How to Get ISO 13485 Certification for a Medical Device QMS
To get ISO 13485 certification, an organization must define its scope, build a medical-device QMS, complete gap analysis, documentation, training, internal audit, and management review, then pass Stage 1 and Stage 2 audits by an external certification body.
That short answer hides a lot of work.
ISO 13485 certification is not a form you buy or a badge you download. It is the result of preparing a quality management system, proving that the system works, and passing an independent certification audit. For medical-device companies, suppliers, contractors, and service providers, the process usually starts long before the external auditor arrives.
Important: ISO does not issue ISO 13485 certificates. ISO publishes the standard. External certification bodies audit organizations and issue certificates when the QMS meets the applicable requirements.
What Is ISO 13485 Certification?
ISO 13485 certification is third-party confirmation that an organization’s medical-device quality management system has been audited against ISO 13485:2016 requirements.
The certified object is the organization’s QMS, not the medical device itself. That distinction matters because ISO 13485 is often misunderstood as product approval. It is not.
ISO 13485:2016 is the current certification version. It is designed for quality management systems used by organizations involved in medical devices and related services, including design, development, production, installation, servicing, storage, distribution, and outsourced activities where applicable.
ISO 13485 Certification Is Not Product Approval
ISO 13485 certification shows that the organization has a quality management system assessed against ISO 13485 requirements. It does not automatically approve a medical device for sale.
The table below separates QMS certification from product approval, so the roles stay clear.
Item | ISO 13485 Certification | Product Approval / Market Authorization |
Main focus | The organization’s medical-device QMS | A specific medical device or device family |
Reviewed by | External certification body | Regulatory authority, notified body, or applicable market pathway |
Outcome | ISO 13485 certificate for the defined QMS scope | Clearance, approval, conformity assessment, registration, or authorization, depending on the market |
What it proves | The QMS was audited against ISO 13485 requirements | The product met applicable regulatory pathway requirements |
Common mistake | Treating QMS certification as device approval | Assuming product approval replaces QMS obligations |
ISO 13485 certification is not the same as FDA clearance, FDA approval, EU MDR conformity, CE marking, or market authorization.
A certified QMS can support regulatory readiness, customer trust, and supplier qualification. It does not replace product-specific regulatory work.
ISO 13485:2016 Is the Current Certification Version
ISO 13485:2016 is the current version used for ISO 13485 certification.
Older references may still appear in templates, supplier documents, or outdated web pages. Before preparing for an audit, the organization should confirm that its QMS, documentation, audit plan, and certification scope align with ISO 13485:2016.
This is especially important for companies using older quality manuals, inherited procedures, or documents copied from ISO 9001 systems.
Who Needs ISO 13485 Certification?
ISO 13485 certification is relevant for organizations involved in medical-device design, production, installation, servicing, supply, outsourced processes, or related services.
Not every company in the medical-device supply chain needs certification for the same reason. Some need it for customer approval. Some need it for tender requirements. Some need it to prepare for regulatory expectations. Others need it because buyers will not qualify them without a recognized medical-device QMS.
The table below shows common organization types and why ISO 13485 may matter.
Organization Type | Why ISO 13485 Certification May Matter |
Medical-device manufacturer | Supports QMS control for design, production, traceability, complaints, CAPA, and regulatory expectations |
Contract manufacturer | Helps prove quality-system control to device companies that outsource production |
Component or material supplier | May be required by customers when the supplied product affects device quality |
Sterilization, installation, or servicing provider | Supports control of quality-impacting services |
Medical-device startup | Helps build a QMS before supplier qualification, investor due diligence, or market-entry planning |
Distributor or importer | May support quality responsibilities depending on role, region, and customer requirements |
Quality manager or regulatory lead | Provides a framework for audit readiness and QMS discipline |
Medical-Device Manufacturers
Medical-device manufacturers often pursue ISO 13485 certification because their QMS must control product realization, design, where applicable, production, supplier quality, traceability, complaints, nonconforming product, and corrective actions.
