Opvia Logo
Opvia Logo
The complete guide: ISO 13485 certification for medical device manufacturing

Learning Center

The complete guide: ISO 13485 certification for medical device manufacturing

quotation marks
Tali Kauffmann
Product Marketer at Opvia
13 minute read
07 May, 2024

For medical device manufacturing, quality and compliance are crucial. An essential standard for any company hoping to bring a medical device to market is the ISO 13485 certification. 

ISO 13485 is a voluntary iso intended to help organisations design systems that consistently produce high-quality medical devices. It lays out clear guidelines for building quality management systems. 

This guide walks you through every important part of ISO 13485, explaining why it matters for your business and practical steps on how to get certified. 

What is ISO 13485 Certification?

ISO 13485 is an international standard and the main Quality Management System (QMS) standard for medical devices worldwide. Though it is a voluntary iso, different countries aim to align their own regulations, such as the the United States aims to align its Food and Drug Administration (FDA). The current version of the standard, ISO 13485:2016, was published in March 2016.

This is a standard that applies universally, regardless of a company's size. It focuses on processes rather than product quality, making sure that controlled processes are leading to desired outcomes.

Another important point is that individual certification under ISO 13485 isn't possible. Instead, organisations as a whole can become certified. Although, individuals can pursue training to become ISO 13485 certified lead auditors, which would allow them to then audit other companies.

ISO 13485 also isn't a membership group. Organisations have to implement its quality management system and be audited certification bodies. If they're successful, they receive ISO 13485 certification valid for three years, which is then subject to renewal every three years to maintain certification.

For the specific scope and clauses about this standard, skip to the later section which provides an overview of ISO 13485 requirements in more detail.  

contextual visual content from CMS

Why does ISO 13485 Certification matter in medical device manufacturing?

ISO 13485 certification shows that a manufacturer is meeting high standards of quality and patient safety. This certification isn't just a regulatory requirement, it also has reputational importance for a company. There also other benefits of iso 13485. We've summarised the value of ISO standard 13485 and why it should matter to your organisation:

  • Product safety

    The obvious point to make here is that ISO 13485 is intended to ensure patient safety and quality of medical devices. The high standards set by this certification help prevent product failures & health risks of defective medical devices.

  • Operational efficiency

    This iso certification demands that manufacturers establish a systematic approach to their quality management systems. As a result, streamlined processes & documentation best practices reduce the risk of errors and inefficiencies, boosting productivity.

  • Global market access

    Given that it is an international standard, many countries either require or see a lot of value in ISO 13485 certification for medical devices sold within their jurisdiction. Having this certification is usually a prerequisite for entering international markets.

  • Building credibility

    Certification shows that a company is committed to both quality & safety, which can improve customer satisfaction, relationships with suppliers, and support marketing claims about products. 

How do you check if a company is ISO 13485 certified?

To verify if a company is ISO 13485 certified, here are some simple steps:

  1. Find the organisation's unique ISO 13485 certificate number.
  2. Check that the certificate references the standard for medical device manufacturing.
  3. Check both the expiry or validity date of the certificate to make sure it's still valid.

How to get ISO 13485 certification and installation of a QMS

Achieving ISO 13485 certification is a big step for companies that manufacture medical devices. It shows that an organisation has robust quality management systems. However, the certification process can seem long and confusing. So here's a practical step-by-step overview of certification: 

1. Understand ISO 13485

This standard helps organisations develop a quality management system that meet both regulatory requirements and customer expectations. Getting to grips with the standard is the clear first step in the certification process.

2. Prepare a quality manual

Creating a detailed quality manual is crucial. This manual should explain the specific processes and procedures an organisation has implemented in order to meet ISO 13485 standards. The manual will then serve as the blueprint for your quality management system, detailing all the roles, responsibilities, and procedures.

3. Implementing the standard

Implementation is more than just documentation. It often involves training staff, establishing quality controls, and setting up a good monitoring systems (like an eQMS).

4. Certification audit

After preparing your quality manual and setting up the appropriate systems, the next step is the certification audit. This is conducted by an accredited external auditor. It's a two-stage process to assess the quality management system. Stage one assesses documentation, and stage two is a more detailed operational audit.

5. Maintaining certification

It's not over once you've achieved certification. There are regular reassessments for ISO 13485 (both internal and external). 

An overview of ISO 13485 requirements

It probably comes as no surprise, but ISO certification documents can make for dense and tricky reading. So we've tried to summarise the key takeaways of the standard to make it more accessible. 

Clause 1: Scope

This clause talks about the standard's scope and how it applies to organisations. It mentions:

  • The importance of a process approach
  • The relevance of the standard to regulatory requirements for products and services
  • How processes should be continually improved

Clause 2: Normative reference

References ISO 9000:2015 alongside the standard, explaining the “fundamentals and vocabulary” of the Quality Management System.

Clause 3: Terms & definitions

Provides definitions of the terms used in the standard, including:

  • Active implantable medical device
  • Active medical device
  • Advisory notice
  • Customer complaint
  • Implantable medical device
  • Labelling
  • Medical device
  • Sterile medical device

Clause 4: General requirements

Explains the requirements for Quality Management System documentation, including:

  • Quality manual with scope of the QMS
  • Required procedures
  • Required forms & records
  • Control of documents
  • Control of forms

Clause 5: Management responsibility

Specifies requirements for company management's role in the QMS, covering:

  • Management responsibility
  • Quality policy & objectives
  • Customer focus & customer satisfaction
  • Management review

Clause 6: Resource management

Outlines the requirements for resource management, referring to:

  • Personnel and training
  • Resource management

Clause 7: Product realisation

Details the requirements for product or service production, including:

  • Planning
  • Customer-related processes and customer feedback
  • Design
  • Purchasing
  • Process control
  • Identification & traceability
  • Customer property

Clause 8: Measurement, analysis and improvement

Specifies requirements for monitoring and improving processes, covering:

  • Customer satisfaction
  • Internal audits
  • Control of non-conforming product
  • Corrective and Preventive Action (CAPA)

contextual visual content from CMS

What is a contract manufacturer and how to choose the right one?

