ISO 13485 is the international reference standard for quality management systems in the medical device industry. Although many manufacturers associate it only with a formal requirement for certification, its scope goes much further: it defines how the processes that ensure the safety, efficacy and regulatory compliance of the product throughout its life cycle must be managed.
With the entry into force of Regulation (EU) 2017/745 (MDR), ISO 13485 has become even more relevant, as it is the organizational basis on which trials, clinical evaluation, traceability and post-market surveillance are based. In this article we resolve the most common doubts about this standard and its practical application in medical device manufacturers.
What is ISO 13485 and what is it for?
ISO 13485 is a specific quality management system standard designed for organizations that design, manufacture, test or distribute medical devices. Its objective is to ensure that the company is able to provide products that consistently meet regulatory and customer requirements.
Unlike other more generic quality standards, ISO 13485 is oriented to risk, technical documentation and rigorous control of processes that directly affect patient safety.
Differences between ISO 13485 and ISO 9001
A common question is whether ISO 9001 certification is sufficient. Although both standards share a common structure, there are key differences:
- ISO 13485 is specifically focused on medical devices.
- It requires greater document control and traceability.
- Incorporates explicit risk management requirements.
- It gives special weight to the validation of critical processes, tests and suppliers.
- It is aligned with international regulatory requirements (MDR, FDA, etc.).
For medical device manufacturers, ISO 13485 is therefore not optional: it is the standard expected by notified bodies and regulatory authorities.
Relationship between ISO 13485 and MDR 2017/745.
The MDR does not explicitly require ISO 13485 certification, but in practice:
- It is considered by the notified bodies as the reference framework for assessing the manufacturer’s quality system.
- It makes it easier to demonstrate compliance with general safety and performance requirements.
- It structures key processes such as risk management, clinical evaluation, post-marketing surveillance and change management.
In other words, ISO 13485 acts as the organizational skeleton that enables consistent compliance with the MDR.
Relationship between ISO 13485 and key device lifecycle activities
ISO 13485 structures all phases of the product, from design to post-market surveillance.
| Life cycle stage | Associated ISO 13485 requirements |
|---|---|
| Design and development | Planning, change control, verification and validation |
| Material selection | Risk assessment and traceability |
| Preclinical trials | Planning, validation of methods, control of equipment |
| External testing | Laboratory evaluation and qualification |
| Production | Process validation and document control |
| Product release | Final review and compliance |
| Marketing | Traceability and batch control |
| Post-market surveillance | Incident and corrective action management |
This table is especially useful for quality and regulatory managers, as it shows how the standard is not limited to audits, but conditions the entire technical validation strategy.
Role of ISO 13485 in testing and technical validation
One of the least understood aspects of the standard is its direct impact on medical device testing. ISO 13485 requires that:
- Critical assays are planned, documented and validated.
- Measuring equipment is calibrated and controlled.
- External testing providers (laboratories) are evaluated and qualified.
- The results are integrated in a traceable manner in the technical file.
This means that working with ISO/IEC 17025 accredited laboratories, such as those of the IBV, greatly facilitates compliance with ISO 13485, as the test reports provide additional technical and regulatory guarantees.
Who does ISO 13485 apply to?
The standard is not limited to end manufacturers. It also applies to:
- design and development companies,
- manufacturers of critical components,
- laboratories that perform tests for medical devices.
- distributors and service companies related to medical devices.
Any organization that influences the security or performance of the device may be affected by your requirements.
Real benefits of implementing ISO 13485
Beyond regulatory compliance, proper implementation of ISO 13485 brings strategic benefits:
- reduction of errors and reprocessing,
- greater consistency between design, testing and production,
- improvement of the relationship with notified bodies,
- more agile access to international markets,
- greater customer and partner confidence.
When the standard is used as a management tool and not just as a formality, it becomes a key asset for the manufacturer’s competitiveness.
