Practical FAQ about ISO 13485

What is the ISO 13485 Standard?

The ISO 13485 Standard is an International Standard which specifies requirements for a quality management system to be be used by an organization involved in designing and/or producing medical devices. The standard refers to one or more stages of the life-cycle of the medical device. The standard can be used also by suppliers or other external parties providing products or services like raw materials, components, subassemblies,  sterilization services, calibration services, distribution services, maintenance services to be used in the realization of the medical device.

Can a certified Manufacturer market its Medical Devices?

Not automatically. Different markets in different regulatory environments have all sort of regulatory requirements. One of these requirements may be compliance to the ISO 13845 Standard requirements. But it is only one requirement. In other words, merely the certification does not yet mean you are entitled to market it.

Why is the Certification for the ISO 13485 Standard required?

Implementing the ISO 13485 promotes organizations to maintain quality management system that will ensure the manufacturing or provision of materials or services for the production of medical devices under controlled environment. This controlled environment is required for the compliance with regulatory requirements.

What makes the ISO 13485 Quality Management System so unique?

The ISO 13485 Standard is demanding the development and implementation of concepts such as:

• Definition of the scope of the quality management system
• Defining processes and procedures for maintaining and controlling documentation and records related to the QMS and the realization of the medical in the organization
• Define the scope and practice of the commitment of the top management
• Definition of quality objective that will ensure meeting regulatory requirements and delivering of a medical device to the requirements of the customer
• Defining a system for managing resources and human resources, infrastructures, and work environment related to the realization of the medical device in the organization
• Setting in place management systems for product realization
• Ensuring design and development of medical devices under controlled management system
• Control of suppliers of all sorts
• Setting in place a management system for Production and service provision which will include controls over production processes (in general and particular cleanliness processes, installation processes, servicing activities, sterilization processes, and identification of the medical device and its components.
• Setting in place processes and controls over identification and traceability of the medical device and its components.
• Setting control processes of monitoring and measuring equipment necessary for the realization of the product

These concepts were designed in order to generate for the organization a suitable management work frame for realization of the medical devices.

Which clauses are allowed to be excluded by ISO 13485?

The ISO 13485 Standard requirements for exclusions are pretty clear and are mentioned in clause 1 – Scope

• When applicable regulatory requirements permit the exclusion of design and development controls, such regulatory requirements may be used as a justification for exclusion of design and development controls from the quality management system.
• When exclusions to design and development requirements are made, it is the responsibility of the organization to prove conformity to the ISO 13485 Standard requirements.
• When requirements from clauses 6, 7, or 8 of this standard are not applicable to the QMS of the organization due to its nature, activities, or operations of medical device type or nature, it may exclude this requirement from its quality management system.
• Any exclusion will be provided with a sufficient documented justification. The exclusion and justification shall be documented in the quality manual according to the requirement of clause 4.2.2—Quality manual.

What are the differences between EU MDR (Medical Device Regulation) and ISO 13485?

The EU MDR sets some additional requirements that will compel the organization to extend some of the ISO 13485 requirements. For instance, the ISO 13485 requires the organization to define and manage a medical device file (see clause 4.2.3). This file will include the minimum list of information. The EU MDR regulations on the other hand, demand that this documentation will include a technical file which the same information but with additional details that is specified in Annex II of the EU MDR for the medical device. Another example is the EU MDR requirements for additional records of post-market surveillance and clinical evaluation.

Is the ISO 13485 Certification recognized by the FDA?

The FDA is now in the process of recognizing the ISO 13485 Standard and accepting audit report from medical device producers. Read more about the Medical Device Single Audit Program (MDSAP). The last update from 23.02.2022 for amending medical device current good manufacturing practice (CGMP) requirements of the Quality System (QS) Regulation.

For how long is the ISO 13485 certificate Valid?

Normally the ISO 13485 certificate is valid for 3 years. But the specific validity period you MUST clear with the body of certification in advance.

How long does it take to get certified to the ISO 13485 Standard?

Oh…. Difficult question! The thumb rule suggest 4-6 months but with an excessive resource investment (external consulting, but also intern resources – employees that will have to invest time to adapt, design and implement new processes and activities). From my experience it is very individual – every organization behaves differently and therefore the implementation plan will be different and will require resources to a different extent.