Skip to content
8foldgovernance master
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • +44 (0)1273 569172
Book a Call

← From our blog

What is ISO 13485?

  • Published: October 23, 2024
  • Category: International Standards

Share this post

Avatar photo
Daniel Mannion

Share this post

ISO 13485 is an international standard used by Manufacturers of Medical Devices to help design a Quality Management System (QMS). It was developed to ensure that medical grade devices or software is safe, meets customer expectations, and complies with regulatory standards. Regulators such as the MHRA in the UK, European Commission, and FDA in the United States see ISO 13485 as the gold standard for medical device manufacturing, making it practically mandatory for companies to follow. The standard was developed by experts globally, including volunteers and professionals, working under the International Organisation for Standardisation (ISO) and nationally-aligned bodies like the British Standards Institute (BSI) in the UK. ISO 13485 provides guidelines for building a QMS- a system designed to ensure that all processes in a company work together efficiently, with clear roles and responsibilities, making it easier to manage and continuously improve product quality whilst keeping patients safe.  

Requirements for ISO 13485

ISO 13485 is split into 8 sections, each containing “Requirements” that Medical Device companies need to meet (although specifically how they meet them is for the company to decide how best to implement).  
  • Scope: a brief explanation of which organisations should or could use ISO 13485
  • Normative References: other standards you need to read to understand all of ISO 13485.
  • Terms and Definitions: a list of terms and their definitions specific to ISO 13485. It is worth noting that the definitions in ISO 13485 don’t always align with the definitions used in Regulations; for example, not all field safety corrective actions as defined in UK, EU or US regulations would fulfil the definition of a Corrective Action in ISO 13485.
  None of these three sections place any obligations on companies to follow ISO 13485; all of the requirements fall into sections 4-8  

Section 4 – Quality Management System

This section establishes the core requirements of what a Quality Management System is and how it must be run, including documentation and records, validation of automated processes and software tools, application of medical device regulations, change control and outsourcing. It also includes the Quality Manual – an overview of your Quality Management System as how it should function. For the most part, ISO 13485 is based on the principles of ISO 9001, meaning there is close alignment between the expectations of a Medical Device Quality Management System and a business quality management system. This is intentional as it allows businesses to ensure quality best practices permeate throughout all functions of their business and are not siloed to a product alone.  

Section 5 – Management Responsibility

This section establishes the responsibilities of Top Management in developing, managing and maintaining the Quality Management System, Quality Policy and Objectives, assigning resources and responsibilities, focusing on customers as well as planning and reviewing the Quality Management System.  

Section 6 – Resource Management:

For any medical device manufacturer, it’s essential to have the right resources available in order to run the Quality Management System. This section includes the need for the business to indicate specific requirements on how human resources are managed, as well as critical infrastructure and work environments which could lead to contamination of products.  

Section 7 – Product Realisation:

This is by far the biggest section. Section 7 covers the planning of operations, how to handle customer-facing activities (e.g. sales, marketing, invoicing, order processing), design and development of medical devices, purchasing and suppliers, production, cleanliness, installation, servicing, identification and preservation of medical devices. Building on the principles of ISO 9001 it enables the business to holistically consider all business critical processes required for the successful development, purchase and implementation of the medical device.  

Section 8 – Measurement, Analysis and Improvement:

This section ensures proper investigation and action on complaints and non-conforming products and processes. This may include processes for reporting ‘events’ to regulators, conducting internal audits, the monitoring of processes to ensure business efficiency and analysing product data. Depending on the risk level of the Medical Device this will determine the detail and complexity in which this section must be implemented.  

Certification to ISO 13485

Companies that manufacture or develop medical devices or who supply the medical device industry can be “certified” to ISO 13485, with some Classifications of Medical Device requiring a certification before regulatory approval. An independent certification body reviews or “audits” your business activities, documentation and staff to determine whether and how well you have applied ISO 13485 to your business. Depending on how your company is structured and relationships with suppliers, certification bodies may perform this audit at your main site, across all sites or perhaps at the site of a key supplier – for example, if you have outsourced software development for your product, they may need to audit your development house to certify your business. Certification bodies will need to repeat this audit each year to maintain your ISO 13485 certificate; they audit over a three-year cycle, with a more intensive audit in the first year (certification audit) and a less intensive audit in the second and third year (surveillance audit). However, be warned, not all ISO certifications are created equal. We recently unpacked this in more detail in our blog “Understanding ISO Standards and Certifications”. In some territories and for some products, ISO 13485 certification is part of your regulatory approval, but this is not always the case; lower-risk medical devices in the UK and Europe should follow ISO 13485, but do not need to be certified. For example, a Class 1 Software as a Medical Device (SaMD) deployed in the UK, does not require certification for regulatory approval but, depending on the product features and intended use the same product may need ISO 13485 certification to meet the requirements of EU MDR.  

