What is the ISO 13485?


The ISO 13485, also known as DIN EN ISO 13485 in Germany, provides the guidelines for the quality management system in the medical product industry. Due to this fact we can rely on always finding medical products with excellent quality in Germany and many parts of the EU – regardless whether it’s a simple sterile bandage or a highly technical, active implant. After all, there shouldn’t be any discussions regarding the quality of products when human lives are involved. As a result, a certification according to ISO 13485 is prescribed by law for many medical products.


ISO 13485 – in general

The ISO 13485 is an ISO norm that specifies requirements for a quality management system for manufacturers of medical products. Unlike ISO 9001 for instance, it doesn’t focus on continual or steady improvement, but on product safety.

The correct title is “Medical devices -- Quality management systems -- Requirements for regulatory purposes (ISO 13485:2016); German version EN ISO 13485:2016”.

Just like other norms, the certification of such a management system can be obtained from DAkkS accredited bodies. At the moment, there are roughly 60 certification bodies accredited by DAkkS in Germany.

Even though the ISO 13485 is similar or identical to the ISO 9001 in many points, the ISO 9001 isn’t a replacement for a missing ISO 13485 certification for the following reasons:

  • The requirements of ISO 13485 are made especially for management systems in the field of medical products. That means that some demands made by the ISO 9001 are re-formulated, and the 13485 postulates further demands in other areas.
  • The ISO 13485 is partly a legal requirement that just can’t be replaced by another norm.


Process-oriented approach

The ISO 13485 lays down the line of approach as early as in the introduction under 0.3 Process-oriented approach, specifying that the quality management system must be established in a process-oriented way. Here the ISO 13485 differs from the ISO 9001 because it isn’t about the relevant interested parties and the continuous improvement, but primarily about compliance with the requirements of the customer and other regulatory parties (legislator, authorities). Additionally, the focus is put on maintaining the effectiveness of the quality management system.



ISO 13485 manual

Another difference is that it explicitly demands a quality management manual (in ISO 13485:2016 as well). In chapter 4.2 Documentation requirements, this demand is put down for the first time, and in sub-chapter 4.2.2 Quality management manual it’s listed what the manual needs to include at minimum:

Scope of application of the quality management system, including details and reasons for exclusions or non-application

Documented procedures or references to them

Description of the interactions between the processes

In that regard it is recommendable as well that the ISO 13485 doesn’t talk about “documented information”, but that it differentiates between documents (requirements) and records (proof).


Contents of the norm

With 78 pages in DIN A4 format in total, the ISO 13485 is certainly not a pocketbook and reading it is probably more difficult than reading a good novel. After the European preface, the preface and the introduction, it’s structured in 8 chapters:

  1. Application area
  2. Normative referrals
  3. Terms
  4. Quality management system
  5. Responsibility of management
  6. Resource management
  7. Product realization
  8. Measurement, analysis and improvement

After reading this list at the latest, it should become clear that the norm isn’t structured following the HLS (High Level Structure).

However, keep in mind when implementing the norm that the ISO 13485 provides requirements to put into practice, but doesn’t specify how to implement them. It needs to be emphasized that the introduction of the norm already states that the quality management documentation is influenced by different factors, for instance:

  • size and structure of the organization
  • provided products
  • used processes
  • inter alia

The norm’s appendix draws further different comparisons, for example between:

  • ISO 13485:2003 and ISO 13485:2016
  • ISO 13485:2016 and ISO 9001:2015


Specifics in comparison with ISO 9001:2015

While we aren’t going to list all the differences to ISO 9001 in detail or expand on the further norm requirements of ISO 13485, we want to note the following major differences:

  • ISO 13485 isn’t structured pursuant to High Level Structure
  • There’s still an explicit demand for a quality management representative who must be a member of the top management.
  • It still differentiates between documents and records.
  • There are still procedures that are demanded explicitly and can thusly be considered as compulsory procedures.
  • The term “work environment” is still used and isn’t converted to „process environment“.
  • The risk-based approach and the organization’s knowledge haven’t found their way into the norm.
  • It still differentiates between corrective and preventive actions.

Regardless of these exemplary differences, the ISO 13485 makes further demands, for example in the following areas:

  • validation of processes
  • identification and traceability
  • complaints processing
  • reporting to regulatory authorities
  • and many more


Do you need support in implementing the ISO 13485 in your company? Please get in touch with us or take a look at our services in the area ISO 13485.