ISO 13485 Certification Overview

ISO 13485 is a series of requirements to help medical device manufacturers develop and maintain a quality management system (QMS). The intent of ISO 13485 is to harmonize international regulatory requirements for medical devices. While this standard is not required in the United States, it is required in other countries as a regulatory standard. This makes going through the ISO 13485 certification process ideal for companies hoping to enter international markets.

Free Resources

Select all the resources you’re interested in downloading

ISO vs. CFR Comparison

The FDA equivalent of ISO 13485 is 21 CFR 820. Although becoming ISO 13485 certified will not satisfy the requirements of Part 820, there is some overlap between the two. ISO focuses on developing and maintaining a QMS, and Part 820 focuses on good manufacturing practices (GMPs) for medical devices. However, the differences between the regulation and standard may be diminishing. Recently, the FDA announced that it intends to use ISO 13485 as the basis for revisions to 21 CFR 820.

How to Get ISO 13485 Certified

  • Planning the Quality System: Create a quality plan that covers all 19 procedures required for ISO 13485 certification and the requirements for a Quality Manual. Make sure you identify the resources needed to execute the plan and ensure that you have or will have them.
  • Meeting Regulatory Requirements: Identify the markets that you need regulatory approval in, the requirements for approval, and what certification body you want to work with.
  • Implementing Design Controls: For the purposes of ISO 13485 certification, design control requirements include design planning, design input, design output, design reviews, design verification, design validation and design changes.
  • Tracking Documents, Records and Training: Quality procedures need to be in place to ensure that every change to a document is recorded and that those changes are effectively communicated to employees.
  • Managing Your Quality Processes: This includes corrective action preventive action (CAPA), internal auditing and management reviews.
  • Auditing and Responding to Findings: An initial ISO 13485 certification requires a two-stage audit. If any issues are found during either stage, you must draft corrective action plans.

ISO 13485 Certification Requirements

The main requirement for ISO 13485 certification is a comprehensive quality management system (QMS) that allows companies to meet regulatory requirements. The certification audit, mentioned above, includes a record review during stage 1 and a full audit of the remaining QMS processes in stage 2. Major issues may require a second audit, but minor issues can be resolved with corrective action plans. After the auditor accepts the corrective action plans, certification is typically completed within a month.

History of ISO 13485 Revisions

ISO 13485 was first published in 1986, and has since been revised in 1996, 2003 and 2016, the last of which is the current version. Every five years ISO reviews its standards and makes updates. Updates in the 2016 version include:

  • Risk management must be applied to all quality processes, not just design control.
  • An increased focus on supplier controls and feedback.
  • Increased clarification regarding validation, verification and design activities.

MasterControl Quality Management

The MasterControl quality management suite consists of configurable, easy-to-use and connected applications. The suite helps companies meet the requirements of ISO 13485 certification and 21 CFR Part 820 by automating, streamlining and effectively managing the following applications: document control, change control, training control, audits, corrective/preventive action (CAPA), customer complaints, and other documents and forms-based quality and business processes. Best of all, MasterControl does it all under a single Web-based platform.

FDA & MasterControl

Organizations all over the world use MasterControl software solutions to ensure compliance – including organizations that enforce compliance. The U.S. Food and Drug Administration (FDA) became a MasterControl customer in 2009. Since then, the FDA has expanded its use and now multiple divisions of the Agency use MasterControl software solutions.

[ { "key": "fid#1", "value": ["Everything else"] } ]