October 3, 2017

ISO 13485 has undergone its first major overhaul of manufacturing system requirements since 2003. Over the next three years, both the previous requirements and 2016 requirement will co-exist, enabling medical device manufacturers time to plan and implement the required changes. Accordingly, it is critical for companies to begin transitioning to ISO 13485:2016 certification as soon as possible, if not in the process already.

Start with an ISO 13485:2016 Certification Readiness Review

Start the process by initiating a corporate readiness review to identify the gaps in the corporate quality management system. Be sure to review key areas including:

  • Management responsibility and reviews including scheduled intervals and increased focus on regulatory compliance
  • Training effectiveness management including monitoring, evaluation of competence and awareness employing a risk-based approach
  • Looking at a risk-based approach to product storage, handling, distribution, and traceability
  • Processes for communicating with stakeholders and regulatory authorities
  • Customer feedback and complaint handling with built-in risk management
  • Track and manage supplier quality for purchased goods, sub-assembly, and services
  • Non-conformance management and linkages into rework and regulatory requirements

Incorporating a Risk-Based Methodology

The revised ISO 13485 standard places a greater emphasis on employing a risk-based approach throughout the quality management system. For example, a risk-based approach is required for many quality management activities. These include but are not limited to outsourced processes, purchased materials, software validation, training management, and non-conforming product.

Transitioning to the updated standards can be a daunting and time-consuming process. However, automated quality management systems that are designed specifically for the life sciences and medical device industries have built-in capabilities that can help facilitate the process. These capabilities include:

  • Built-in risk scoring algorithms used to assess the likelihood and severity of identified problems and proposed activities
  • Live trend reporting and alert tools to identify high-risk events and drive mitigation
  • Automated process workflow and approval routing functionality to ensure risk assessments are performed by qualified personnel and signed off on by management
  • Workflow-driven training processes to ensure that those who are affected are made aware of and trained on process and document changes
  • Data and content management demonstrating controlled change and retention of document histories
  • Questionnaire-driven supplier qualification and audit processes that verify risks associated with purchased products are clearly identified, assessed and properly mitigated


The transition to the revised ISO 13485:2016 certification standard will require significant effort for most medical device manufacturers. It will require companies to take a risk-based approach to quality and compliance management that combines GMP and ISO 9001 compliance processes. It will also require management to develop a flexible system compliant with international regulations such as European regulations when applicable. The key to successfully navigating the transition will be to start early and take advantage of an industry-specific quality management system that provides built-in capabilities that ensure enterprise-wide compliance.

View the AssurX Webinar, 5 Pillars of an Enterprise Quality Management System

View the AssurX Webinar: 5 Pillars of an Enterprise Quality Management System