For manufacturers, ISO 13485 is not just an audit target. It becomes the operating structure for how quality is managed across the device lifecycle.
Suppliers, Contractors, and Service Providers
Suppliers and contractors may need ISO 13485 certification when their work affects medical-device quality.
A contract manufacturer producing device components, a sterilization provider, a calibration service, or an installation provider may be asked to show QMS control before becoming an approved supplier. The exact need depends on the customer, product risk, outsourced activity, and regulatory environment.
Startups and New Medical-Device Companies
Startups often need ISO 13485 before they feel “ready” for it.
A young company may still be finalizing design, suppliers, documentation, or manufacturing routes. Waiting too long can create rework. Building the QMS early helps the team control design changes, supplier decisions, risk records, validation evidence, complaints, and regulatory documentation from the start.
Can Individuals Get ISO 13485 Certified?
Individuals do not receive ISO 13485 company certification.
A person can take ISO 13485 training, lead auditor training, internal auditor training, or consultant training. Those certificates show training completion or auditor competence. They are not the same as an organization receiving ISO 13485 certification after an external QMS audit.
How to Get ISO 13485 Certified Step by Step
An organization gets ISO 13485 certified by defining its scope, preparing and implementing the QMS, completing internal readiness checks, selecting a certification body, passing Stage 1 and Stage 2 audits, closing nonconformities, and maintaining the certificate.
This is the core roadmap.
The table below shows the main ISO 13485 certification steps, why each step matters, and the evidence usually prepared.
Step | Purpose | Evidence to Prepare | Common Mistake |
1. Define scope | Set QMS boundaries | Scope statement, sites, products/services, processes | Making the scope too vague or too broad |
2. Perform gap analysis | Compare the current QMS to ISO 13485 | Gap report, action plan | Treating gap analysis as the audit itself |
3. Build or update QMS | Create controlled processes | Procedures, responsibilities, process controls | Copying templates without implementation |
4. Prepare documents and records | Prove QMS control | Policies, records, medical-device file, supplier records | Having documents but no usable evidence |
5. Train employees | Build competence | Training records, role responsibilities | Training only the quality manager |
6. Conduct an internal audit | Check readiness | Internal audit plan, findings, audit report | Skipping the internal audit before the certification audit |
7. Complete management review | Leadership reviews QMS performance | Review minutes, decisions, actions | Treating management review as a formality |
8. Choose a certification body | Select the external auditor | Proposal, scope, accreditation check | Confusing the consultant with the certification body |
9. Complete Stage 1 audit | Review readiness and documentation | QMS documents, scope, procedures | Scheduling too early |
10. Complete Stage 2 audit | Assess implementation | Process evidence, interviews, and records | Having documents, but weak implementation |
11. Close nonconformities | Fix audit findings | Root cause, corrective action, evidence | Correcting symptoms but not causes |
12. Receive certificate | Certification decision | Approved scope, certificate details | Not checking certificate accuracy |
13. Maintain certification | Keep QMS active | Surveillance audit evidence, CAPA, reviews | Treating certification as finished |
1. Define the ISO 13485 Certification Scope
The certification scope defines what the ISO 13485 certificate will cover.
Scope may include sites, products, services, design activities, manufacturing processes, outsourced activities, installation, servicing, storage, distribution, or other quality-impacting work. The scope should match what the organization actually controls.
A weak scope creates problems later. If the scope is too broad, the organization may not be ready. If the scope is too narrow, the certificate may not satisfy customers or regulators.
2. Perform an ISO 13485 Gap Analysis
A gap analysis compares the current QMS against ISO 13485 requirements.
This step identifies what is missing, weak, undocumented, uncontrolled, or not yet implemented. A useful gap analysis should result in a practical action plan, not just a long checklist of problems.
Common gaps include supplier controls, validation records, complaint handling, CAPA evidence, internal audit planning, management review, training records, medical-device file structure, and risk-linked process controls.
