The ISO 13485 is a harmonized standard, which lays down the requirements for quality management systems (QMS) for medical devices.
Medical device manufacturers have to therefore, above all, according to ISO 13485 be certified, because according to Appendix II of the Medical Device Directive MDD they can explain the compliance of their products themselves. For medical devices which incorporate software or standalone software, the IEC 62304 also demands a QMS and recommends an ISO 13485.
The validity of the quality management system will be examined by external auditors ( usually notified bodies ) and internal audits.
Read more about the changes introduced by the latest version of ISO 13485 (ISO 13485:2016).
If your product is NOT in class I, you most probably need a certified QM-system. Only conformity assessment procedures based on MDR Annex IV (EC verification) respectively MDR Annex XI part B do not require a certified QM-system. However, this approach is rather the exception.
If your product is in class I, there is QM-system demanded by MDR and by IEC 62304. But this QM-system does not have to be certified.
No. If you need a certified QM-system (see question 1), only a ISO 13485 certification is sufficient to prove compliance with regulatory requirements.
Only notified bodies my certify your QM-system. They have to have the accreditation for "Annex Certificates".
Pay attention that you do not pick a certification body that "only" may certify ISO 13485 compliance
Both, the EU but also national authorities publish lists of "accredidated" notified bodies as for example the German ZLG.
Typically it takes between six and nine months between project start and audit respectively certification. Currently the availability of notified bodies is an issue.
Small and medium sized companies have to invest 30 to 50 person days. However, operating a quality management system requires continuous efforts to audit, to improve and to re-certify the processes respectively the system.
The Johner Institut is specialized on establishing, improving and preparing QM-systems for audits. All of our customers, we are talking about hundreds, successfully passed audits. With no exception!
ISO 13485:2016 is the (only) standard to prove compliance with regulatory requirements related to quality management systems.
In order to establish such a quality management system you must:
Download our Starter-Kit, that contains high resolution mindmaps of ISO 13485 and other standards (all hierarchical levels).
The Johner Institut recommends the following steps to fast and systematically establish a quality management system that complies with regulatory requirements such as MDD, MDR, ISO 13485 and 21 CFR part 820.
Dependent on your activities you define the scope your quality management system:
Currently there is a high demand for notified bodies, as many notified bodies lost their accreditation. Therefore it is important to pick early in the process your notified body.
Read here more about notified bodies.
Now you start defining your "rules" in terms of standard operating procedures, work instructions, templates, forms, checklists etc.:
Make sure that you cover all processes as demanded by regulatory requirements in particular by ISO 13485:2016 respectively 21 CFR part 820.
Your company now start working according to these process descriptions (SOP) and work instructions (WI). It generates "records" proving compliance. E.g. your team fills out forms, templates and checklists or works with computer systems as instructed.
Before the final audit verify that everything is prepared:
Your notified body will audit your company for two to ten (or even more) days depending on the size of your organization.
If you passed the audit successfully you will obtain the certificate(s). Don't forget to celebrate your success.
If you need any help in this road, just contact us. We are specialized to support companies to fast and efficiently pass audits. We never had a customer (we are talking about hundreds) that did not pass the audit!
The most relevant success factors are