ISO 13485 has undergone its first major overhaul of manufacturing system requirements since 2003. Over the next three years, both the previous requirements and 2016 requirement will co-exist, enabling medical device manufacturers time to plan and implement the required changes. Accordingly, it is critical for companies to begin transitioning to ISO 13485:2016 certification as soon as possible, if not in the process already.

Start with an ISO 13485:2016 Certification Readiness Review

Start the process by initiating a corporate readiness review to identify the gaps in the corporate quality management system. Be sure to review key areas including:

  • Management responsibility and reviews including scheduled intervals and increased focus on regulatory compliance
  • Training effectiveness management including monitoring, evaluation of competence and awareness employing a risk-based approach
  • Looking at a risk-based approach to product storage, handling, distribution, and traceability
  • Processes for communicating with stakeholders and regulatory authorities
  • Customer feedback and complaint handling with built-in risk management
  • Track and manage supplier quality for purchased goods, sub-assembly, and services
  • Non-conformance management and linkages into rework and regulatory requirements

Incorporating a Risk-Based Methodology

The revised ISO 13485 standard places a greater emphasis on employing a risk-based approach throughout the quality management system. For example, a risk-based approach is required for many quality management activities. These include but are not limited to outsourced processes, purchased materials, software validation, training management, and non-conforming product.

Transitioning to the updated standards can be a daunting and time-consuming process. However, automated quality management systems that are designed specifically for the life sciences and medical device industries have built-in capabilities that can help facilitate the process. These capabilities include:

  • Built-in risk scoring algorithms used to assess the likelihood and severity of identified problems and proposed activities
  • Live trend reporting and alert tools to identify high-risk events and drive mitigation
  • Automated process workflow and approval routing functionality to ensure risk assessments are performed by qualified personnel and signed off on by management
  • Workflow-driven training processes to ensure that those who are affected are made aware of and trained on process and document changes
  • Data and content management demonstrating controlled change and retention of document histories
  • Questionnaire-driven supplier qualification and audit processes that verify risks associated with purchased products are clearly identified, assessed and properly mitigated


The transition to the revised ISO 13485:2016 certification standard will require significant effort for most medical device manufacturers. It will require companies to take a risk-based approach to quality and compliance management that combines GMP and ISO 9001 compliance processes. It will also require management to develop a flexible system compliant with international regulations such as European regulations when applicable. The key to successfully navigating the transition will be to start early and take advantage of an industry-specific quality management system that provides built-in capabilities that ensure enterprise-wide compliance.

View the AssurX Webinar, 5 Pillars of an Enterprise Quality Management System

View the AssurX Webinar: 5 Pillars of an Enterprise Quality Management System