A Guide to ISO 13485 Certification

What is ISO 13485 Certification?

An ISO 13485 certification is a way to exhibit an organization’s compliance with the ISO 13485 standard created by the International Organization for Standardization (ISO) for the medical device manufacturing industry. Its current version is the ISO 13485:2016 standard, which is typically valid for 3 years as with other ISO certifications.

Why is ISO Certification Important to a Medical Device Manufacturer?

Complying with the ISO 13485 standard helps organizations establish a Quality Management System (QMS) that will let them build and sustain effective methods and processes in manufacturing medical devices. In addition, aligning your quality standards to internationally recognized guidelines enables your organization to ensure top-notch and streamlined systems in designing, producing, and distributing safe and well-functioning medical devices.

It’s also worth noting that many ISO standards are recognized by regulatory bodies like the US Food and Drug Administration (FDA) and patterned with similar standards from other parts of the world, such as the European Union (EU). Hence, being ISO-certified means you have a competitive advantage not just among similar organizations but also among international manufacturers of medical devices.

In summary, the following factors reinforce the importance of having an ISO 13485 certification:

• High-quality manufacturing processes

• Commitment to continuous improvement

• Credibility

• Competitive edge among peers

• Compliance with regulatory requirements

What are the Benefits of ISO 13485 Certification?

Closely related to its importance, being certified for the ISO 13485 standard merits organizations the following major benefits:

• Reduced need for repeating processes

• Streamlined quality management

• Recognition of being up to par with international industry standards

• Increased profitability

• Continuous customer satisfaction

ISO 13485 Certification Process

Depending on the business or organization, some of the initial requirements and steps on how to get an ISO 13485 certification may vary. Nonetheless, the following steps should be able to get you started:

1. Planning

This is where your organization plans how to establish your QMS and align it to the standard’s quality planning requirements. Part of such is to create a quality manual and provide an optimized method of documenting quality plans when implementing relevant changes to your QMS.

Apart from those, the following tasks must also be completed:

• Obtain a copy of the ISO 13485 standard and other related documents.

• Determine and establish relevant processes.

• Assign internal auditors and teams to such processes.

• Set a schedule, create workflows, and define guidelines for each process.

• Conduct gap analyses for each task or process.

• Provide ISO 13485 certification training for process owners.

• Improve and finalize processes.

• Standardize processes and document necessary records.

2. First internal audit

The first internal audit helps your organization to verify the effectiveness of your QMS even before the third-party certification body conducts the initial audit. This way, you can pinpoint nonconformities and their root causes from the get-go and design necessary actions to mitigate and address them.

3. Corrective actions

Based on the internal audit report, you can now determine if there are issues needing to be eliminated or areas needing improvement. This is where you initiate a Corrective and Preventive Action (CAPA) process. Such a quality management procedure will help you devise the necessary actions and process improvements to be done by everyone involved in those areas.

4. First management review

Just before applying for the third-party audit, it’s essential that you let your top management review your organization’s quality objectives. After the review, the management finalizes a list of action items found in internal audits and improvements to be implemented. The list can then be used as a guiding document for the next management review before applying for the certification.

5. Initial ISO 13485 certification audit

In this step, start by researching and choosing which third-party organization will conduct the certification among recognized ISO 13485 certification bodies. Then, the overall application for the certification begins—from filling out the form, reviewing it, and submitting it to the certification body. In most cases, this is where contract signing is also accomplished.

Furthermore, this step is comprised of two stages:

1. Stage 1 (Documentation Survey) – The third-party auditor focuses on checking how well an organization documents its systems. Hence, the CAPA process, management review schedule, and overall QMS should be in place. Some of the documents you need to prepare for the first stage include the following:

   • Quality manual

   • Organizational chart

   • Internal auditing process and schedule

   • CAPA protocols and log

   • Management review process and findings

2. Stage 2 (Primary Audit) – This is where you ensure that the rest of the ISO 13485 certification requirements are complete in your organization. The certification auditor now checks if all regulatory requirements have been met, especially those that are recognized in international markets. In addition, the auditor evaluates the effectiveness of your overall quality system by sampling records from each and every process your organization implements. Lastly, the second stage of the initial certification will also help you identify the schedule of surveillance audits (typically done yearly) and reassessment.