ISO 13485:2016
Medical devices — Quality management systems — Requirements for regulatory purposes
Standard Introduction
ISO 13485:2016 is an active standard published by International Organization for Standardization (ISO). It is commonly used across Medical Devices, Healthcare and applies in Global.
Use this page to review the official documentation, current status, and the certification or assessment bodies most commonly associated with ISO 13485:2016.
Medical Device Specific
Unlike general ISO 9001, this standard is tailored specifically for medical device organizations — addressing regulatory requirements, risk management, and product safety throughout the entire lifecycle.
Risk-Based Approach
Requires risk management to be applied throughout product realization, from design and development through production, storage, distribution, and post-market surveillance.
Global Regulatory Recognition
Recognized by regulatory authorities worldwide including the EU (MDR/IVDR), Canada (CMDCAS), Japan (JPAL), Australia (TGA), and Brazil (ANVISA) — with over 32,000 valid certificates globally.
list_alt Key QMS Requirements
- Quality management system documentation and control
- Management responsibility and commitment
- Resource management and competence
- Product realization planning and risk management
- Design and development controls with verification and validation
- Purchasing and supplier controls
- Production and service provision with process validation
- Monitoring, measurement, and corrective/preventive action
Who Needs to Comply?
Any organization involved in the design, development, production, storage, distribution, installation, servicing, or disposal of medical devices and related services — including component suppliers, contract manufacturers, and sterilization service providers.
Key Requirements
Design & Development Controls
Establish and maintain procedures for design planning, inputs, outputs, reviews, verification, validation, and transfer. Maintain a design history file documenting the entire development lifecycle.
Risk Management
Apply risk management throughout product realization per ISO 14971. Identify hazards, estimate and evaluate risks, implement controls, and verify their effectiveness. Maintain risk management files.
Process Validation
Validate production and service processes where resulting output cannot be fully verified by subsequent inspection or testing — including sterilization, software validation, and cleanroom processes.
Traceability & Post-Market Surveillance
Maintain traceability records for each medical device or batch. Establish procedures for complaint handling, adverse event reporting, and post-market surveillance to identify improvement opportunities.
Supplier Controls
Evaluate and select suppliers based on their ability to meet requirements. Establish purchasing specifications, verify purchased products, and maintain records of supplier performance and approved supplier lists.
Implementation Roadmap
Define medical-device QMS scope
Identify product families, lifecycle activities, sites, outsourced processes, regulatory jurisdictions, and applicable quality-system obligations. Confirm whether design, manufacturing, servicing, installation, distribution, or software activities are in scope.
Build process and risk controls
Map ISO 13485 processes for document control, management responsibility, resource management, product realization, supplier control, design and development, sterilization, traceability, risk management, and feedback.
Implement records and validation
Deploy controlled procedures, device master records, design history files, process validation, software validation, purchasing records, training, complaint handling, nonconformance, CAPA, and post-market feedback evidence.
Audit and sustain certification
Run internal audits and management reviews, close CAPA, prepare for certification or regulatory audits, and maintain change control as products, suppliers, regulations, and production processes evolve.
Compliance Checklist
checklist QMS scope and governance
checklist Product realization
checklist Feedback and improvement
Penalties & Enforcement
ISO 13485 is voluntary, but certification is effectively mandatory for market access in most jurisdictions. Loss of certification can prevent marketing medical devices in the EU (MDR), Canada, Japan, Australia, and other regulated markets. Regulatory authorities may halt production or issue recalls.
Frequently Asked Questions
Who needs ISO 13485?
expand_more
ISO 13485 is used by organizations involved in one or more stages of the medical-device lifecycle, including design, development, production, storage, distribution, installation, servicing, and related support services.
Is ISO 13485 the same as ISO 9001?
expand_more
No. ISO 13485 is specific to medical devices and emphasizes regulatory requirements, risk management, documented procedures, validation, traceability, complaint handling, and product safety. It is related to quality management but not interchangeable with ISO 9001.
Does ISO 13485 require risk management?
expand_more
Yes. Risk-based thinking is embedded in product realization and QMS processes, and medical-device organizations commonly link ISO 13485 evidence to ISO 14971 risk-management files.
How does ISO 13485 relate to FDA QMSR?
expand_more
FDA has incorporated ISO 13485:2016 by reference as the foundation for the Quality Management System Regulation, making alignment especially important for manufacturers serving the U.S. market.
What audit evidence is most important?
expand_more
Auditors typically expect controlled procedures, design and development records, risk files, validation evidence, supplier controls, training records, complaint handling, CAPA, internal audits, and management review outputs.
Official Documentation
Official PDF for ISO 13485:2016
Official publication or summary for ISO 13485:2016
Official online resource
International Organization for Standardization (ISO) guidance and reference material
Implementation toolkit
Templates, guidance, or companion resources for ISO 13485:2016