment to excellence but also enhance their competitiveness in the global marketplace. With patient safety at the forefront, ISO 13485 provides a roadmap for continuous improvement, innovation, and regulatory compliance, ensuring that medical devices meet the highest standards of quality and efficacy.

Scope of ISO 13485

ISO 13485 specifies requirements for quality management systems of organizations that provide medical devices and related services. This means that not only medical device manufacturers and/or subcontractors can or should use this standard. It also means that suppliers or external parties that provide products, including QMS-related services to these organizations can use this standard. This is why Matrix Requirements, as a platform provider for both product documentation as well QMS documentation is as well ISO 13485 certified.

Main elements of ISO 13485?

The Quality Management System should be based on a process-approach, which combines Plan-Do-Check-Act (PDCA) with a risk-based approach and can significantly impact customer satisfaction of your Medical Device.

Throughout all processes within the Quality Management System, the idea is that the organization defines and plans what they will be doing, implement it and make sure that there is a verifyable output from the processes. In case the output does not match the plan, improvements should be defined and implemented to avoid the same errors from happening again.

De PDCA cycle ensures you think about the planning, implementation and verification of all processes of your Quality Management System (QMS). A risk-based approach enables the organization to think about factors that could cause deviations from the planning. Combined, it shows how all processes are interlinked and how the organization can reduce as much as possible negative effects and deviations.

The ISO 13485 standard serves as a comprehensive framework for ensuring the quality and safety of medical devices, encompassing five main sections that delineate essential components of a robust quality management system (QMS).

  1. Quality Management System: At the core of ISO 13485 lies the establishment and maintenance of a quality management system tailored to the unique requirements of the medical device industry. This section outlines the necessary processes, procedures, and documentation needed to ensure compliance with regulatory standards and meet customer expectations.

  2. Management Responsibility: This section highlights the crucial role of management in driving quality and regulatory compliance within the organization. It emphasizes the need for leadership commitment, allocation of resources, and establishment of policies that support the objectives of the QMS.

  3. Resource Management: Effective resource management is essential for the successful implementation of a QMS. This section addresses the allocation of human, financial, and infrastructural resources to support the design, development, and manufacturing of medical devices while ensuring compliance with regulatory requirements.

  4. Product Realization: The product realization process encompasses all stages of the medical device lifecycle, from initial design and development to manufacturing, distribution, and post-market surveillance. This section outlines the requirements for planning, risk management, design control, and validation to ensure the safety and efficacy of medical devices.

  5. Measurement, Analysis, and Improvement: Continuous improvement is a fundamental principle of ISO 13485. This section emphasizes the importance of monitoring and measuring processes, analyzing data, and implementing corrective and preventive actions to enhance the effectiveness of the QMS and drive ongoing improvement in product quality and regulatory compliance.

By adhering to the guidelines outlined in these five sections, organizations can establish a robust QMS that not only ensures compliance with regulatory standards but also enhances customer satisfaction and promotes the safety and efficacy of medical devices throughout their lifecycle.

Quality Management System

Section 4 of ISO 13485 is the first section with actual requirements in the standard. It is subdivided in General Requirements and Documentation Requirements.

General requirements

The General Requirements paragraph defines that organizations need to establish and implement a Quality Management System (QMS), using the ISO 13485 standard but as well incorporating applicable regulatory requirements.

This means that the first few actions are:

  1. Establishing the scope of the QMS: what are the activities of the company? Which processes will be covered by the QMS?

  2. Defining the applicable regulatory requirements and making sure the processes are adapted to them

  3. Defining which internal and external factors might be influencing the QMS and applying a risk-based approach to them. If you want to learn more about process related risk-based approach, please download our ebook.

Furthermore it is important to take into account that even when you outsource certain activities/processes or you make use of tools, you as an organization still carry the full responsibility. Therefore, you have to implement certain ways to verify and validate that everything goes according to plan. If you are interested in learning more about software validation, please read our post on this topic.

Documentation requirements

In terms of documentation, ISO 13485 requires you to have Quality Management System (QMS) documentation in place that shows how the QMS works, starting from the high level Quality Manual, Quality Policy and Quality Objectives down to more detailed procedures and work instructions. Records are a specific type of documents that provide proof of the output of certain processes for your Medical Device. All documents within the QMS need to be controlled. If you want to learn more about how MatrixQMS can help with this effort, please check our webpage.

The standard defines in the different paragraphs whether or not a procedure needs to exist. However, organizations are not limited to these procedures. In general, a company should create as many procedures and work instructions that are needed for it to work in an efficient way, with a minimum of what is required by the ISO 13485 standard and other applicable regulatory requirements.

Management responsibility

There is an active role for top management in the establishment and maintenance of the Quality Management System (QMS) according to the ISO 13485 standard. In the PDCA cycle, top management needs to make sure the planning and resources are available for the organization to implement an effective QMS.

