The ISO 13485 standard was published by the International Standards Organization to provide medical device companies with requirements for establishing and maintaining quality systems. While medical technology companies in the United States are legally required to comply with FDA quality system regulations outlined in 21 CFR Part 820, the ISO 13485 certification is required for companies that wish to market their medical devices in international markets like Europe or Canada. U.S.-based manufacturers can still endeavor to obtain an ISO 13485 certification, but this is not required unless the manufacturer wishes to market its products abroad.
ISO 13485 was first published in 1996 as a quality management standard for medical device companies based on ISO 9001. It was published in two versions: ISO 13485 for manufacturers (original equipment manufacturers (OEM), and ISO 13488 for contract manufacturers (suppliers). In a 2003 revision, the documents were combined into one quality standard that could be universally applied to medical device manufacturers.
A final revision to ISO 13485 was released in 2016, just in advance of the new European Union Medical Devices Regulations (EU MDR).
While ISO 13485 certification is a requirement for marketing medical devices in both Canada and the European Union, the USA regulates medical device quality systems through the FDA regulatory document 21 CFR Part 820. The latest revision of ISO 13485 was conducted with the participation of the FDA, and as a result, the two documents are very similar in certain areas. For example, the sections in each document that discuss Design Controls (21 CFR Part 820.30 and ISO 13485 Section 7.3) are almost identical.
Despite some similarities, ISO 13485 and FDA QSR don't overlap completely in their requirements. The FDA QSR places a stronger emphasis on post-market monitoring and the complaints-handling process - a QMS that is ISO 13485-certified may not meet the complaint handling requirements of the FDA regulations. On the other hand, ISO 13485 demands a more risk-based approach to QMS. Some quality systems that comply with 21 CFR Part 820 lack the risk-based components that would qualify them for ISO 13485 certification.
Find out more about the difference between ISO 13485 and FDA QSR.
Obtaining an ISO 13485 certification can be explained as a simple process. Follow these steps to get started:
An auditor from a notified body will want to investigate your quality plan and procedures, including design control documentation, management review process, internal audits, CAPA process and results, and more. Greenlight Guru's Quality Management Software platform ensures that your documentation is all present, up to date and accounted for when it comes time for an audit or assessment.
Design Controls and CAPA will combine to produce hundreds of documents that must be maintained throughout your product's entire lifecycle. Greenlight Guru's eQMS provides a single source of truth for your organization, where auditors and other authorized personnel can quickly and securely access the information that proves your compliance with ISO 13485. Greenlight Guru reduces your company's time to market by keeping your QMS organized and significantly expediting ISO 13485 certification audit.