ISO 13485 Certification & Auditing

Meet customer expectations of quality, safety, and performance

Meet customer expectations of quality, safety, and performance

ISO 13485 is the quality management systems standard for the medical device industry

The standard ensures that your medical products consistently meet customer expectations of quality, safety, and performance. The ISO 13485:2016 edition of the standard builds on the ISO 9001 standard, and it includes additional regulatory requirements for the medical device industry. Following the last revision, this third edition of March 1, 2016, incorporates 12 years of technological progress and global regulatory changes.

Gain certification to enter global markets

IS0 13485In some markets, such as the European Union and Japan, medical device manufacturers must obtain ISO 13485 certification. 

In the EU, the requirements of ISO 13485 have been harmonized with the essential requirements of the EU’s Medical Device Directive (93/42/EEC), the Directive for In Vitro Diagnostic Medical Devices (98/79/EC) and the Directive for Active Implantable Medical Devices (90/385/EEC). Certification to ISO 13485 by an accredited certification body provides a presumption of conformity with the essential requirements of these important directives.

In the U.S., the Food and Drug Administration (FDA) permits device manufacturers to submit ISO 13485 audit reports as a substitute of the evidence of compliance with its quality systems regulations (QSR).


  • Improve your process quality and transparency
  • Ensure quality, safety and performance of your medical devices
  • Raise brand reputation and consumer trust and satisfaction
  • Avoid costly product recalls by delivering consistent quality and safety

Gain entry to global markets

Clauses in the ISO 13485 Standard

  • Responsibility Quality Management System (Clause 4) - All processes that are part of a manufacturer’s QMS need to be developed using a risk-based approach. Any software used as part of the quality system should be validated and documented. The validation of all types of computer software used in the QM system is expanded to include software applications outside product realization, including document control and complaints management. The new standard describes Device Master Records (DMR) contents in greater detail and gives examples of mandatory documents.
  • Management Responsibility (Clause 5) - The standard demands a definition of the “role” that an organization plays within the scope of the regulatory requirements (e.g., representative, importer, manufacturer, etc.) and, taking a risk-based approach, of the processes related in addition to that. The standard describes the input and output of the regular management review of the QM system’s effectiveness in greater detail. Management representatives now have the additional responsibility of promoting awareness of the significance of regulatory requirements among all organization employees.
  • Resource Management (Clause 6) - Medical device manufacturers must define the skills and experience required for personnel involved in the maintenance of the QMS, through ongoing training and mechanisms for assessing the effectiveness of such training. A new clause also addresses contamination control and processes for sterilization.
  • Risk-Based Approach to Product Realization (Clause 7) - This clause specifies the requirements and their risk-based implementation for all product-realization processes. This edition includes special requirements for the validation of software used in monitoring and measuring equipment. The aspect of “usability” has been added to the design and development process. The reasons for the selected sample size in design verification and design validation must be provided and documented in the future. There are now separate sub-clauses describing the requirements for transferring design and development outputs to production (transfer design) and the contents of the design history file (DHF).
  • Defined Processes for Measurement, Analysis and Improvement (Clause 8) - The manufacturer must define processes for recording and evaluating production and post-production data and integrating them into the risk-management process. Notification to the regulatory agencies is addressed by a separate sub-clause of the standard and has been extended by the addition of adverse event reporting. Regarding the control of nonconforming products, the standard differentiates between corrections and corrective actions for non-conformities identified before and after delivery. 

Quality Management Systems Expertise

Our auditors have an established history of assessing leading medical device manufacturers with ISO 13485 audits and certification. To help you estimate the individual efforts involved in your implementation of the standard and prepare for the change in the best possible way, TÜV SÜD will provide you with basic information related to the standard.  

We offer a complete range of testing, certification, and auditing services to manufacturers of medical devices. Our specialists and experts will be happy to answer any further questions you may have.

Contact Us to Learn More


ISO 13485:2016 Revision

ISO 13485:2016 Revision Fact Sheet

A quick guide to the revised ISO 13485:2016 standard

Learn More


Next Steps

Site Selector