ISO 13485 is the international standard for quality management systems (QMS) for medical devices. It provides a structured framework to help organisations design, manufacture, distribute, and support medical devices that consistently meet regulatory and customer requirements.
ISO 13485 certification demonstrates that an organisation has robust controls in place for product quality, patient safety, and regulatory compliance across the medical device lifecycle.
What is ISO 13485?
ISO 13485 is an international standard published by the International Organization for Standardization. It specifies requirements for a quality management system where an organisation needs to demonstrate its ability to provide medical devices and related services that meet applicable regulatory requirements.
Unlike ISO 9001, ISO 13485 places stronger emphasis on regulatory compliance, risk management, validation, and documented control rather than continual improvement alone.
What does ISO 13485 cover?
ISO 13485 applies to the full lifecycle of medical devices and related services, including:
- Design and development controls
- Risk management and product safety
- Supplier and subcontractor control
- Production and process validation
- Cleanliness, contamination control, and sterile environments
- Traceability and batch control
- Complaint handling and post-market surveillance
- Corrective and preventive actions (CAPA)
- Regulatory documentation and record keeping
The standard is designed to support compliance with medical device regulations in multiple markets.
Who is ISO 13485 for?
ISO 13485 is suitable for organisations involved in any stage of the medical device supply chain, including:
- Medical device manufacturers
- In vitro diagnostic (IVD) manufacturers
- Contract manufacturers and assemblers
- Component and material suppliers
- Sterilisation and packaging providers
- Distributors and service providers
It is commonly required by regulators, notified bodies, and healthcare customers.
ISO 13485 requirements explained
To achieve ISO 13485 certification, an organisation must demonstrate:
Quality management and regulatory focus
- A documented quality policy and objectives
- Clear regulatory responsibilities
- Alignment with applicable medical device regulations
Design and development controls
- Controlled design planning and review
- Verification and validation activities
- Design change management
Risk management
- Identification and control of product risks
- Integration with risk management processes
- Risk-based decision-making throughout the lifecycle
Operational control
- Process validation and production controls
- Supplier qualification and monitoring
- Traceability and identification of products
Performance evaluation and improvement
- Complaint handling and vigilance reporting
- Internal audits
- Management review and CAPA
Auditors expect extensive documented evidence and strict process control.
How to get ISO 13485 certified
The certification process typically includes:
- Defining the scope of the medical device QMS
- Identifying applicable regulatory requirements
- Developing quality and risk management documentation
- Implementing controlled production and support processes
- Training staff and maintaining competence records
- Carrying out internal audits and management review
- Passing a Stage 1 and Stage 2 certification audit
ISO 13485 certification often requires more preparation and documentation than general quality standards.
How long does ISO 13485 certification take?
Indicative timeframes are:
- Small organisations: 3–5 months
- Medium organisations: 4–7 months
- Large or complex manufacturers: 6–12 months+
Timelines depend on device complexity, regulatory scope, and maturity of existing quality systems.
How much does ISO 13485 certification cost?
Indicative total costs (initial certification):
- Small organisations: £6,000–£15,000 | $8,000–$20,000 | €7,000–€18,000
- Medium organisations: £15,000–£35,000 | $20,000–$45,000 | €18,000–€40,000
- Large or complex organisations: £35,000–£70,000+ | $45,000–$90,000+ | €40,000–€80,000+
Costs are influenced by regulatory requirements, audit duration, product risk classification, and preparation approach.
Benefits of ISO 13485 certification
Organisations typically achieve:
- Improved product safety and quality
- Stronger regulatory compliance
- Better control of suppliers and processes
- Enhanced traceability and documentation
- Increased confidence from regulators and customers
- Improved access to global medical device markets
The standard supports consistent, compliant product delivery rather than rapid change.
Common ISO 13485 mistakes to avoid
- Treating ISO 13485 as a version of ISO 9001
- Inadequate risk management integration
- Weak design control documentation
- Poor supplier qualification and oversight
- Incomplete complaint handling processes
Auditors expect disciplined, well-documented systems aligned to regulatory expectations.
ISO 13485 certification FAQs
ISO 13485 itself is voluntary, but it is often required to demonstrate compliance with medical device regulations and market access requirements.
No. Suppliers, service providers, and distributors involved in the medical device lifecycle can also require ISO 13485 certification.
Certification is typically valid for three years, with regular surveillance audits.
ISO 13485 can be aligned with ISO 9001 and ISO 14971, but it has specific regulatory-focused requirements.
Next steps
If you are considering ISO 13485 certification:
- Identify applicable medical device regulations
- Define the QMS scope clearly
- Assess product risk classifications
- Decide whether to prepare internally or use specialist support
- Plan realistic costs and timelines
ISOcertified.net provides detailed guidance on ISO 13485 certification, including regulatory alignment, audit preparation, costs, and ongoing quality management for medical devices.