Go to Client Portal

ISO 13485:2016 – Effective Preparation and Implementation of Medical Device Quality Management Systems


The International Organization of Standards (ISO) is a worldwide federation of member bodies within a specific technical skill set that is responsible for the draft and release of global medical device regulations. In 1996, the ISO established guidance ISO 13485:2003 under the jurisdiction of the ISO / International Electrotechnical Commission (IEC) Directive, Part 1 to offer direction on quality management system (QMS) requirements for organizations that design or manufacture medical devices and associated components.

Closely aligned with ISO 9001, which outlines QMS standards for all industries, ISO 13485:2003 provides an added emphasis on the promotion and awareness of applicable regulatory requirements for the medical device industry. It also focuses heavily on risk management and design controls throughout the product development process, and includes various detailed requirements pertaining to specific medical devices.

In 2016, original guidance ISO 13485:2003 was amended to further emphasize the importance of a risk-based approach to QMS implementation for effective maintenance. This recent document was revised and written under the editorial rules of ISO / IEC Directive,Part 2. (Further details regarding the process of drafting, revising and releasing ISO regulations can be found at www.iso.org/directives.)

The newly updated guidance, ISO 13485:2016, requires that all global medical device manufacturers are fully compliant by March 31, 2019 to ensure that certification audits beginning April 1, 2019 stand in conformance.

Implementation Guidelines

Global medical device manufacturers that currently hold ISO 13485:2003 certification can expect their next audit to be measured against the updated requirements set forth within ISO 13485:2016. However, organizations that are seeking first-time ISO certifications must have a QMS implemented to the 2016 standard by the end of 2017.

Notified Body, British Standards Institution (BSI), issued a communication in July 2017 to customers stating that certification to 2003 standards is no longer permitted due to the life-cycle of annual surveillance and recertification audits every three years. Manufacturers will now be faced with the challenges of revising indoctrinated processes and overhauling existing procedures.

While companies seeking initial ISO certification will have the advantage of working from a clean slate, established organizations will be required to identify, review and revise documentation to meet the new requirements of 2016. Upon first glance, these necessary processes may seem overwhelming for certified organizations however, there are a number of benefits that will result, especially for companies that are currently in compliance with 21 CFR 820.

Regardless of an organization’s certification standing, the key to successful implementation is planning with a risk-based mindset and to consistently ask whether any related processes – if not executed correctly – could negatively impact compliance, device performance or other surrounding procedures.

Embracing Change: A New Medical Device Landscape

In the matter of ISO guidance, resistance is futile and embracing change is the easiest path to compliance. Contrary to popular belief, the Technical Committee ISO / IEC 210, “Quality management and corresponding general aspects for medical device,” did not revise the 2003 version of ISO 13485 to make life difficult for medical device manufacturers. In fact, the 2016 release is a technical revision which cancels both ISO 13485:2003 and ISO / TR 14969:2004 and incorporates Technical Corrigendum ISO 13485:2003 / Cor.12009.

Simply put, ISO 13485:2016 helps address new risk factors, or “Technical Changes,” resulting from an industry that has evolved due to commerce, economy and new discoveries. For example, contract manufacturing and process outsourcing have allowed companies to become established with two people, a good idea and sufficient seed money.

Further, international regulatory requirements unrelated to medical device regulations have been revised to enhance user safety without the acknowledgement of established product manufacturers. Thus, manufacturers have made and sold medical devices for years without properly utilizing performance data to improve the safety of devices. These new organizational and operational realities have driven ISO 13485:2016 into existence.

All in all, ISO 13485:2016 does not bind the hands of manufacturers or create additional legislation which will prevent the development and release of a new product as it is aligned with 21 CFR 820. It simply enforces a regulation that has always been a requirement, even if the majority of global medical device manufacturers have failed to perform accordingly.

For example, ISO 13485:2003 requires that medical device manufacturers validate sterilization processes and have at their fingertips documented procedures for validation processes. This standard exists to ensure that the requirements of sterilization regulations are followed to ISO 11135, 11137, 11138, etc.

However, sterile barrier validation is not mentioned in ISO 13485, version 2003. This lack of technical verbiage requiring sterile barrier validation and documented sterile barrier validation procedures allows manufacturers to release products prior to completing packaging validations. Now, the 2016 version has added section 7.5.7 which requires sterilization and sterile barrier validation prior to any implementation of routine production processing.

ISO 13485:2016 White Paper

In an effort to provide global medical device manufacturers a better understanding of the changes set forth within ISO 13485:2016, NAMSA’s quality expert, Darci Diage (Principal Medical Research Manager) has authored the White Paper, “ISO 13485:2016 – Effective Preparation and Implementation of Medical Device Quality Management Systems.” Discussed is how successful organizational implementation can be achieved through a risk-based approach, and includes information on the long-term benefits of an effective ISO transition such as a more robust, efficient and effective QMS.

Highlighted topics within this White Paper include:

  • Implementation Guidelines
  • Embracing Change: A New Medical Device Landscape
  • Developing a Comprehensive Plan-of-Action
  • Organization Buy-In and Review
  • Examples for Consideration
  • All Hands on Deck: Interdepartmental Involvement

Click here to access this White Paper.

About NAMSA’s ISO Compliance and Quality Systems Consulting Services

NAMSA offers comprehensive support to medical device firms in the areas of FDA Quality System Regulation (QSR) and ISO compliance for a wide range of medical products, including in vitro diagnostics (IVD), biologics and combination products. Services include quality system implementation, pre- and post-market compliance activities, risk management, and medical device product design control support.

Our consultants, many of whom previously worked for the FDA, have collaborated with Fortune 100 companies to start-up manufacturers. Conducting a wide array of activities – from establishing effective design controls to performing audits and “rescue” efforts – our team of experts scale each quality system effort to best fit the needs of each client, their products and culture.

Please email us at communications@namsa.com if you are interested in learning more about our services, or would like to schedule a complimentary consultation with one our global regulatory experts.

Darci Diage

Darci Diage, a Principal Medical Research Manager at NAMSA, holds a Masters of Biomedical Laboratory Science from San Francisco State University and a Bachelors of Science in Molecular Biology from Sonoma State University. Her primary expertise is in the areas of medical device quality and regulatory compliance with over 16 years of experience in the medical device industry focusing on manufacturing, design control, risk management and concept to commercial product development activities. Ms. Diage holds an ASQ Lead Auditor Certification and is currently a member of the American Society for Quality (ASQ).