ISO 13485 Medical Devices Quality Management Systems Requirements for Regulatory Purposes


An audited and certified medical device quality management system issued by a third-party is often required, or strongly preferred, by regulatory authorities in most major markets such as EU, USA, Canada, Japan and Taiwan, for manufacturers that want to sell medical devices in these respective countries.
This International Standard is suitable for all sizes and types of organizations that are involved in the lifecycle of a medical device and are seeking for improvements on how they are operated and managed. It can be used by an organization for the design and development, production, installation and servicing of medical devices, and the design, development, and provision of related services.
Since the ISO 13485 International Standard is based on a process approach to quality management, apart from establishing a quality management system that complies with the standard, it is also essential to comply with product and service technical standards and regulations.
Despite the fact that ISO 13485:2003 is based on the ISO 9001:2000 quality management standard, it is still a stand-alone standard.
According to the latest ISO Survey of Management System Standard Certifications, up to the end of December 2013, at least 25, 666 ISO 13485:2003 certificates, a growth of 15 % (+3, 349), had been issued in 95 countries and economies, two less than in the previous year.
The table below summarizes the statistics of the ISO 13485 certifications around the world.
Statistics of the ISO 13485 certifications around the world.
Thus, ISO 13485 shows a 15 % increment from the past year.

The top three countries for the total number of certificates issued were the USA, Germany and Italy, while the top three for growth in the number of certificates in 2013 were the USA, China and Greece.

