Don’t Plunge Blindly
into ISO 13485

ECM notified body 1282

Great certification processes are simple ones. The most powerful live at the intersection of clarity, competences and efficiency. By embracing simplicity and good planning they deliver quick, powerful outcomes and drive positive business results. Cutting through the clutter, they’re impossible to ignore.

ISO 13485 is the recognized Quality Management System (QMS) standard for regulated medical device manufacturing environments. It is also the quality management system standard harmonized by the European Commission as the basis for CE marking for the three medical device directives; Medical Devices Directive (MDD), In-vitro Diagnostic Devices (IVD) and Active Implantable Devices. ISO 13485 supports quality management through design, development, production, installation, and delivery of medical devices. It ensures that devices are safe for their intended use.

Compliance to ISO 13485 is a requirement of the medical device regulatory framework in most markets including the European Union, United States, Canada, Japan, and Taiwan. ISO 13485 is also central to Health Canada’s Canadian Medical Device Regulations (CMDCAS) program.

ISO 13485 is the most popular standard for medical device quality management, and is regarded as the ‘passport’ to many international markets, effectively making it a key factor in the success of any business looking to expand to global markets.

ECM is dedicated to simplifying your ISO 13485 certification. ECM offers a complete range of testing, certification and auditing services to medical devices manufacturers, helping them to manage risks and to ensure the health and safety of patients and users.

Our responsive client services and flexible approach will make your ISO 13485 certification as efficient and beneficial as possible.

ISO 13485:2016 has arrived

The ISO 13485 standard has been revised from its 2003 version.  ISO 13485:2016 now replaces the previous version ISO 13485:2012, bringing the date of presumed conformity to March 31, 2019.

ISO 13485:2016: What are the differences?

ISO 13485:2016 introduces several changes from the previous versions of the standard.

What is new between ISO 13485:2016 and previous versions?

Upfront: ISO 13485:2016 is an evolution of the previous versions, not a revolution. However, a variety of small changes make it necessary not to underestimate this latest version of the standard.


Divergence between ISO 9001 and ISO 13485: the two standards ISO 13485 and ISO 9001 diverge regarding their 2015 and 2016 version respectively. Mapping becomes increasingly difficult because the high-level chapter structures are no longer congruent. A mapping table in the annex to ISO 13485:2016 is not estimated to be error-free.

Chapter 1

The new standard specifies that it explicitly also applies to outsourced processes. There must not be any gaps within the value-added chain.

It is also explicitly includes that regulatory requirements shall be regarded as well as risk management. The requirement of meeting regulatory requirements was already in Chapter 7.1. However, this now applies throughout the product lifecycle, including the product development stages.

Chapter 3

A new term, namely the medical device family, requires conformity not only on the level of the product, but also on the level of the medical device family.

Chapter 4

Software validation: What used to be referred to in Chapter 8 is now explicitly expressed in Chapter 4.1 of ISO 13485:2016. Software used in a quality management system must be validated. An example would be software to manage customer feedback. This requirement is no longer limited to production and service provisions.

Chapter 5

From now on, the management review (chapter 5.6) must additionally consider:

  • Input: Complaint handling, notifications to authorities and measurement of products and processes
  • Output: Suitability and adequacy of the QM-system
Chapter 7

Risk management can, but need not be compliant with ISO 14971.

Chapter 7.3’s structure has been revised in ISO 13485:2016. New are the demands for documenting “procedures for design and development,” including design transfer.

According to chapter 7.3.8, the design transfer would ideally be carried out after verification, but prior to validation. For example, to validate products of pilot series.

Also new is chapter 7.3.10, design and development files.

Chapter 7.5.6 on process validation, requires more precisely that relevant process’ software shall be validated.

Chapter 8

Two new subchapters have been incorporated into the new version of ISO 13485:

  • chapter 8.2.2 addresses complaint handling in more detail
  • chapter 8.2.3 addresses the communication with authorities and Notified Bodies.

The analysis of data (chapter 8.4) must now explicitly consider the results of audits and service reports (as appropriate).

Let's talk about

ECM America -Unit 506 – 1110 Brickell Avenue 33131
Miami, Fl


ECM HQ - Via Ca' Bella, 243, 40050
Valsamoggia (BO)

+39 051 670