The complete guide: ISO 13485 certification for medical device manufacturing

For medical device manufacturing, quality and compliance are crucial. An essential standard for any company hoping to bring a medical device to market is the ISO 13485 certification. 

ISO 13485 is a voluntary iso intended to help organisations design systems that consistently produce high-quality medical devices. It lays out clear guidelines for building quality management systems. 

This guide walks you through every important part of ISO 13485, explaining why it matters for your business and practical steps on how to get certified. 

ISO 13485 is an international standard and the main Quality Management System (QMS) standard for medical devices worldwide. Though it is a voluntary iso, different countries aim to align their own regulations, such as the the United States aims to align its Food and Drug Administration (FDA). The current version of the standard, ISO 13485:2016, was published in March 2016.

This is a standard that applies universally, regardless of a company's size. It focuses on processes rather than product quality, making sure that controlled processes are leading to desired outcomes.

Another important point is that individual certification under ISO 13485 isn't possible. Instead, organisations as a whole can become certified. Although, individuals can pursue training to become ISO 13485 certified lead auditors, which would allow them to then audit other companies.

ISO 13485 also isn't a membership group. Organisations have to implement its quality management system and be audited certification bodies. If they're successful, they receive ISO 13485 certification valid for three years, which is then subject to renewal every three years to maintain certification.

For the specific scope and clauses about this standard, skip to the later section which provides an overview of ISO 13485 requirements in more detail.  

ISO 13485 certification shows that a manufacturer is meeting high standards of quality and patient safety. This certification isn't just a regulatory requirement, it also has reputational importance for a company. There also other benefits of iso 13485. We've summarised the value of ISO standard 13485 and why it should matter to your organisation:

• Product safety

  The obvious point to make here is that ISO 13485 is intended to ensure patient safety and quality of medical devices. The high standards set by this certification help prevent product failures & health risks of defective medical devices.

• Operational efficiency

  This iso certification demands that manufacturers establish a systematic approach to their quality management systems. As a result, streamlined processes & documentation best practices reduce the risk of errors and inefficiencies, boosting productivity.

• Global market access

  Given that it is an international standard, many countries either require or see a lot of value in ISO 13485 certification for medical devices sold within their jurisdiction. Having this certification is usually a prerequisite for entering international markets.

• Building credibility

  Certification shows that a company is committed to both quality & safety, which can improve customer satisfaction, relationships with suppliers, and support marketing claims about products. 

To verify if a company is ISO 13485 certified, here are some simple steps:

1. Find the organisation's unique ISO 13485 certificate number.
2. Check that the certificate references the standard for medical device manufacturing.
3. Check both the expiry or validity date of the certificate to make sure it's still valid.

Achieving ISO 13485 certification is a big step for companies that manufacture medical devices. It shows that an organisation has robust quality management systems. However, the certification process can seem long and confusing. So here's a practical step-by-step overview of certification: 

This standard helps organisations develop a quality management system that meet both regulatory requirements and customer expectations. Getting to grips with the standard is the clear first step in the certification process.

Creating a detailed quality manual is crucial. This manual should explain the specific processes and procedures an organisation has implemented in order to meet ISO 13485 standards. The manual will then serve as the blueprint for your quality management system, detailing all the roles, responsibilities, and procedures.

Implementation is more than just documentation. It often involves training staff, establishing quality controls, and setting up a good monitoring systems (like an eQMS).

After preparing your quality manual and setting up the appropriate systems, the next step is the certification audit. This is conducted by an accredited external auditor. It's a two-stage process to assess the quality management system. Stage one assesses documentation, and stage two is a more detailed operational audit.

It's not over once you've achieved certification. There are regular reassessments for ISO 13485 (both internal and external). 

It probably comes as no surprise, but ISO certification documents can make for dense and tricky reading. So we've tried to summarise the key takeaways of the standard to make it more accessible. 

This clause talks about the standard's scope and how it applies to organisations. It mentions:

• The importance of a process approach
• The relevance of the standard to regulatory requirements for products and services
• How processes should be continually improved

References ISO 9000:2015 alongside the standard, explaining the “fundamentals and vocabulary” of the Quality Management System.

Provides definitions of the terms used in the standard, including:

• Active implantable medical device
• Active medical device
• Advisory notice
• Customer complaint
• Implantable medical device
• Labelling
• Medical device
• Sterile medical device

Explains the requirements for Quality Management System documentation, including:

• Quality manual with scope of the QMS
• Required procedures
• Required forms & records
• Control of documents
• Control of forms

Specifies requirements for company management's role in the QMS, covering:

• Management responsibility
• Quality policy & objectives
• Customer focus & customer satisfaction
• Management review

Outlines the requirements for resource management, referring to:

• Personnel and training
• Resource management

Details the requirements for product or service production, including:

• Planning
• Customer-related processes and customer feedback
• Design
• Purchasing
• Process control
• Identification & traceability
• Customer property

Specifies requirements for monitoring and improving processes, covering:

• Customer satisfaction
• Internal audits
• Control of non-conforming product
• Corrective and Preventive Action (CAPA)

A contract manufacturer is a company that produces goods or components on behalf of a client company under the latter's brand name. 

Okay, but why is this relevant for understanding ISO 13485 and the medical device industry? Well naturally, if you're outsourcing product production to a third party provider, it's important to vet that manufacturer on a number of important criteria, especially their ISO certifications.

There are a few reasons why you might want to consider choosing a partner for contract manufacturing. Though, this depends largely on factors like in-house expertise, budget and countless other details of a medical device business.

Often, service providers are able to produce goods more cost-effectively than a client company could in-house.

Contract manufacturers usually have specialised expertise & advanced manufacturing capabilities that may not be economically possible for every company to keep internally.

Outsourcing manufacturing enables companies to focus instead on other other steps of the product life cycle like product development, or sales and marketing. 

Choosing the best contract manufacturer is crucial, especially in the medical industry, quality can't be compromised. There are a couple things to watch out for. 

Make sure the manufacturer holds relevant certifications, like ISO 13485, ISO 9001, and FDA CFR 21 Part 11.

Assess their track record by reviewing previous projects and customer testimonials.

Your manufacturer needs to be crystal clear with communication and be proactive about resolving any issues. This can severely impact not just the manufacturing process but the entire product life cycle.

The cost of certification can vary widely based on a few factors. But largely it comes down to the size of a company and the complexity of the product. For a quick ballpark number, you're looking at around $20,000 minimum.

Here's a rough cost breakdown:

1. Certification body fees

These fees are payable directly to the notified body responsible for conducting the ISO 13485 assessment. The costs vary greatly between bodies and geographical regions.

2. Audit costs

Typically, the largest expense during certification is the audit. This is charged on a per-day basis. As a rough estimate, audit costs are generally around $3,000 per day. Again though, how long the audit takes depends on the size of the organisation.

3. Annual certification fees

An annual fee is another part of the certification cost. This usually ranges from $3,000 to $5,000. The fee covers the ongoing compliance checks and certification renewal.

Here are a few steps to take to get a rough estimate of how much certification will cost:

1. Assess the complexity of your product lines and the size of your organisation.
2. Get quotes from multiple notified bodies. Since costs can vary, doing this will paint a clearer picture of potential expenses.
3. Plan for the time & resources your team will need to invest in preparing for the audit. This includes things like training and adjusting processes.