Skip to content
8foldgovernance master
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • +44 (0)1273 569172
Book a Call

← From our blog

ISO Standards: Why do we use them?

  • Published: May 7, 2025
  • Category: International Standards

Share this post

Avatar photo
Lily Stevens

Share this post

Medical device regulators often rely on International Standards to guide medical device manufacturers and developers on how to meet their regulations; given that each territory has its own regulations, how can international best practices exist and be applied?

What are International Standards

International Standards are internationally agreed-upon guidelines and best practices that address a wide range of subjects, including but not limited to:

  • quality management
  • software development
  • risk management
  • usability engineering

International Standards have been developed to promote consistency, compatibility and efficiency worldwide, with each standard being developed through a rigorous consensus-based process.

The most prevalent of the organisations responsible for developing standards is the International Organisation for Standardisation, more commonly known as ISO. For electronics and software developers, there is also the closely related International Electrotechnical Commission (IEC).

Why Regulators Use International Standards

Creating and maintaining clear, comprehensive and up-to-date documentation explaining how to implement medical device regulations takes a huge amount of time and effort; it would take a team of hundreds or thousands of experts working continuously to maintain. Fortunately, ISO and IEC have exactly this – hundreds or thousands of volunteer experts working to continually improve and expand best-practice guidelines on how to make medical devices safe and effective.

Not only do they have an army of volunteers, but they can also combine expertise from around the world into working groups, allowing a much wider range of knowledge and experience than one country could call upon.

Through international alignment efforts in medical device regulations by organisations such as GHTF (Global Harmonisation Task Force), GHWP (Global Health Workforce Programme), and IMDRF (International Medical Device Regulators Forum), most medical device regulations have similar requirements. EU medical device regulations, for example, are based on a model which is being adopted in many other countries.

So, instead of writing and re-writing the best practice everyone can agree on, individual regulators can leave best practice to International Standards and instead focus on issues specific to their own country. This is (or at least should be) a win for regulators who can jointly outsource most of their guidance writing to ISO and IEC; medical device companies who benefit from a more aligned set of regulatory requirements; and for patients, who are protected by international best-practice.

Navigating ISO 27001 can be complex, but by applying the learning from this blog and also from our other blogs on ISO 27001, you can prepare your organisation and stakeholders for compliance success.

How Regulators Use International Standards

Most, if not all, medical device regulators have a mechanism to advise on which International Standards are suitable for each market. In the UK this process is called designation. In the EU it’s known as harmonisation, and in the US,  recognition. Some regulators even write references to regulations directly into their regulations.

Under these “acknowledgement” mechanisms, regulators are “recommending” that Medical Device companies apply these standards where they are applicable.

Are International Standards mandatory?

Technically, the answer to this question is “no”; however, practically, the answer is “yes”. Let me explain!

There is a well-established principle in many countries that the law should be available for free to all citizens. However, International Standards are copyrighted by their authors – ISO and IEC – so regulators would need to licence them to make them available at no cost.). As most funding for International Standards comes from selling them, the ISO and IEC would put a high price on this. 

While regulators technically only “‘strongly recommend’ using their ‘acknowledged’ standards to meet the regulations, standards remain practically mandatory and so the needle is threaded through the legal loophole to ensure that medical device companies continue to pay for International Standards.

To make this even more confusing, in March of 2024, the EU Court of Justice found that in at least one case, harmonised standards do form part of EU law and should be made publicly available. The downstream effects of this ruling are yet to be felt.

There is a glaring outlier to this. In the case of the US, the entirety of ISO 13485:2016 is in the process of being written into their Quality System Regulation; it appears the US FDA has come to an agreement with ISO to licence the full text of the most commonly used medical device standard for the public to access.

Why you should use International Standards

ISO Standards: Why do we use them?

It’s functionally mandatory.

Regardless of the legal complexities described above, if a regulator makes a random inspection or you need to engage with a notified or approved body, they will expect you to be applying relevant international standards – especially ISO 13485 and 14971, and IEC 62366 and 62304 – as well as  having up-to-date records to prove it.

ISO Standards: Why do we use them?

It’s good for your business.

International Standards are agreed upon best practices written through the consensus of dozens, if not hundreds, of industry experts. They can ensure you don’t have glaring gaps in your processes that will come back to bite you.

Setting up a management system (as per ISO 13485) with clear roles, responsibilities, and authority can also make your business operations run smoother, requiring less oversight from senior leadership, freeing them up to make impactful improvements nstead of irefighting.

ISO Standards: Why do we use them?

Customers expect it.

Customers in the medical field will often ask about compliance with International Standards – especially those you can be certified to, like ISO 13485 or ISO 27001.

ISO Standards: Why do we use them?

It’s good for patients.

Ultimately, the goal of medical device regulations (as well as most businesses) is to ensure their products are safe and effective. While some of it can look like bureaucratic nonsense, the majority of the requirements have strong reasons behind them and can be tailored to suit your business by someone who understands them well.

How we use International Standards to transform your business

At 8fold, we see International Standards as essential tools that not only help you stay compliant with regulations but also improve the way your business operates. These standards help simplify processes, reduce complexity, and create a strong foundation for future growth.

As experts in integrated management systems, we specialise in designing operational practices and systems that work for both today and the future of your business. By offering ongoing support, we make sure your organisation stays ahead in a constantly changing compliance environment.

What makes us different from other professional services businesses is our holistic approach. We don’t just offer generic advice; we tailor our solutions to your company’s unique needs. We integrate all the regulatory and internal requirements into streamlined, best-fit processes.

We also assist you in selecting and setting up tools to automate tasks like administration, notifications, and reporting, ensuring that the most effective improvements are made and giving your team more time to focus on what matters most.

Our management systems are built to grow with your business. As you expand and enter new markets, we ensure you remain flexible and scalable. New requirements, roles, and responsibilities can be easily added, and extra processes can be incorporated whenever necessary.

Need help implementing ISO standards?

With our expert team of Quality Specialists, we can help you implement and embed a range of ISO standards. 

Book a Call with our Expert Team

Other Articles​

Loading...
How ISO 42001 Compliments Other Regulatory Frameworks

How ISO 42001 Compliments Other Regulatory Frameworks

Read More →

November 26, 2025

How to integrate ISO 42001 with other Management Systems

Read More →

October 8, 2025

FAQ: What is ISO 42001?

Read More →

September 26, 2025
8foldgovernance master

+44 (0) 1273 569172

info@8foldgovernance.com

SERVICES

  • AI Governance
  • Medical Device Registration
  • ISO Compliance
  • Full DTAC Support
  • Information Governance
  • Clinical Safety
  • Data Security & Protection
  • CQC Services
  • Cyber Security
  • 8foldTraining

LINKS

  • Contact
  • About
  • Meet The Team
  • Blog
  • Join Us
  • Case Studies
  • Charity Work
  • Partnerships
  • FAQs
DSPT Data Security And protection Toolkit 8Fold
Information Governance Badge 8 Fold
NPSORE
ABHI Member

 © 2026 8fold | Privacy Policy | Cookie Policy | Terms & Conditions

X We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent.
Read More ACCEPT Cookie settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Save & Accept