Global Regulatory Pulse

ISO 13485:2016 – Medical devices – Quality management systems – Requirements for regulatory purposes

In Consulting, Regulatory by Julie Sherman

The latest edition of ISO 13485:2016 – Medical devices – Quality management systems – Requirements for regulatory purposes, was published in February, and is now available. A 3-year implementation schedule has been approved.

This International Standard specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements. Such organizations can be involved in one or more stages of the life-cycle. This may include design and development, production, storage and distribution, installation, or servicing of a medical device and design and development or provision of associated activities (e.g., technical support).

This International Standard can also be used by suppliers or external parties that distribute product or provide quality management system-related services to such organizations.

Requirements of this International Standard are applicable to organizations regardless of their size and regardless of their type, except where explicitly stated. Wherever requirements are specified as applicable to medical devices, the requirements apply equally to associated services as supplied by the organization.

The processes required by this International Standard that are applicable to the organization, but are not performed by the organization, are the responsibility of the organization and are accounted for in the organization’s quality management system by monitoring, maintaining, and controlling the processes.

If applicable regulatory requirements permit exclusions of design and development controls, this can be used as a justification for their exclusion from the quality management system. These regulatory requirements can provide alternative approaches that are to be addressed in the quality management system. It is the responsibility of the organization to ensure claims of conformity to this International Standard reflect any exclusion of design and development controls.

Some of the key changes to ISO 13485:2016 include:

  • Alignment of global regulatory requirements;
  • Inclusion of risk management and risk-based decision making throughout the quality management system;
  • Additional requirements and clarity with regard to validation, verification, and design activities;
  • Strengthening of supplier control processes;
  • Increased focus regarding feedback mechanisms; and
  • More explicit requirements for software validation for different applications.

In all likelihood, some upgrades will be required to your systems. Some of the items outlined earlier may already be in practice, some might need to be formalized, and some of these requirements are new.

The increased focus on risk analysis and risk management as it relates to the quality system may be a challenge, as this approach is quite different from the current process approach. A thorough gap analysis is recommended to provide the user with a baseline of significant changes to be addressed. Although there is a transition period of 36 months, many of the items above are current industry common practices and can be immediately addressed.


International Organization for Standardization. (2016, March 1). ISO 13485:2016. Retrieved March 3, 2016, from


Julie Sherman is a Principal Medical Research Manager for Regulatory and Quality services at NAMSA. Ms. Sherman has over 25 years of US and International Regulatory Affairs experience in medical device and pharmaceutical companies. She has extensive experience in PMA, 510(k), Design Dossier and Technical Files, as well as Quality and Manufacturing Systems in the device and pharmaceutical industries. Ms. Sherman holds a Master of Science in Manufacturing Systems with a concentration in medical devices.