3. Build or Update the Medical-Device QMS
The QMS must control how the organization manages quality for medical devices or related services.
This usually means defining process ownership, document control, record control, supplier management, design controls where applicable, production and service controls, traceability, validation, complaint handling, nonconforming product, CAPA, internal audits, and management review.
A QMS should be usable. If employees cannot follow it, auditors will see the gap between documentation and reality.
4. Prepare Required ISO 13485 Documents and Records
ISO 13485 certification requires documents and records that prove the QMS is defined and operating.
Documents describe what the organization intends to do. Records prove what actually happened. Both matter.
For example, a supplier procedure explains how suppliers are evaluated. Supplier approval records prove that the procedure was followed.
5. Train Employees on QMS Responsibilities
Employees need to understand the parts of the QMS that affect their work.
Training should not stop with the quality department. Production, purchasing, design, service, warehouse, complaint handling, regulatory, leadership, and supplier-management roles may all need defined responsibilities.
Training records should show who was trained, what they were trained on, when training happened, and whether competence was confirmed where needed.
6. Conduct an Internal Audit
An internal audit checks whether the QMS conforms to ISO 13485 and the organization’s own procedures.
This is the rehearsal before the external audit, but it should not be treated as theater. Internal audit should find real issues while the organization still has time to fix them.
A weak internal audit creates false confidence. A strong internal audit gives leadership a clearer view of readiness.
7. Complete Management Review
Management review is where leadership evaluates QMS performance and audit readiness.
This review may include audit results, process performance, customer feedback, complaints, CAPA status, supplier performance, resource needs, regulatory changes, risk issues, and improvement actions.
Certification readiness is not only a quality manager’s responsibility. Leadership must show that the QMS is reviewed and supported.
8. Choose an External Certification Body
An external certification body performs the certification audit and issues the certificate if the QMS meets requirements.
The certification body should be selected based on scope fit, medical-device competence, accreditation status, audit process, sector experience, availability, and credibility with target customers or regulators.
Do not choose only by the lowest price. A weak or unverifiable certificate can create problems during customer review.
9. Complete the Stage 1 Audit
The Stage 1 audit checks whether the organization appears ready for Stage 2.
The auditor may review documentation, scope, key processes, readiness, internal audit status, management review, and whether the QMS has enough maturity for a full implementation audit.
Stage 1 often identifies gaps that must be addressed before Stage 2.
10. Complete the Stage 2 Audit
The Stage 2 audit evaluates whether the QMS is implemented and effective.
The auditor reviews records, interviews employees, checks process evidence, samples activities, examines controls, and tests whether the QMS works in practice.
This is where template-based systems often fail. Documents alone are not enough. The organization must show evidence that processes are being followed.
11. Resolve Nonconformities and Corrective Actions
If the auditor raises nonconformities, the organization must respond with root-cause analysis and corrective action evidence.
A good corrective action does more than fix the visible issue. It addresses why the issue happened and how recurrence will be prevented.
For example, a missing training record may point to a deeper training-control weakness. Fixing only one record may not be enough.
12. Receive the ISO 13485 Certificate
The certification body issues the ISO 13485 certificate after the audit process and corrective actions are accepted.
Before using the certificate with customers, the organization should check the details carefully:
- legal entity name;
- certified scope;
- sites covered;
- ISO 13485 version
- certificate number;
- certification body name;
- accreditation details, if applicable;
- issue date and expiry date.
A certificate is only useful if the scope and details match the organization’s actual needs.
13. Maintain Certification Through Surveillance Audits
ISO 13485 certification must be maintained.
Surveillance audits check whether the QMS continues to conform after certification. Recertification confirms continued conformity at the end of the certification cycle.
The QMS should stay active through internal audits, CAPA, complaint handling, supplier review, training, management review, risk-related updates, and control of documented information.
Stage 1 Audit vs Stage 2 Audit
Stage 1 and Stage 2 audits serve different purposes in the ISO 13485 certification process.
The table below shows the difference.
