ISO 13485 implementation

Updated: September 25, 2023.

Now that your company is thinking about implementing a Quality Management System (QMS) and getting certified against ISO 13485, you may be wondering about where — and how — to get started. ISO 13485 implementation can come with a lot of challenges. Sometimes, the first steps can be challenging, but this article will guide you through the reasons to get certified and how to do so, and provide some common areas where people get stuck when they’re not sure how to implement ISO 13485.

Some of the ISO 13485 implementation steps:
  1. Getting management support
  2. Identifying requirements
  3. Defining the scope
  4. Defining processes and procedures

The benefits of ISO 13485 implementation

Meeting regulatory requirements and ensuring patient safety are critical in maintaining consistent medical device quality. Compliance with relevant standards is essential to guarantee an appropriate level of quality control.

ISO 13485 is a well-established international standard for Quality Management Systems in the medical device industry. Achieving certification demonstrates to potential clients that a company adheres to best practices and regulatory requirements. Additionally, implementing ISO 13485:2016 can lead to better control over processes, continual improvement and, ultimately, a positive return on investment.

Why should you implement ISO 13485?

  • to improve your company’s credibility and image
  • to improve customer satisfaction
  • to improve processes
  • to improve decision-making
  • to create a culture of continual improvement
  • to better engage employees

Checklist for ISO 13485 implementation

Once you understand why to implement 13485, you can follow this checklist of ISO 13485 implementation steps to get started with the project.


1) Get management support

This step is number one for a reason: Without management support, your ISO 13485:2016 implementation project is doomed to fail (if it gets started at all). You’ll need to craft a well-though-out presentation outlining the benefits your company can realize through ISO 13485 implementation, and get your management team on board right from the start.

2) Identify requirements

The next critical step toward a successful implementation is making sure that you understand all the requirements you need to satisfy with your QMS. Such requirements usually include legal and regulatory requirements, customer requirements, and other requirements depending on your company’s needs and culture.

3) Define the scope of your ISO 13485 implementation

You want to avoid applying the QMS to areas of your business that don’t pertain to quality, but you don’t want to make the scope so narrow that the company sees no benefit. Please be aware that ISO 13485 is only applicable to the manufacturing of medical devices. Therefore, other products in your portfolio cannot be included in the scope of this standard.

When you define your QMS scope, you will have a better idea of what needs to be done, and the boundaries of your implementation. Your best tools to help you with scope definition are the quality policy and quality manual, so these need to be the first documents you develop for your QMS.

4) Define processes and procedures

The ISO 13485 standard defines certain mandatory procedures that must be part of your QMS, but you will also need to determine what processes and procedures within your company must be defined in order to ensure adequate and consistent quality. The first thing to do is to define all of your company’s processes, and then see how they interact with each other. These interactions are often where problems become evident.

5) Implement processes and procedures

For most companies, all that needs to happen is the documentation of existing processes and procedures to ensure consistent quality that meets requirements. You don’t have to document every process, but you do need to decide which processes need a documented procedure in order to guarantee consistency in the quality of products and services.

Some of the ISO 13485 implementation steps

6) Deploy training and awareness programs

It is vital to the success of your Quality Management System that every employee in your organization understands how the QMS works and where they fit into the mix. All personnel need to be trained on the basics of ISO 13485 so they get an idea of the purpose of implementation; in addition, they need to be aware of any changes to be made in the processes they are a part of. Failing to train employees on time may also affect how long it takes to implement ISO 13485.

7) Choose a certification body for your ISO 13485 implementation

The right certification body can make all the difference, because this is the company that comes in after your implementation to audit your Quality Management System and determine whether or not it conforms to ISO 13485 requirements. In addition, they will also decide how effective your QMS is and whether it shows continual improvement.

8) Operate the QMS / Measure the system

This is when you will collect the records that will be required in audits to show that your processes meet the requirements set out for them, that they are effective, and that improvements are being made in your QMS as needed. Usually, it is a period of two to three months. Certification bodies need this to happen over a certain length of time, which they will identify, in order to ensure that the system is mature enough to show compliance.

9) Conduct internal audits

After you have operated the QMS for the prescribed length of time, but before the certification body conducts their audit, you will need to perform an internal audit of each process. This will tell you whether or not the processes are performing as planned, and if not, you’ll have the opportunity to take corrective action to resolve any issues you find.

10) Conduct management review

Not only must management be supportive of the company’s ISO 13485 implementation — it is imperative that they stay involved in the ongoing maintenance of the Quality Management System. During the management review, they will examine data from the QMS activities to make sure that all processes have the resources they need to continue to be effective, and to improve over time.

11) Take corrective action

Here is where you look for the root cause of the problems discovered during internal audits, measurements, and management review, and then take the necessary action to correct the problems at the source. This is a crucial step in the continual improvement of the Quality Management System, which is a key aim of ISO 13485.

12) Perform the certification audit

Now is the time for the auditors from your chosen certification body to review your documentation and verify that all of the ISO 13485 requirements have been addressed in your QMS.

A sound plan will go a long way toward helping you set up your ISO 13485-based Quality Management System. So, take the necessary time to make a ISO 13485 implementation plan and determine the necessary resources, as this will translate to savings in both time and resources down the line.

Common pitfalls when implementing ISO 13485

The biggest pitfall is failing to thoroughly understand the requirements of the standard. This can lead to incomplete or incorrect implementation, which can result in certification delays or even failure. It is essential to have a comprehensive understanding of the standard and its requirements before beginning the implementation process.

It is important for manufacturers to recognize that not all ISO 13485 requirements are applicable to every manufacturing process. Requirements from clauses 6, 7, and 8 can be excluded as necessary. For example, if a manufacturer produces software as a medical device, requirements regarding sterilization are not applicable, and documentation related to sterilization is not necessary. Similarly, if a medical device does not require installation, requirement 7.5.3 Installation activities is not applicable.

Inadequate employee training and awareness are also common pitfalls. It is crucial for all employees to understand the requirements of the standard and how their roles and responsibilities fit into the Quality Management System. Without proper training and awareness, employees may not be able to effectively contribute to the implementation process.

By understanding and avoiding these common pitfalls, organizations can successfully implement ISO 13485 and achieve certification while improving the quality of their medical devices and processes.

If you need an additional ISO 13485 implementation guide, check out this free Diagram of the ISO 13485:2016 Implementation Process.