Skip to main content
NSF Home

ISO 13485 Quality Management Systems (QMS) for Medical Devices

Demonstrate credibility with a certification to the internationally recognised standard for medical devices, access global markets, streamline processes, and reduce safety risks.

What is ISO 13485 and who is it for?

ISO 13485 is the international quality management system (QMS) standard for medical devices. With patient safety at its heart, it’s intended to ensure manufacturers meet both customer and regulatory requirements.

The standard provides organisations with a framework for implementing the QMS. This includes the establishment – and maintenance – of processes that ensure safety and quality for the entire lifecycle of a product. Product design, development, production, distribution, installation, and servicing must be thoroughly considered and consistent.

ISO 13485 originated on the requirements of ISO 9001 enhancing requirements to cover effective documentation, monitoring, design, and manufacturing controls to produce safe medical devices. ISO 13485 also takes a granular approach in relation to customer feedback, managing non-conforming products and implementing improvements.

The standard was first published in 1996 by the International Organization for Standardization (known as ISO) specifically for the medical device industry, including manufacturers, suppliers, service providers, distributors and importers. Currently, there are over 33,000 valid ISO 13485 certificates that have been issued by accredited certification bodies such as NSF.

What are the benefits of ISO 13485 certification?

ISO 13485 compliance can help organisations reduce risk, create efficiencies, and demonstrate a commitment to safety and quality at every stage of a product’s lifecycle. The QMS standard is recognised by global regulatory authorities, helping organisations to gain access to markets around the world.

Organisations certified to ISO 13485 claim the following benefits:

  • Improved product quality.
  • Reduced risk of product failure and recall.
  • Increased customer confidence.
  • Enhanced efficiency and understanding of best practise.
  • Ease of access to global markets.

Voluntary ISO 13485 certifications provide confidence to acquire supplier contracts and maintain market credibility. These also serve as a pathway to demonstrate compliance and obtain regulatory approval in many countries. For example, the FDA has incorporated ISO 13485:2016 in its regulation with enforcement starting in 2026.

What are the requirements of ISO 13485?

The latest version of ISO 13485 was published in 2016 (known as ISO 13485:2016). It is made up of five main sections, known as clauses. Before an organisation can be awarded certification, it must be able to demonstrate that it meets every requirement of each clause.

This is achieved thorough documentation and record keeping, including detailed specification of how risk is managed internally and in the external supply chain.

The design, development and intended use of products, as well as the lifecycle of the product must be considered when implementing the QMS.

For an organisation to meet – and maintain – the requirements of the standard, it’s important that resources are allocated. As such, it’s important that top management provides full support and is involved in setting quality policy, goals and objectives.

What are the steps to obtaining ISO 13485 certification?

Becoming certified to ISO 13485 involves several key steps. The first is to buy a copy of the standard. This can be purchased direct from ISO. After that, there are five steps to follow:

  • 1

    Read and understand the standard

    Attend a training course on ISO 13485 to solidify understanding and help you identify how you will implement the standard in your organisation.
  • 2

    Take action

    Prepare to implement ISO 13485. This could take some time as you will need to gather the necessary documentation and perform internal audits. It can be beneficial to perform a gap assessment to establish your organisation’s state of readiness. The length of time this stage takes will depending on the complexity of your product, the size of your operations and the scope of your certification. Talk to NSF if you wish to discuss this.
  • 3

    Choose a certification body

    When you think you’ve met the requirements of ISO 13485, it’s time to contact an accredited certification body such as NSF to conduct an independent third-party assessment of your organisation against the requirements of the standard. This is a two-stage assessment process and any corrective actions that have been identified will need to be closed out. The time required for this will depend on a number of factors, for example, the complexity of the product.
  • 4

    Receive audit recommendation

    On completion of stage one and stage two assessments a recommendation for certification will be made. A final review is conducted and when all requirements have been met, certification is granted.
  • 5

    Certification

    Earning ISO 13485 certification is an important achievement. Not only will it help demonstrate compliance in a highly regulated industry, but it could also facilitate business growth. You may wish to share this news through PR activity, social media, on your website and via any other channels through which you communicate with stakeholders.

Certification is valid for three years. During the three-year certification cycle, surveillance audits will be conducted annually to ensure you remain compliant with the requirements of the standard. In the third and final year of the cycle, a recertification audit will take place. If successful, certification will be granted for another three years, and the accompanying annual audit cycle will recommence.

Why choose NSF for ISO 13485 certification?

NSF is an ANSI National Accreditation Board (ANAB) accredited third-party certification body for ISO 13485 and our clients range from large multinationals to those that are smaller and specialised in niche areas. Our mission at NSF is to improve global human and planet health, a goal that aligns strongly with ISO 13485’s intention of ensuring patient safety. This makes us proud to work with companies that deliver life-saving and life-changing medical products to their patients.

We work hard to provide outstanding customer service and take pride in the high scores we receive in our client satisfaction survey.

Transfer your certification

Whether you are looking for a new Certification Body or wanting to consolidate multiple management systems, NSF is here for you.

ISO 13485 and other quality management systems

Some organisations seeking ISO 13485:2016 certification hold other sector-specific quality management certifications as they supply products to other industries that have specific requirements for quality management. These could include IATF 16949 automotive quality management, or the AS 9100 series of quality management standards for aerospace as well as ISO 9001.

Although each of these standards differ based on the sectors they relate to, there are some similarities. If you are looking to consolidate any of these management system standards talk to NSF. We are well placed to support organisations to do this, and it could help streamline your quality management certification process.

Need to train your team? Don’t forget ISO 13485 training with NSF

Our engaging and interactive training sessions delve into core principles of the ISO 13485:2016 quality management system, including the intent, meaning, and interrelationship of the clauses of the standard.

Learn more about our ISO 13485:2016 - Fundamentals -Medical Devices - QMS - Requirements for Regulatory Purposes course that’s delivered virtually for your convenience and can be booked online.

Contact our team if you are looking to get in-house ISO 13485:2016 medical device QMS training delivered to your team.

Resources

Talk to us

If you’re getting started with certification or want to transfer, we’re here to help.