Top management of your Medical Device organization is responsible for making sure there is a Quality Policy that is in line with the company vision and the regulatory requirements and that the company adheres to this policy. They have a responsibility to plan, delegate authority, and communicate effectively. They are also responsible for a periodic review of operations and improvement within the organization, known as the Management Review

Resource management

As a requirement within ISO 13485, top management must ensure that adequate resources are available to effectively establish, implement and manage the Quality Management System (QMS) and its processes. These resources can refer to personnel, trainings, infrastructure, consumables, equipment, etc. This can be anything from establishing specific workflows to planning long term changes. 

Product realization

A Medical Device organization has to control the full cycle of product realization, from concept to implementation. Not only does this need to be planned, it should be documented as well within your Quality Management System (QMS). The ultimate goal is to produce safe and performant medical devices within the framework of the Quality Management System. This means there should be processes established to control the design and development, the transfer to production, the production itself and further processes that might follow such as installation and servicing activities. If you want to learn more on how Matrix can help documenting the design of your medical device, management system or Quality Management System, request a demo.

The key is to follow the process from planning to inputs, outputs to review, onward to verification, followed by confirmation through validation for your Medical Device Quality Management System. Transferring ideas, deisgn control (controlling the design), documenting any required changes, and retaining any and all files included in the process is critical in product realization. Defining and managing resources such as supplies, retaining critical information associated with each product, and determining how to verify these products should be clearly documented within a procedure for your Medical Device compliance.

Monitoring and maintaining equipment, as well as ensuring that identification requirements are met for the device itself, are also components of product realization.

Ensuring traceability, managing customer property, and ensuring preservation of product are also requirements of ISO 13485 and should be implemented in your Quality Management System.

Measurement, analysis, improvement for your Medical Device

In the second half of the PDCA cycle, you are supposed to check the output of your processes and act to improve if needed for your Medical Device design controls. In order to do so, you need to collect feedback. Feedback about your products, but as well about the effectiveness of your processes.

You can look at customer feedback, analyse complaints, look at the reportable incidents and react on internal audit findings. All of these are different sources of feedback.

In order to comply with ISO 13485, you should define all data that can provide input and feedback and analyze them so that you can ensure your Quality Management System (QMS) remains efficient and in line with what has been planned for. Furthermore, it is a way to ensure that the products that are being produced within the framework of this Quality Management System (QMS) remain safe and performant and as intended for your Medical Device.

Adopting ISO 13485 establishes a regulatory compliance framework for medical device organizations, ensuring they meet both international standards and specific requirements for medical devices, including those for implantable and sterile medical products. This compliance with ISO is fundamental for achieving customer satisfaction and ensuring product safety through effective quality management systems (QMS).

It mandates comprehensive monitoring and measuring of manufacturing processes, work environment conditions, and supply chain management to enhance product quality and safety.

The role of a notified body is crucial in validating compliance, especially for devices requiring CE marking to enter the European market. ISO 13485's Quality Management System (QMS) requirements are designed to ensure a practical foundation for product realization processes, supported by eQMS software and best practices in document control, complaint handling, and management reviews.

These efforts are aimed at streamlining processes, from design control to production and post-production, focusing on risk management, customer requirements, and the improvement of manufacturing medical devices.

With a focus on specific requirements for medical devices, including active implantable medical devices, the standard emphasizes the importance of roles and responsibilities, the establishment and implementation of quality management systems, and the effective solution of adopting ISO to ensure regulatory and customer compliance.

The realization efforts extend to the entire product lifecycle, promoting a culture of continuous improvement and preventive actions.

By leveraging software tools, like ROI calculators and seeing interactive demos, organizations can calculate their ROI, demonstrating the tangible benefits of certified quality management software in enhancing device quality management, supply chain efficiency, and overall organizational effectiveness.

ISO 13485 serves as a guide to ISO certification, providing a clear pathway for medical device manufacturers to market their devices globally, ensuring they meet the additional requirements of the EU Medical Device Regulation (MDR) and other regulatory authorities, thereby supporting the industry's quality aspirations and commitment to patient safety.

ISO 13485 not only ensures compliance with medical device regulations but also fosters innovation and continuous improvement in manufacturing processes, enabling companies to deliver safe and effective products while mitigating risk and optimizing the medical benefits for patients worldwide, all within established risk management frameworks and acceptable levels of failure mode effects for medical devices.

How Matrix Requirements can help you with ISO 13485 certification?

At Matrix, we know from experience that creating and maintaining documentation for medical devices within an effective quality management system (QMS) is no easy task. We understand that a QMS needs to be more than just a repository for documents during audits—it should be tailored to fit the organization's needs and facilitate rather than impede progress. With our MatrixALM and MatrixQMS software solutions, we aim to assist companies in building and maintaining their documentation, both for the products they develop and their QMS and ALM. Our platform centralizes everything from technical documentation and change control to internal audits and corrective and preventive actions. By providing a single, interconnected platform, we help our customers maintain traceability and ensure compliance throughout their journey to certification and beyond for their medical devices.

About the Author
Ann Vankrunkelsven
RA/QA Manager