Medical device companies choosing between ISO 13485 vs ISO 9001 for compliance need to understand the similarities and differences between the two quality management standards.
The International Standards Organization (ISO) was founded in 1947 by a group of delegates from 25 different countries with the shared goal of ensuring that products and services available in the global marketplace were safe, reliable and of good quality. ISO works towards this objective by writing documents, known as standards, which provide requirements, specifications, guidelines and other directives to ensure that products and services are fit for their intended use. To date, ISO has produced 22,560 International Standards in diverse categories, such as industrial length measurements, information security systems, corporate integrity, and quality.
ISO 9001 is included in the ISO 9000 series standards, which was first published in 1987. This series of quality management standards originally included five main documents:
- ISO 9000:1987 Quality Management Systems - Fundamentals and vocabulary
- ISO 9001:1987 Model for quality assurance in design, development, production, installation, and servicing
- ISO 9002:1987 Model for quality assurance in production, installation, and servicing
- ISO 9003:1987 Model for quality assurance in final inspection and test
- ISO 9004: Model for quality management and quality system elements
Over time, the original series of ISO 9000 standards changed form. Here is a look at that timeline:
In the year 2000, ISO 9001, 9002 and 9003 were combined into a single standard known as ISO 9001:2000.
Additional updates to the ISO 9000 series were made in 2008 to increase their consistency with the ISO 14001 standard for environmental management and provide additional clarifications.
ISO 9001 was published in 2009.
Further revisions to ISO 9000 standards were made in 2015.
In 2016, the ISO released a new version of ISO 9002 that provides guidance on the intent of the quality system requirements in ISO 9001:2015.
The current list of ISO 9000 quality standards looks like this:
- ISO 9000:2015 - Quality management systems -- Fundamentals and vocabulary
- ISO 9001:2015 - Quality management systems -- Requirements
- ISO 9002:2016 - Quality management systems -- Guidelines for the application of ISO 9001:2015
- ISO 9004:2018 - Quality management -- Quality of an organization -- Guidance to achieve sustained success
ISO 13485 is an industry-specific interpretation of ISO 9001 with a focus on the medical device industry. While the ISO 9001 quality regulations are meant to apply to organizations across industries, ISO 13485 provide specialized guidance in the form of quality system regulations that are specific to the medical device industry.
What are the Main Differences Between ISO 9001 and ISO 13485?
ISO 13485 was first published as an industry-specific interpretation and was based on the quality requirements of ISO 9001, but has since evolved into a stand-alone standard whose text makes no references to ISO 9001 as a source material. Since its initial publication in 1996, and through editions in 2003 and 2016, ISO 13485 has become increasingly different from ISO 9001 and compliance with one standard does not necessarily imply compliance with the other.
ISO 13485 is Specific to Medical Devices
The most important difference between ISO 13485 and ISO 9001 comes from the fact that the former was published for exclusive application to medical device products. Unlike many other industries, the medical device industry is under strict regulatory control in markets around the world. ISO 13485 includes many sections and guidelines that are unique to medical devices, including:
- Medical device terminology
- Requirements for medical device clinical or performance evaluations in keeping with applicable regulatory requirements
- Separate document files for each medical device marketed or sold by the company
- Requirements for the documentation of purchasing procedures
- A documented procedure for collecting customer feedback and determining whether manufactured products have met customer requirements
- A requirement to include records of CAPA investigations in the quality system
ISO 13485 Emphasizes Risk Management
One of the most important trends in the world of medical device regulation is the regulatory shift towards risk management. Organizations across the world that provide guidelines for medical device quality, such as the European Commission, United States FDA, and ISO, are increasingly emphasizing risk management in standards publications for medical device QMS.
In ISO 13485:2016, the most current edition of ISO's medical device quality standard, the term "risk" appears more than 40 times - a substantial increase when compared to the 2003 version, where risk management processes were only specifically applied to product realization activities. ISO 13485:2016 requires organization to implement risk-based decision-making in other parts of the business, such as purchasing materials and training staff.
Organizations that wish to comply with ISO 13485:2016 must establish and maintain effective risk management processes throughout the product life cycle.
ISO 13485 Addresses Regulatory Requirements
ISO 9001 can be applied broadly in companies and organizations across industries, some of which may be government regulated, but many of which are not. As a result, ISO 9001 does not address the need for its subscribers to comply with regulatory requirements that may not exist for their specific industries.
In contrast, the authors of ISO 13485 understand that while adherence with ISO 13485 represents conformity with the global medical device QMS standard, medical device companies are still required to comply with local regulations in the markets where they sell their products. ISO 13485:2016 specifically requires medical device companies to "establish and maintain records needed to demonstrate conformance to this International Standard and compliance with applicable regulatory requirements.''
Conformity with the ISO 13485 QMS requirements does not always mean that compliance with local regulations has been achieved, especially in the United States where compliance with the FDA QSR is required for medical device companies.
Greenlight Guru Offers a Purpose-Built eQMS for ISO 13485 Compliance
ISO 13485 certification is a requirement for medical device companies who wish to sell their products in Europe, and the upcoming Medical Device Single Audit Program (MDSAP) guidance will draw heavily from the contents of ISO 13485. Even the FDA is changing its regulations to further align with ISO 13485:2016. While the ISO 9001 quality management system requirements can be profitably applied in other industries, compliance with ISO 13485 and local regulations are priorities for medical device companies.
Greenlight Guru's eQMS software was purpose-built to facilitate ISO 13485 quality management system requirements for medical device companies, offering out-of-box compliance with minimal customization.