Audit Stage | Main Purpose | What the Auditor Looks For |
Stage 1 audit | Readiness and documentation review | Scope, QMS documentation, internal audit, management review, and preparedness for Stage 2 |
Stage 2 audit | Full implementation and conformity audit | Records, process evidence, interviews, control implementation, and effectiveness |
Corrective action review | Closure of audit findings | Root cause, action plan, implemented corrections, evidence of effectiveness |
Stage 1 asks, “Is the organization ready for the full audit?”
Stage 2 asks, “Is the QMS implemented and conforming?”
Both stages matter. Skipping readiness work before Stage 1 usually makes Stage 2 harder.
What Are the Main ISO 13485 Requirements?
ISO 13485 requirements cover the organization’s QMS, management responsibility, resource controls, product realization, process controls, measurement, analysis, improvement, and documented evidence.
For readiness planning, the main requirement areas are:
Requirement Family | What It Covers | Evidence Often Reviewed |
Quality management system | QMS processes, documentation, records, and outsourced process control | QMS scope, procedures, records, process maps |
Management responsibility | Quality policy, objectives, planning, responsibilities, and management review | Policy, objectives, org chart, review minutes |
Resource management | Personnel competence, infrastructure, work environment | Training records, competence evidence, and facility controls |
Product realization | Planning, customer requirements, design, purchasing, production, servicing | Product plans, design records, supplier records, production records |
Supplier and purchasing controls | Supplier selection, evaluation, monitoring, and purchased product controls | Approved supplier list, evaluations, and purchasing records |
Identification and traceability | Product identification, traceability where required, and status control | Lot records, labels, traceability logs |
Validation and process control | Controlled production and service processes | Validation protocols, monitoring records, and equipment records |
Complaint handling and feedback | Customer feedback, complaints, and regulatory reporting links, where applicable | Complaint records, investigations, and trend data |
Nonconforming product | Control of products or outputs that do not meet requirements | Nonconformance records, disposition records |
CAPA | Corrective and preventive action | Root cause analysis, action records, and effectiveness checks |
Internal audit | Planned audits of the QMS | Audit program, reports, findings |
Measurement and improvement | Data analysis, monitoring, corrective action, and QMS effectiveness | Metrics, trend reports, improvement actions |
The practical point is this: ISO 13485 certification depends on documented control and real implementation. The organization must show both.
What Documentation Is Required for ISO 13485 Certification?
ISO 13485 certification requires documented QMS evidence, including scope, policies, objectives, procedures, records, product-related evidence, supplier records, training records, internal audit records, management review records, and corrective-action evidence.
The table below shows common documentation groups used during certification preparation.
Documentation Group | Examples |
QMS scope | Scope statement, sites, processes, products/services covered |
Quality policy and objectives | Approved quality policy, measurable objectives, and review records |
Controlled procedures | Document control, record control, purchasing, production, complaint handling, CAPA, internal audit |
Work instructions | Process-specific instructions for production, inspection, servicing, storage, or handling |
Medical-device file | Device description, specifications, production/service details, and records required by the QMS |
Supplier records | Supplier approval, evaluation, monitoring, and purchasing records |
Training records | Role-based training, competence evidence, and awareness records |
Validation records | Process validation, software validation, equipment, or sterilization validation, where applicable |
Traceability records | Lot, batch, serial, or device identification records are required |
Complaint and feedback records | Complaint intake, investigation, closure, trend review |
Internal audit records | Audit schedule, audit reports, findings, follow-up actions |
Management review records | Meeting minutes, inputs, decisions, action items |
CAPA records | Nonconformity, root cause, corrective action, effectiveness check |
Documentation should match the organization’s real processes. Auditors look for alignment between procedures, records, employee practices, and QMS requirements.
A polished manual with weak records is not audit-ready.
Who Issues ISO 13485 Certification?
ISO 13485 certificates are issued by external certification bodies, not by ISO.
This section matters because many organizations search for “ISO certification” and assume that ISO itself certifies companies. That is incorrect.
