What is ISO 13485?

ISO 13485 is a sector scheme of ISO 9001. (See What is ISO 9001?) ISO 13485 applies to organizations in the medical device industry (or, medical device “sector”). ISO 13485 contains a set of sector-specific requirements germane to the medical device industry that were added to ISO 9001. Roughly, it’s ISO 9001 for medical device organizations and their suppliers. Although ISO 13485 does not include every requirement of ISO 9001, it contains the vast majority of them. In fact, the ISO 9001 requirement for organizations to monitor customer satisfaction is the only requirement that is not somehow represented in ISO 13485. Otherwise, ISO 13485 contains all of the requirements of ISO 9001, plus requirements specific to the medical device industry.

The standard has been compiled by the Industry but it is used by regulators throughout the world. It is mandated to meet regulatory requirements to sell medical devices in Canada and is all but mandated to sell devices in the 27 nations of the European Union. It is the chosen standard of the Global Harmonization Task Force – an international coalition attempting to standardize the regulatory requirements needed to sell products throughout the world. While not legislating against this ISO standard, the US still sticks to its legal requirements contained in the Code of Federal Requirements where it has defined its own version of the requirements. Bottom line is that if you make medical devices you need to use ISO 13485 if you intend your products to be sold anywhere other than the US. And in this global economy organizations down the supply chain may want to sell them abroad for you.

Beyond the very basic requirements of ISO 9001, ISO 13485 requires organizations to have additional or enhanced controls over various facets of their operations, including:

• Master Device records and Design History records.
• Beyond the document and record control requirements of ISO 9000, ISO 13485 defines retention requirements for specific records and obsolete documents.
• ISO 13485 contains enhanced requirements pertaining to the definition of responsibilities and authorities.
• Although ISO 9001 requires adequate control over the work environment to ensure product conformity, ISO 13485 specifically requires documented controls pertaining to health, cleanliness, and clothing of personnel, as well as work environment conditions, control over temporary personnel, and special arrangements for control of contaminated product.
• ISO 13485 contains requirements pertaining to advisory notices and related communications/notifications to affected parties.
• The design requirements of ISO 13485 require clinical evaluations as part of design and development validation.
• Although ISO 9001 requires controls over production and service provision, ISO 13485 specifies particular controls, including:
• Labeling and packaging requirements
• Batch records, including traceability and distribution
• Cleanliness of product and contamination control
• Installation activities and related verifications
• Servicing activities and related verifications
• Particular requirements for sterile medical devices
• Enhanced traceability requirements, including particular requirements for active implantable medical devices
• Enhanced product status identification requirements
• Although ISO 9001 requires product to be preserved, ISO 13485 specifies controls pertaining to product with a limited shelf-life.
• Although ISO 13485 does not require customer satisfaction as a measurement of system performance (as does ISO 9001), it contains enhanced requirements for processing customer feedback. ISO 13485 requires the feedback system to include provision for early warning of quality problems and post-production performance investigation.
• Whereas ISO 9001 requires reworked product to be re-verified to conform to established requirements, ISO 13485 additionally requires documented, approved rework instructions and a determination of any related adverse effects, and
• Included among the requirements for continual improvement, ISO 13485 requires records of customer complaints to be maintained, including requirements for corrective action and regulatory authority reporting.