ISO 13485 – MDQMS

Medical Devices Quality Management System

ISO 13485

ISO 13485 is an international standard that deals with delivering medical devices and services that fulfill both regulatory and client requirements. In essence, ISO 13485 is a quality management system that focuses on medical devices. For companies involved in producing medical devices or delivering services, ISO 13485 offers a way to ensure quality with each job. Thanks to its flexibility, the medical devices industry can utilize ISO 13485 in any stage of its product life cycle development.

Why Is ISO 13485 Relevant?

While it’s mostly a self-contained document, the ISO 13485 standard is based on the ISO 9001 standard for quality management systems. However, a distinct difference between the ISO 13485 system and ISO 9001 is that the former only needs a company to implement and maintain the standard. The latter deals with continual improvement. Reaching compliance with ISO 13485 is the first step in achieving European regulatory requirements, which is necessary to get and maintain business within the EU. The international standard is noteworthy as it forms the basis of many other criteria globally. Compliance with ISO 13485 will almost guarantee compliance with different global standards or allow a business to adopt changes to bring about full compliance.

The Benefits of ISO 13485 For Businesses

A business stands to benefit significantly from implementing the ISO 13485 standards in its production of medical devices. As a quality management system, the standard ensures that companies can guarantee their products conform to a certain quality level. Among the benefits that the standard offers to companies include:


  • A reduction in costs. The standard makes processes within the company more efficient, allowing it to save money that would be wasted on extraneous steps within the process.
  • More trustworthy image to clients. In the world of medical devices, having a reputation for quality products ensures that clients will seek out your company and look forward to working with you.
  • Better risk management. Implementing ISO 13485 allows a company to have better practices to deal with risk within the processes. More effective risk management means better outcomes on a per-process basis.
  • More attractive to potential clients. Adhering to the ISO 13485 standard sends a message to potential clientele that you take your production processes seriously. Achieving certification requires going through the steps to ensure your production process is efficient. The accreditation is a sign to those clients that you meet international standards for production.
  • Become compliant with other regulatory systems. The standard serves as a basis for other regulatory frameworks, and by meeting compliance, a business may also be compliant with those external regulations. The standard has been recognized and adopted by the Global Harmonization Task Force (GHTF) as the MDQMS standard for the medical industry.
    ISO 9001 and ISO 13485

    The ISO 13485 standard is derived from the ISO 9001 standard, but there are some significant differences. A company looking to achieve ISO 13485 might want to look at ISO 9001 compliance first. If the business is already ISO 9001 compliant, it’s already halfway there to being compliant with ISO 13485. The differences between the standards come from the fact that ISO 13485 is focused on the medical devices industry while ISO 9001 is more general. Even so, having ISO 9001 certification can provide a boost to a company seeking ISO 13485 compliance, even though they don’t need to do so.

    Is ISO 13485 Mandatory?

    No ISO standard is mandatory, and the same goes for ISO 13485. Many medical device manufacturers don’t see it as feasible to put the time and effort into achieving compliance. However, even though the standard isn’t mandatory, it provides enough benefits to some businesses that it’s desirable. One of the best examples is the EU Medical Devices Regulations (MDR). While the EU MDR doesn’t require a company to be ISO 13485 compliant to operate within the zone, it does require that businesses have an established QMS. The ISO 13485 is the most effective way of ensuring the company has a working QMS in keeping with international expectations and standards. Thus, by meeting the standard, the business already achieves the requirements to operate within the EU.

    Free ISO Certification Cheat Sheet

    This handy cheat sheet provides an executive overview of ISO Certification process, ISO requirements and you’ll learn all the key steps to be fully ISO Certified.

    ISO 13485

    What is difference between ISO 9001 and ISO 13485?

    ISO 9001 and ISO 13485 high-level structure are different but there is a good overlap on individual clauses.
    The mandatory compliance requirements around the Documented Information, Internal Audit, Nonconformance, Corrective Actions, Management Review, Risk Management are the same for both standards.

    ISO 13485 focuses on the specific Medical Device product/service which is identified per the scope. Additionally, Regulatory requirements, health and safety, device master records, and device history files need to be defined and addressed.

    So short answer is, if you have a strong ISO 9001 framework, you are halfway there in meeting the ISO 13485 requirements.

    Please contact us at [email protected] for PPT for ISO 9001 VS ISO 13485

    What are the practical steps for ISO 13485 Certification?
    Stage 1: Discovery
    • Gap Analysis to identify the gaps as compared to standard requirements
    • Awareness Training
      Stage 2: Documentation & Implementation
    • Documentation
      Documenting Management System procedures, WI-based on document structure most suitable and value adds to the Organization.
    • Implementation
      Once documents are drafted, reviewed, and approved, process owners, will implement the documented processes. Management involvement for in-depth product /service-related risk assessment and management of DMR, DHF, and Medical Device Reporting process.

      Stage 3: Audit (Internal and External)
    • Internal Audit of the implemented QMS and Management Review is a mandatory requirement. An internal Audit program with an Internal Audit schedule and plan is required. Internal audit needs to be conducted by Trained Internal Auditors/External Contracted Auditors
    • After Internal Audit, External Audit can be scheduled and conducted.
      This entire process can take up to 6-8 months depending on the number of locations, employees, scope, number of processes, and resource commitment by the organization.
    Is the ISO 13485 certification applicable to distributors or merchant exporters?

    ISO 13485 is a Quality Management System for Medical devices applicable to the entire lifecycle for product and service. The processes involved from maintenance, post-manufacturing processes like packaging, shipping, and distribution are required to be compliant with the ISO standard. This in light of ensuring the accurate and quality performance of the product at the point of use. Hence all the support processes have to be certified to the standard.

    How long will it take to get certified?

    Certification timelines depend on multiple factors:
    Scope and Complexity
    Number of Locations
    Number of employees
    Resource allocation
    Timeline for certification ranges from 6-8 months depending on the factors above. Additionally, if the core process & standard operating procedures are defined, that makes the process go faster and the timeline of implementation is shorter. For a small size, organization certification can be achieved in 6 months. During the external audit, it will be very important that every process owner is able to demonstrate competence and awareness of their processes. Auditor will want to see a system that has been implemented for at least 3-4 months.

    What additional cost are associated with ISO certification and maintenance?

    While considering ISO certification it is very critical to understand the various costs incurred.

    These costs include:

    1st Year Cost

    Create and Charter ISO project (Quality Manager)
    External Registrar Cost+ Logistic Cost
    Consultant Support( if external consultant used)
    2nd Year Cost

    Surveillance Audit and Logistics cost.
    Soft Cost associated with Internal Audit, Reporting, and Maintenance of the QMS
    Recertification cost ( every 3 years)

    External Audit and Logistics cost