An overview of ISO 13485:2003

ISO 13485 specifies requirements where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer requirements and regulatory requirements applicable to medical devices and related services.
All requirements of ISO 13485 are specific to organizations providing medical devices, regardless of the type or size of the organization.
Quality standardization evolves with ISO 13485 by adding:
  • Greater emphasis on setting the objectives, monitoring performance and metrics;
  • Clearer expectations on management; and
  • More careful planning for and preparing the resources needed for ensuring quality.
What is a Quality Management System?
Quality management system is defined as a set of interrelated or interacting elements to establish policy and objectives for an organization and to achieve those objectives with regard to quality.
ISO 13485 applies to all types and sizes of organizations that wish to:
  • Establish, document, implement, maintain a QMS and maintain its effectiveness;
  • Assure conformity with the organization’s stated quality policy;
  • Demonstrate conformity to others;
  • Seek certification/registration of its QMS by an accredited third party certification body; or
  • Make a self-determination and self-declaration of conformity with this International Standard.
Key clauses of ISO 13485:2003
ISO 13485 is organized into the following main clauses:
Clause 4: Quality management system
Clause 5: Management responsibility
Clause 6: Resource management
Clause 7: Product realization
Clause 8: Measurement, analysis and improvement
Each of these key activities is overviewed below.
Clause 4: Quality management system
An organization shall establish and document their quality management system for medical devices, based on the requirements of ISO 13485.
Clause 5: Management responsibility
  • Top management shall support quality by:
  • Promoting the importance of quality;
  • Developing a quality management system; and
  • Implementing and maintaining the quality management system
There shall be focused attention on customers by expecting people and the organization to identify and meet these requirements.
A quality policy shall be defined and managed by top management through:
  • Ensuring that the quality policy serves the organization’s purpose and meets requirements; and
  • Communicating  the  policy  throughout  the  organization,  and  reviewing  it  to  ensure  its continued suitability.
Top management shall perform quality planning by:
Formulating quality objectives to ensure that they are set for all functional areas and organizational levels; and
Planning, developing, implementing, improving and modifying the quality management system.
Top management shall control the quality management system by:
  • Defining responsibilities and authorities;
  • Appointing a management representative; and
  • Supporting internal communications.
Top management shall carry out management reviews by:
  • Reviewing the quality management system;
  • Examining management review inputs; and
  • Generating management review outputs.
Clause 6: Resource management
The actions that should be taken to assure effective resource management in an organization are to:
  • Provide quality resources;
  • Provide quality personnel;
  • Provide quality infrastructure; and
  • Provide quality environment.
Clause 7: Product realization
The processes involved in the organization’s product realization are:
  • Control realization planning;
  • Control customer processes;
  • Control product design and development;
  • Control the purchasing function;
  • Manage production and service provision; and
  • Control monitoring devices.
Clause 8: Measurement, analysis and improvement
The processes that ensure the effectiveness of the measurement, analysis and improvement requirements are:
  • Performing improvement processes;
  • Monitoring and measuring quality;
  • Controlling nonconforming products;
  • Analyzing quality information; and
  • Taking required improvement actions.
Link of ISO 13485 with other standards
ISO 13485 is linked with several other medical device standards:
  • ISO/TR 14969:2004, Medical Devices – Quality Management Systems – Guidance on the application of ISO 13485.
This standard serves as guidance for the application of the requirements for quality management systems contained in ISO 13485. It provides guidance on how to understand the requirements of ISO 13485 and explains different methods that are available for meeting the requirements of ISO 13485.
  • ISO 14971:2007, Medical Devices – Application of risk management to medical devices.
This standard specifies the requirements for application of a risk management system for medical devices. It specifies a process for a manufacturer to identify the hazard associated with medical devices, including in vitro diagnostic (IVD) medical devices, to estimate and evaluate the associated risks, to control these risks, and to monitor the effectiveness of the controls.
ISO 13485 opposed to ISO 9001
As mentioned above, ISO 13485 is based on the structure of ISO 9001, even though it is a stand-alone standard.
Despite that both standards are organized in the same way, ISO 13485 excludes ISO 9001 requirements related to continual improvement and customer satisfaction. The reasons for this exclusion are that most medical device regulations require organizations to maintain their quality management systems instead of improving them; and committee members thought that customer satisfaction was too subjective to indicate in ISO 13485.
What are the business benefits of quality management?
As with all the major undertakings within an organization, it is essential to gain the backing and sponsorship of the executive management. By far, the best way to achieve this is to illustrate the positive gains of having an effective quality management process in place, rather than highlight the negative aspects of the contrary.
Today an effective quality management system is not about being forced into taking action to address external pressures, but its importance relies on recognizing the positive value of quality management when good practice is embedded throughout your organization.
Business benefits of quality management
 The adoption of an effective quality management process within an organization will have many benefits in a number of areas:
  • Extended market access through meeting regulatory requirements;
  • Increased revenue through meeting customer requirements;
  • Increased efficiency;
  • Reduced cost of sales;
  • Improved performance;
  • Staff motivation;
  • Better definition of roles and responsibilities; etc.
Implementation of QMS with IMS2 methodology
Considering the well documented benefits of implementing a Quality Management System based on ISO 13485, makes the proposal easier to decide on.
Most companies now realize that it is not sufficient to implement a generic, “one size fits all” quality plan. For an effective response, with respect to maintaining the quality management system, such a plan must be customized to fit to a company. A more difficult task is the compilation of an implementation plan that balances the requirements of the standard, the business needs and the certification deadline.
There is no single blueprint for implementing ISO 13485 that will work for every company, but there are some common steps that will allow you to balance the frequent conflicting requirements and prepare you for a successful certification audit.
PECB has developed a methodology (please see example below) for implementing a management system; the “Integrated Implementation Methodology for Management Systems and Standards (IMS2)”, and it is based on applicable best practices. This methodology is based on the guidelines of ISO standards and also meets the requirements of ISO 13485.
Plan, Do, Check, Act Cycle
IMS2 is based on the PDCA cycle divided into four phases: Plan, Do, Check and Act. Each phase has between 2 and 8 steps for a total of 18 steps. In turn, these steps are divided into 101 activities and tasks. This ‘Practical Guide’ considers the key phases in your implementation project from start to finish and suggests the appropriate ‘best practice’ for each one, while directing your to further helpful resources as you embark on your ISO 13485 journey.
QMS project phases, steps, activities and undefined tasks.
The sequence of steps can be changed (inversion, merge). For example, the implementation of the management procedure for documented information can be done before the understanding of the organization. Many processes are iterative because of the need for progressive development throughout the implementation project; for example, communication and training.
By following a structured and effective methodology, an organization can be sure it covers all minimum requirements for the implementation of a management system. Whatever methodology used, the organization must adapt it to its particular context (requirements, size of the organization, scope, objectives, etc…) and not apply it like a cookbook.
Steps for getting certified
Steps for Obtaining a PECB certification