ISO does not issue ISO 13485 certificates. Certification is performed by external certification bodies.
ISO Publishes the Standard but Does Not Issue Certificates
ISO develops and publishes ISO 13485.
ISO does not audit organizations, does not issue certificates, and does not approve companies as “ISO certified.” When an organization receives ISO 13485 certification, the certificate comes from a certification body that performed the audit.
This distinction protects organizations from misleading offers and fake certificate claims.
External Certification Bodies Perform ISO 13485 Certification Audits
A certification body audits the organization’s medical-device QMS against ISO 13485 requirements.
If the QMS conforms and audit findings are resolved, the certification body can issue the ISO 13485 certificate. The certificate should show the organization name, standard, scope, site details, certificate number, issue date, expiry date, and certification body.
Certification Body vs ISO 13485 Consultant
A consultant can help prepare the QMS. A certification body performs the external audit and issues the certificate.
The table below explains the difference.
Role | What They Do | What They Should Not Claim |
ISO 13485 consultant | Helps with gap analysis, documentation, implementation, internal readiness, and training | Should not claim to independently certify the same QMS they prepared |
Certification body | Performs certification audit and issues a certificate if requirements are met | Should not act as the organization’s implementation consultant for the same scope |
Accreditation body | Assesses certification body competence for defined accreditation scopes | Does not certify the organization’s QMS directly |
Organization | Builds, operates, and maintains the QMS | Should not claim certification before audit completion |
A consultant and certification body should not be treated as the same service. Confusing the two can weaken trust and create conflict-of-interest problems.
How to Check Accreditation and Certificate Verification
Certificate verification should confirm that the certificate is real, current, and issued through a credible certification route.
Check:
- Certificate number.
- Organization name.
- Certified standard: ISO 13485:2016.
- Certification scope.
- Sites covered.
- Certification body.
- Accreditation body, where applicable.
- Issue and expiry dates.
- Certificate status.
- Verification through the certification body, relevant accreditation body, IAF CertSearch, where applicable, or current accreditation records.
If certificate details cannot be verified, treat the certificate cautiously.
How Much Does ISO 13485 Certification Cost?
ISO 13485 certification cost varies by organization size, certification scope, number of sites, QMS maturity, device complexity, documentation readiness, consultant support, training needs, audit duration, and certification-body fees.
The table below shows the main cost drivers.
Cost Driver | Why It Affects Cost |
Certification scope | A broader scope may require more audit time and more QMS preparation |
Number of sites | Multi-site organizations usually need more audit planning |
QMS maturity | A mature QMS may need less implementation support than a new system |
Device complexity | Higher-risk or more complex devices may require stronger controls and evidence |
Documentation readiness | Missing procedures and records create more preparation work |
Internal staff capability | Experienced quality teams may reduce consulting needs |
Consultant support | Gap analysis, documentation, training, and readiness support add cost |
Certification body fees | Audit duration, auditor competence, region, and sector scope affect fees |
Surveillance audits | Certification maintenance creates ongoing audit costs |
A useful quote should separate consulting cost, certification-body audit cost, training cost, and surveillance cost. Lumping everything into one number can hide the real cost structure.
How Long Does ISO 13485 Certification Take?
ISO 13485 certification timeline depends on current QMS readiness, documentation completeness, internal audit results, management review readiness, certification-body availability, and corrective-action closure time.
There is no exact universal ISO 13485 certification timeline.
The table below shows timeline drivers.
Timeline Driver | How It Affects Certification Time |
Existing QMS maturity | Organizations with an operating QMS usually move faster than organizations starting from zero |
Scope complexity | More sites, processes, products, and outsourced activities require more preparation |
Documentation gaps | Missing procedures, records, or medical-device file evidence can delay readiness |
Staff training | Employees need time to understand and operate QMS processes |
Internal audit findings | Serious findings may require corrective action before certification audit |
Management review readiness | Leadership review must happen before external audit readiness is credible |
Certification body scheduling | Audit dates depend on auditor availability and scope fit |
Nonconformity closure | Major findings can delay certificate issuance until accepted corrective actions are completed |
A realistic timeline should be based on readiness, not hope. The fastest organizations are usually the ones with a clear scope, strong process ownership, and evidence already in place.
