What is ISO 13485?

ISO 13485 is an international standard that specifies requirements for quality management systems in the context of medical devices. Certification of a quality management system in accordance with ISO 13485 is a key requirement for medical device manufacturers. This standard ensures that the quality management system meets the specific requirements for medical devices, which translates into the safety and performance of the products. It focuses on aspects related to the design, production, installation, and servicing of medical devices. The goal of the standard is to ensure that products remain safe and effective throughout their entire life cycle.

Requirements of ISO 13485

The requirements of ISO 13485 oblige the manufacturer to implement and maintain an effective Quality Management System (QMS), covering, among others: documentation requirements, resource management, product realization (product planning, design and development, purchasing, production, and service provision), measurement, analysis, and improvement (monitoring and analysis of processes, product monitoring and analysis, control of nonconforming products, handling of complaints, internal audits, and others).

Risk management is another critical requirement, involving risk analysis at every stage of the product life cycle, identifying potential hazards, and implementing risk control measures. The manufacturer must also maintain comprehensive technical documentation for the medical device, including product specifications, manufacturing procedures, packaging procedures, measurement and monitoring procedures, and others. This documentation must be regularly updated and available to Notified Bodies and certification bodies. Manufacturing processes must be controlled and compliant with the established requirements. Additionally, the manufacturer must ensure full traceability of the device at every stage of its life cycle.

Medical devices must undergo a conformity assessment procedure prior to being placed on the market, with the involvement of Notified Bodies for devices of the following risk classes: Is, Im, Ir, IIa, IIb, and III.

How does the ISO 13485 certification process work?

The ISO 13485 certification process consists of 6 stages:

  1. Submission of an application to the Global Certification Body. The manufacturer submits an official application for certification of the quality management system in accordance with ISO 13485. Based on the provided information, the Global Certification Body prepares an offer for the client.
  2. Agreement between the client and the Global Certification Body. Upon acceptance of the offer, an agreement is signed outlining the responsibilities of both parties.
  3. Pre-audit (optional, so-called “Stage 0 audit”). This involves a review of the QMS documentation and an assessment of the implementation level of the quality management system. The aim of the pre-audit is to assess the organization’s readiness for the certification audit.
  4. Certification audit. It consists of two stages: Stage I (off-site assessment of the QMS documentation) and Stage II (on-site audit at the client’s premises). Stage I evaluates the readiness of the organization for Stage II. A positive outcome of Stage I is required to proceed to Stage II. During the Stage II audit, auditors thoroughly review documentation, including records, for compliance with ISO 13485 requirements.
  5. Issuance of the certificate. Upon successful completion of the certification audit, the Global Certification Body issues a certificate confirming that the QMS complies with ISO 13485 requirements.
  6. Surveillance. Within the 3-year certification cycle, the Global Certification Body conducts annual surveillance audits to verify the maintenance and effectiveness of the QMS.

How long does the ISO 13485 certification process take?

The ISO 13485 certification process typically takes between 1 and 3 months. The duration depends on factors such as company size, process complexity, and the organization’s level of readiness.

Can ISO 13485 help in obtaining CE marking?

Yes, the ISO 13485 certificate can support the process of obtaining CE marking. Compliance with the standard confirms that the manufacturer’s QMS is aligned with the regulatory requirements for medical devices, facilitating the conformity assessment procedure required to affix the CE marking. Implementation of a QMS in accordance with MDR 2017/745 and IVDR 2017/746 is a necessary component of the conformity assessment process.

Does ISO 13485 replace other certifications?

ISO 13485 does not replace other certifications, but it may complement or support regulatory compliance. Depending on the region and the type of medical devices, additional certifications may be required in parallel with ISO 13485.

Why choose GCB for ISO 13485 certification?

Choosing GCB for ISO 13485 certification guarantees:

  • Industry expertise: GCB specializes in the medical device sector, with extensive experience from national and international auditors and experts who possess in-depth knowledge of the sector’s specific requirements.
  • Transparent certification: GCB provides clients with clear and understandable requirements, assessment criteria, and process stages, eliminating the risk of arbitrary interpretation and building trust.
  • Tailored approach: GCB understands the unique needs of medical device manufacturers and offers personalized support throughout the certification process.
  • Reliability and objectivity: GCB audits are conducted in accordance with international standards, ensuring full transparency and impartiality.

Benefits of ISO 13485 certification

ISO 13485 certification facilitates market access for medical devices, ensures compliance with international standards, and builds customer trust. Certification also supports risk identification and management, contributing to the safety and performance of medical devices. GCB provides support at every stage of the certification process, and the obtained certificate confirms compliance with ISO 13485 requirements.

Risks associated with not implementing ISO 13485 in the organization

Risks associated with not implementing ISO 13485 include:

  • Restricted market access: In many countries, ISO 13485 is a requirement for medical device manufacturers to place products on the market (e.g., in the European Union, compliance with ISO 13485 supports meeting MDR requirements).
  • Poor product quality: Meeting ISO 13485 requirements ensures a structured QMS that helps maintain and monitor high quality standards for product realization.
  • Lack of process control: Organizations may struggle to identify and eliminate errors in production processes, increasing the risk of placing non-compliant products on the market, which raises the likelihood of medical incidents or increased complaints.
  • Loss of customer trust: Customers and business partners may perceive the lack of ISO 13485 certification as a lack of commitment to quality and safety.
  • Risk to health and life: Low-quality medical devices can pose a threat to patients.
  • Lack of process standardization: Without ISO 13485 implementation, processes may be less efficient and more prone to errors.