Understanding the Use of “Where Appropriate/As Appropriate” Within the ISO 13485:2016 Standard


Historically, the term “where appropriate” and/or “as appropriate” have been implied within the ISO 13485 standards as well as the FDA 21 CFR 820 Quality System Regulations. The FDA has always explained that “as appropriate” means it is appropriate unless you can justify why it isn’t appropriate. The recent changes in ISO 9001:2015 introduced the concept of risk-based thinking. Risk-based thinking establishes the foundation to make decisions based on the business risk – both positive and negative risk. The key is to make decisions based on a level of risk that is acceptable to an organization. ISO 13485:2016 also uses risk-based decision making as a foundation. The ISO references “where appropriate” 26 other times within the standard. Essentially, this was done to allow companies the flexibility to “right size” the QMS (quality management system) to meet appropriate business and regulatory needs.

Because the standard did not convert to the new ISO format there is no explicit clause related to risk-based thinking. As you can see below, the “where appropriate” requirement ties the risk- based thinking approach to business and QMS management. The risk-based thinking approach enables the organization to make better decisions about the processes and opportunities for overall improvement.

ISO 13485:2016 explicitly states in Clause 0.2:

“When a requirement is qualified by the phrase "as appropriate," it is deemed to be appropriate unless the organization can justify otherwise. A requirement is considered appropriate if it is necessary for:

  • Product to meet requirements
  • Compliance with applicable regulatory requirements
  • The organization to carry out corrective action
  • The organization to manage risks


Christine Park is a solution-focused, results-oriented Business Executive with extensive Business Development/Quality Systems/Regulatory Affairs Executive. An independent consultant and experienced trainer she has demonstrated success and business acumen to integrate quality into daily business activities while reducing costs. She takes a pragmatic, common sense approach to defining and establishing good business practice to achieve goals with quality and assurance to regulatory compliance. Christine has experience with Medical Device, Pharmaceuticas, Biologicals, Food Safety as well as general quality management systems. See more information on her website.

[ { "key": "fid#1", "value": ["GxP Lifeline Blog"] } ]