A contract manufacturer is a company that produces goods or components on behalf of a client company under the latter's brand name. 

Okay, but why is this relevant for understanding ISO 13485 and the medical device industry? Well naturally, if you're outsourcing product production to a third party provider, it's important to vet that manufacturer on a number of important criteria, especially their ISO certifications.

Why use a contract manufacturer

There are a few reasons why you might want to consider choosing a partner for contract manufacturing. Though, this depends largely on factors like in-house expertise, budget and countless other details of a medical device business.

1. Cost efficiency 

Often, service providers are able to produce goods more cost-effectively than a client company could in-house.

2. Expertise and equipment

Contract manufacturers usually have specialised expertise & advanced manufacturing capabilities that may not be economically possible for every company to keep internally.

3. Focus on core competencies

Outsourcing manufacturing enables companies to focus instead on other other steps of the product life cycle like product development, or sales and marketing. 

Choosing the right contract manufacturer for the medical device industry

Choosing the best contract manufacturer is crucial, especially in the medical industry, quality can't be compromised. There are a couple things to watch out for. 


Make sure the manufacturer holds relevant certifications, like ISO 13485, ISO 9001, and FDA CFR 21 Part 11.

Quality of work

Assess their track record by reviewing previous projects and customer testimonials.

Communication & support

Your manufacturer needs to be crystal clear with communication and be proactive about resolving any issues. This can severely impact not just the manufacturing process but the entire product life cycle.

How much does it cost to get iso 13485 certified?

The cost of certification can vary widely based on a few factors. But largely it comes down to the size of a company and the complexity of the product. For a quick ballpark number, you're looking at around $20,000 minimum.

Here's a rough cost breakdown:

  1. Certification body fees

These fees are payable directly to the notified body responsible for conducting the ISO 13485 assessment. The costs vary greatly between bodies and geographical regions.

  1. Audit costs

Typically, the largest expense during certification is the audit. This is charged on a per-day basis. As a rough estimate, audit costs are generally around $3,000 per day. Again though, how long the audit takes depends on the size of the organisation.

  1. Annual certification fees

An annual fee is another part of the certification cost. This usually ranges from $3,000 to $5,000. The fee covers the ongoing compliance checks and certification renewal.

Estimating your costs

Here are a few steps to take to get a rough estimate of how much certification will cost:

  1. Assess the complexity of your product lines and the size of your organisation.
  2. Get quotes from multiple notified bodies. Since costs can vary, doing this will paint a clearer picture of potential expenses.
  3. Plan for the time & resources your team will need to invest in preparing for the audit. This includes things like training and adjusting processes.
QMS Implementation Checklist
QMS Implementation Checklist

Related content

  • Lab digitalisation: why strategise before exploring?
    16 May, 2024
    7 minute read

    Lab digitalisation: why strategise before exploring?

    quotation marks
    Yaasir Suleiman
    Pharmaceuticals at Opvia

    Lab digitalisation is here to stay. But the increasing uptake of ELN and LIMS solutions isn’t just a response to the demand for standardised workflows and ensuring regulatory compliance; it’s how companies use automation to scale and stay innovative.

  • What is GMP Software?
    14 May, 2024
    14 minute read

    What is GMP Software?

    quotation marks
    Tali Kauffmann
    Product Marketer at Opvia

    Quality and compliance in manufacturing are essential. Good Manufacturing Practice (GMP) is the standard that helps achieve this.

  • What is automated data processing?
    09 May, 2024
    11 minute read

    What is automated data processing?

    quotation marks
    Mina Ilieva
    Data Integration Expert at Opvia

    Modern companies in regulated industries, like manufacturing and pharmaceuticals, need to make data-driven decisions quickly and securely. To gain a competitive edge, enterprises need efficient systems to store and process data, particularly as they adopt AI.

  • 11+ compliance and risk management courses for quality managers
    02 May, 2024
    15 minute read

    11+ compliance and risk management courses for quality managers

    quotation marks
    Tali Kauffmann
    Product Marketer at Opvia

    Quality managers are at the frontline of safeguarding an enterprise's integrity. Whether in pharmaceuticals, biotech, food and beverage, medical devices, or any industry with a need for serious regulatory compliance, being equipped with the best skills and knowledge is crucial.

  • Automating 40% of Clonakilty distillery processes and improving traceability
    30 Apr, 2024
    7 minute read

    Automating 40% of Clonakilty distillery processes and improving traceability

    quotation marks
    Tali Kauffmann
    Product Marketer at Opvia

    Clonakilty Distillery is a family-owned operation based on the scenic coast of Ireland. Founded in 2019 by the Scully family, it uses its unique maritime climate to produce distinctive whiskies and gins.

  • EBR system comparison: Top 5 solutions for 2024
    16 Apr, 2024
    13 minute read

    EBR system comparison: Top 5 solutions for 2024

    quotation marks
    William Moss
    CEO at Opvia

    Manufacturers looking to adopt electronic batch records (EBR systems) often find decision-making difficult. Pinpointing exactly what features will best serve their organisation isn't always easy.