How Long Is ISO 13485 Certification Valid?
ISO 13485 certification must be maintained through surveillance and recertification audits.
Certification should not be treated as a one-time document purchase. The QMS must continue operating after the certificate is issued.
Certification Requires Ongoing Surveillance
Surveillance audits check whether the organization continues to maintain its QMS.
Auditors may review complaints, CAPA, supplier controls, internal audit, management review, production records, training records, and changes since the previous audit. Weak maintenance can lead to findings.
Recertification Keeps the Certificate Active
A recertification audit is used to renew certification at the end of the certification cycle.
Before recertification, the organization should review scope, process changes, risk changes, customer complaints, supplier performance, audit results, and evidence that the QMS remains effective.
Poor QMS Maintenance Can Put Certification at Risk
Certification can be suspended or withdrawn if the organization does not maintain conformity.
Common risks include missed surveillance audits, unresolved nonconformities, poor CAPA control, weak complaint handling, uncontrolled documents, supplier-control failures, or major changes not managed through the QMS.
A certificate is not the finish line. It is the start of continued QMS accountability.
How FDA QMSR Uses ISO 13485:2016
FDA’s Quality Management System Regulation incorporates ISO 13485:2016 by reference, but ISO 13485 certification and FDA regulatory compliance are not the same thing. The FDA does not require ISO 13485 certification, does not issue ISO 13485 certificates, and does not exempt a manufacturer from FDA inspection because the manufacturer holds an ISO 13485 certificate. FDA inspections assess compliance with FDA requirements.
This matters for U.S. medical-device firms because ISO 13485 now has a stronger regulatory bridge in the United States. It does not mean an ISO 13485 certificate automatically satisfies every FDA requirement or grants market authorization.
FDA QMSR Incorporates ISO 13485:2016 by Reference
The FDA Quality Management System Regulation incorporates ISO 13485:2016 by reference.
For organizations selling medical devices in the United States, this makes ISO 13485 especially relevant to QMS planning. The organization still needs to understand FDA-specific requirements, device classification, submissions, records, labeling, complaint handling, reporting obligations, and other applicable controls.
FDA Requirements and ISO 13485 Certification Are Not the Same Thing
ISO 13485 certification does not guarantee FDA approval, FDA clearance, FDA compliance, or market authorization.
A certification audit and FDA regulatory oversight serve different purposes. If ISO 13485 conflicts with FDA law or implementing regulations, FDA requirements control for U.S. regulatory purposes.
U.S. Medical-Device Firms Should Treat This as a Regulatory Bridge
U.S. firms should treat ISO 13485 as a major QMS alignment tool, not as a shortcut around FDA obligations.
A strong QMS can support regulatory readiness, but product-specific and market-specific requirements still need separate review.
Common Mistakes That Delay ISO 13485 Certification
ISO 13485 certification is delayed when organizations treat the process as documentation work instead of QMS implementation.
The most common mistakes are practical, not mysterious.
- Starting without a clear certification scope.
- Copying procedures that do not match real operations.
- Leaving supplier controls weak.
- Missing validation records where validation is required.
- Training only the quality team.
- Completing the internal audit too late.
- Holding management review as a paperwork exercise.
- Treating CAPA as a form instead of a root-cause process.
- Choosing a certification body before the QMS is ready.
- Confusing product approval with QMS certification.
- Claiming certification before the certificate is issued.
A cleaner path starts with scope, process ownership, and evidence. Templates can help, but they cannot replace implementation.
How AGS Can Support ISO 13485 Certification Readiness
AGS supports organizations with ISO 13485 certification pathways, audit preparation, surveillance planning, and QMS conformity support within its approved service scope. AGS does not publish ISO standards and does not act as an accreditation body.
