ISO 13485:2016 Medical Certification Services


ISO 13485:2016 Medical Certification Services

Use ISO 13485 :

  • To establish a Quality Management System (QMS) that is oriented towards the design, development, production, and installation of medical devices and related services.
  • To demonstrate your ability to supply medical devices and related services that meet customer expectations and comply with regulatory requirements.
  • To evaluate how well your organization is able to meet customer expectations and comply with regulatory requirements.
  • To become certified or registered.
  • ISO 13485 is not a product standard. It’s a process standard. Therefore, it’s not enough to establish a Quality Management System (QMS) that complies with the ISO 13485 standard, you also need to comply with all relevant product and service oriented technical standards and regulations.


ISO 13485 Vs ISO 9001 :

  • ISO 13485 is based on the ISO 9001 Quality Management standard. Both standards are organized in the same way and use basically the same numbering system. In addition, most of the ISO 13485 requirements are taken directly from ISO 9001 without modification.
  • However, some ISO 9001 requirements were modified and others were excluded. Of course, ISO 13485 also includes a special set of requirements specifically related to the supply of medical devices and related services. In general, ISO 13485 is made up of two kinds of requirements: old ISO 9001 requirements and new requirements that are specifically related to medical devices and associated services.
  • ISO 13485 excludes ISO 9001 requirements related to continual improvement and customer satisfaction. Continual improvement is excluded because most medical device regulations require organizations to maintain their Quality Management Systems, not to improve them. And customer satisfaction is excluded because committee members thought it was too subjective.


When ISO 9001 wants you to document a procedure, it also wants you to implement and maintain it. Section 4.2.1 of ISO 13485 expands on this idea by including requirements, activities, and special arrangements. More precisely :

  • When ISO 13485 wants you to document a procedure, the standard also wants you to implement and maintain it.
  • When ISO 13485 wants you to document a requirement, the standard also wants you to implement and maintain it.
  • When ISO 13485 wants you to document an activity, the standard also wants you to implement and maintain it.
  • When ISO 13485 wants you to document an arrangement, the standard also wants you to implement and maintain it.


Whenever a procedure, requirement, activity, or special arrangement must be documented, it does so by explicitly asking you not only to document it but also to implement and maintain it. ISO 13485 also places a greater emphasis on the use of procedures to regulate and control how activities and processes should be performed. In this sense, ISO 13485 is somewhat more prescriptive than ISO 9001. ISO 9001 often leaves it up to you to decide how work should be controlled, whereas ISO 13485 seems to have removed some of this flexibility by insisting on the use of formal procedures. Since ISO 13485 is all about medical devices and related services, it of course adds many new requirements to address the specific needs of this industry such as ISO 14971 Risk Management.

Possible exclusions :

  • ISO 9001 says that you may exclude or ignore some requirements if you can justify doing so. You can exclude section 7 product realization requirements if you cannot apply them because of the nature of your organization and its products. Similarly, ISO 13485 2003 says that you can exclude section 7 requirements if they are not applicable in your situation and does not violate the organization's medical devices statutory regulations.
  • You may also exclude section 7.3 design and development if official regulations allow you to do so and if you have made alternative arrangements that comply with these regulations.
  • Occasionally ISO 13485 uses the phrase “if appropriate? or “where appropriate? When a requirement uses this phrase, you may ignore or exclude it if you can justify doing so.
  • Whenever you decide to exclude or ignore an ISO 13485 requirement make sure that you’ve got a good reason. Make sure you can justify and explain why, and make sure this explanation is documented in your quality manual.


How to develop a QMS :
In order to become certified, you need to develop a Quality Management System (QMS) that complies with the ISO 13485 standard. But how do you do that? One common approach is to carry out a Gap Analysis. Such an analysis will identify the gaps that exist between the new standard and your organization's processes. Once you know exactly what and where your gaps are, you can take steps to fill them. And once all of your gaps are filled, your Quality Management System will be ISO 13485 compliant. By using this approach, you will not only meet the new ISO 13485 standard, but you will also improve the overall effectiveness of your Quality Management System. If you're currently ISO 13485:1996 or ISO 9001:2000 certified, you can call us to conduct Gap Analysis Tool on your Quality Management System to the new ISO 13485:2003 standard.

Once we've completed the Gap Analysis and filled all of the gaps, you're ready to ask a Registrar to audit the effectiveness of your Quality Management System. If your QMS meets ISO 13485:2003 requirements then the Registrar will then issue an official certificate to you and record your achievement in their registration.

  • Identify your organization’s environmental aspects. Study normal and abnormal operating conditions, as well as accidents, disasters, and emergency situations. Identify the environmental aspects associated with all operating conditions and situations.
  • Clarify the legal and other requirements that apply to your organization’s environmental aspects. Legal requirements include National and International as well as local and regional laws and regulations. Other requirements include agreements that have been established with governments, customers, community groups and others as well as commitments, guidelines, principles, or codes of practice that influence how your environmental aspects ought to be handled.
  • Examine your organization’s current environmental management policies, procedures, and practices. Pay special attention to your organization’s purchasing and contracting policies, procedures, and practices.
  • Define the scope of your EMS. When ISO 14001 asks you to define the scope of your EMS, it is asking you to define its boundary. You can choose to apply ISO 14001 to the entire organization or only to a specific operating unit or facility. Once you’ve made this decision, you’ve defined the scope or boundary of your EMS. Henceforth, all activities, products, and services that falls within this boundary must comply with the ISO 14001 standard.


Once you’ve considered the above factors, you can begin the development of your organization’s unique Environmental Management System. But if you’ve already established an EMS and you simply need to update it to meet the new standard, you need to do a Gap Analysis. A Gap Analysis will compare your current EMS with ISO’s new ISO 14001 standard. This comparison will pinpoint the areas that fall short of the standard (the gaps). Once you know where to focus your attention, you can begin to make the changes that are needed to comply with the new ISO 14001 standard.


Enquiry Now