ISO 13485:2016 describes the requirements of a quality management system for organizations who design and manufacture medical products. It was published on 1st March 2016.
Though it is tailored to the industry’s quality system expectations and regulatory requirements, an organization does not need to be actively manufacturing medical devices or their components to be certified to this standard. This is in contrast, for example, to ISO/TS 16949 for the automotive industry where firms can seek registration from the moment that they have received a request for quotation from an IATF supply chain manufacturer.
ISO 13485 is a stand-alone standard that differs from ISO 9001 while at the same remaining consistent with it.
Some of the important differences with ISO 9001 are as follows:
ISO 13485 does not have the same high level structure as ISO 9001:2015 and most other standards.
ISO 9001 requires the organization to demonstrate continual improvement, whereas ISO 13485 requires only that the certified organization demonstrates the quality system is effectively implemented and maintained.
The customer satisfaction requirements of ISO 9001 are absent from the medical device standard.
As ISO 9001 and ISO 13485 do not share the same structure, it is likely that many organizations would find it difficult to comply with both. So in most cases it makes sense to go with one or the other.
Changes from ISO 13485:2003 to ISO 13485:2016
The ISO 13485 standard was updated for two key reasons. Firstly, to keep up with changes in the industry and, secondly, to address changes in the underlying ISO 9001 standard. While the old ISO 13485:2003 standard was based on the old ISO 9001:2000 standard, the new one is also based on an older version of ISO 9001 being the 2008 version.
Although the new standard is a revision to the original guidance, there are areas in which the standard had significant updates. The major changes between ISO 13484:2003 and ISO 13485:2016 include:
Regulatory requirements: The 2016 standard expects conformity to all regulatory requirements while the 2003 standard expected you to establish a QMS that complies with ISO 13845. In addition, it is expected that objectives are set for meeting both regulatory and product requirements.
Risk based approach: The 2016 standard expects the application of a “risk based approach” for all QMS processes including outsourced processes and to cover product usability and safety requirements. In the previous version risk was applied only during the product realization process.
Medical device file: The 2016 version expands the establishment of a special file for each type of medical device to include all associated specifications, procedures and records. It also requires the establishment of processes to document and control design and development changes and to evaluate their significance and impact on safety as well as performance.
Record keeping: With the 2016 version there should be a record of the manufacture and testing of the medical device and that it be retained for its lifetime plus any other regulatory requirements. There must also be a record of supplier evaluation and re-evaluation. Also that privacy regulations are taken into account to protect confidential health information.
Product realization: The 2016 version adds product handling, storage, measuring, revalidation, and traceability requirements to the requirements covering product verification, validation, monitoring, inspection and testing.
User training: The new version adds the evaluation of the product’s safety and performance with its associated training needs to the previous version’s identification of product requirements specified by the customer and regulatory bodies.
Supplier evaluation and monitoring: The new version requires that suppliers can meet the product, organization and regulatory requirements. That their performance is regularly monitored and that the risks of changes to the purchased product and of supplier underperformance are considered with regards to safety and performance.
Process validation: While both versions require the validation of processes the new version adds the need to revalidate processes when deemed necessary. This also includes the validation and revalidation of medical devices that connect to or interface with other medical devices.
Complaints: The 2016 version requires the development and documentation of complaint handling procedures for all complaints, not just customer complaints, and to identify improvement opportunities.
Delivery of nonconforming product: The 2016 standard requires that delivered nonconforming products are investigated. Also that corrective action are performed and whether external parties, such as end-users and suppliers, need to be notified.
Improvement: In addition to maintaining a suitable and effective QMS the new version requires that product safety and performance is considered when planning improvements to them. Also that when implementing any corrective and preventive actions that they comply with all regulatory requirements and that they don’t compromise the devices safety and performance.
We really like how user-friendly the isoTracker interface is, and if any questions arise for how to execute a task, the isoTracker tutorial and help videos are very resourceful. Overall, we are very pleased with the system, and its ability to handle our document control and editing process.
Ethan Flint
Healthcare Consultant, USA
Reliable and well supported
Important to maintain tight control over policies in a dynamic and intense clinical environment…becomes simple when documents are managed by reliable, very easy-to-use and well supported software, such as isoTracker.
John Pitchers
Mortuary Manager, Flax Bourton Public Mortuary, Bristol, UK
Top Rated
Quality Management Software
Summer 2025
See for yourself.
isoTracker is affordable, and easy to use. Improve your processes, ensure regulatory compliance, and improve profitability.
A company registered in England and Wales. Company number: 4621066 Registered address: isoTracker Solutions Ltd, Downsview House, 141-143 Station Road East, Oxted, Surrey RH8 0QE, United Kingdom
Manage Consent
We use cookies and similar technologies for personalization of ads, to enhance your browsing experience and analyze our traffic. We share information about your use of our site with Google, Meta and our advertising partners, who may combine it with other data you’ve provided or they’ve collected from your use of their services. You can accept all cookies, reject non-essential cookies, or customize your preferences by clicking on the relevant buttons below. Learn more in our Privacy Policy or Google’s Business Safety & Privacy Terms site.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