Benefits of ISO 13485

When implemented well, ISO 13485 allows you to create a clear, thorough and comprehensive system for running a business that:  
  • creates safe medical devices – e.g. through appropriate testing and inspection
  • ensures customer satisfaction – e.g. by recording and responding to customer feedback
  • fulfils regulatory requirements – e.g. by reporting safety incidents to regulators
  All while minimising the amount of resources, effort and time dedicated to compliance.   Applying and/or being certified to ISO 13485 is a clear indication to customers of a company’s commitment to quality and safety; even where it is not mandated by regulations. In some cases, organisations in the medical device industry or healthcare will expect or require ISO 13485 certification for your company to act as a supplier.  

Implementing ISO 13845: Before you get started

Unfortunately, many companies struggle to implement or maintain ISO 13485 compliance. The most common issues are:  
  • Misunderstanding ISO 13485 requirements
  • Not engaging all relevant staff
  • Utilising generic policies that are not tailored to your business
  • Not designing processes efficiently
  • Not providing clear and user-friendly instructions for staff
  This tends to lead to:  
  • Disagreements about responsibilities
  • Time-consuming manual administration
  • Compliance becoming a distraction from innovation and improvements
  By engaging an expert in ISO 13485 and process design alongside allocating the correct staff who understand the business well, efficient and compliant Quality processes can be put in place that are easy to maintain and designed with your business in mind.  As ISO 13485 is a list of best practices, you may find you are already fulfilling many of the ISO 13485 requirements – the key aspect for each business here is to rationalise and standardise what you are already doing and fill gaps while minimising impact on existing good practice.  

ISO 13485 – Quality Management

Once you’ve completed your implementation and/or certification, the intention is that you continually maintain and improve the system you’ve set up, through activities such as:  
  • Training new staff
  • Making processes more efficient
  • Maintaining process instructions
  You may also find you occasionally have specific questions or concerns, so it is helpful to have an expert to defer questions to and to make suggestions about how to best implement changes or improvements.  

Integration with Other Standards – ISO 9001, ISO 27001 and ISO 42001

Management System standards developed by ISO – such as ISO 9001 for quality management of any business, ISO 27001 for information security management and ISO 42001 for AI management – and including ISO 13485 – are built to a standard structure through ISO’s Annex SL requirements.   This means that these and similar Management System standards can be easily integrated into a single system – for example, allowing you to set up a single Product Development procedure that addresses quality, information security and AI requirements in a single process and if you decide to add another standard in future, it should be easy to integrate these new requirements into your existing structure (with some thorough planning and advice), which can give you a more gradual route to implementing compliance requirements than trying to do them all at once.  

Need help with ISO 13845?

With experience across a range of Software, Hardware and In-Vitro Diagnostic Medical Devices, we have the skills and knowledge you need to take your product to market. Whether you’re just starting out or looking for support, we’re here to help.  Find out more about our tailored QMS services →

Get expert ISO compliance support today.

Ready to accelerate growth with streamlined ISO compliance? Book your free, no obligation discovery call with one of our compliance experts below.

Book a Call with our Expert Team

Other Articles​

Loading...
How ISO 42001 Compliments Other Regulatory Frameworks

How ISO 42001 Compliments Other Regulatory Frameworks

Read More →

November 26, 2025

How to integrate ISO 42001 with other Management Systems

Read More →

October 8, 2025

FAQ: What is ISO 42001?

Read More →

September 26, 2025
8foldgovernance master

+44 (0) 1273 569172

info@8foldgovernance.com

SERVICES

  • AI Governance
  • Medical Device Registration
  • ISO Compliance
  • Full DTAC Support
  • Information Governance
  • Clinical Safety
  • Data Security & Protection
  • CQC Services
  • Cyber Security
  • 8foldTraining

LINKS

  • Contact
  • About
  • Meet The Team
  • Blog
  • Join Us
  • Case Studies
  • Charity Work
  • Partnerships
  • FAQs
DSPT Data Security And protection Toolkit 8Fold
Information Governance Badge 8 Fold
NPSORE
ABHI Member

 © 2026 8fold | Privacy Policy | Cookie Policy | Terms & Conditions

X We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent.
Read More ACCEPT Cookie settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Save & Accept