The practical starting point is a readiness review. That review can identify gaps in scope, documentation, process control, supplier management, training, internal audit, management review, and corrective-action evidence before the external certification audit.
The goal is not just to “get a certificate.” The goal is to build a medical-device QMS that can stand up to audit, customer review, regulatory pressure, and ongoing surveillance.
Final Takeaway
Getting ISO 13485 certification is a structured process: define the scope, build the medical-device QMS, close gaps, prepare documents and records, train staff, complete internal audit and management review, pass Stage 1 and Stage 2 audits, resolve nonconformities, and maintain the system through surveillance.
The most important point is role clarity. ISO publishes ISO 13485. External certification bodies perform audits and issue certificates. Consultants can help prepare the QMS, but they do not replace the certification body.
For medical-device organizations, the value of ISO 13485 certification is not only the certificate. The stronger value is a controlled QMS that can support customer trust, supplier qualification, regulatory readiness, audit evidence, and long-term quality discipline.
ISO 13485 Certification FAQs
Can ISO 13485 certification be done online?
ISO 13485 preparation can often be supported remotely, but certification still requires a real audit process by an external certification body. Remote document review, consulting, and readiness support may be possible, but the audit method depends on the certification body, scope, sites, and audit rules.
Do I need ISO 9001 if I have ISO 13485?
No, ISO 9001 is not automatically required if an organization has ISO 13485 certification. ISO 13485 is designed for medical-device quality management systems, while ISO 9001 is a broader quality management standard used across many sectors.
Standard | Main Focus | Typical Use |
ISO 13485 | Medical-device QMS requirements for regulatory purposes | Medical-device manufacturers, suppliers, and related service providers |
ISO 9001 | General quality management system requirements | Organizations across many industries |
Both together | Broader quality management plus medical-device QMS alignment | Sometimes used when customers require both |
An organization should choose based on customer requirements, regulatory context, and business scope.
What is the difference between ISO 13485 and AS9100?
ISO 13485 is for medical-device quality management systems, while AS9100 is for aerospace quality management systems. Both are sector-specific QMS standards, but they apply to different industries, risks, customers, and supply-chain expectations.
Is ISO 13485 required to sell medical devices?
ISO 13485 certification is not universally required in every market for every medical device. It may be required or strongly expected depending on the country, device type, customer requirements, regulatory route, notified body expectations, supplier qualification, or contract terms.
Can a startup get ISO 13485 certified?
Yes, a startup can get ISO 13485 certified if it has a defined QMS scope and can demonstrate implementation of applicable requirements. The challenge is usually building enough process evidence before the certification audit.
Can outsourced processes be included in an ISO 13485 QMS?
Yes, outsourced processes can be included in the ISO 13485 QMS when the organization controls them properly. Supplier evaluation, purchasing controls, agreements, monitoring, and records are usually important evidence for outsourced quality-impacting activities.
How do you verify an ISO 13485 certificate?
Verify an ISO 13485 certificate by checking the certificate number, organization name, standard, scope, sites, certification body, accreditation body, where applicable, issue date, expiry date, and current status. Use the certification body, relevant accreditation body, IAF CertSearch, where applicable, or current accreditation records.
Can an individual get ISO 13485 certified?
No, ISO 13485 certification applies to an organization’s QMS, while individuals can take ISO 13485 training or auditor courses. A training certificate is not the same as an organization-level ISO 13485 certification.
Is ISO 13485 certification the same as MDSAP?
No, ISO 13485 certification and MDSAP are not the same. MDSAP is a medical-device regulatory audit program accepted by participating regulatory authorities, while ISO 13485 certification is a QMS certification against ISO 13485 requirements.
What happens if the Stage 2 audit finds nonconformities?
If the Stage 2 audit finds nonconformities, the organization must address them through correction, root-cause analysis, corrective action, and evidence. Certificate issuance may be delayed until the certification body accepts the response.
