What has been included in the new ISO 13485:2016?

This is a guest post by Dr. Michael Rinck, founder and managing director of MT Promedt Consulting.

medical device

The International Organisation for Standardisation (ISO) released its long-awaited revision to the ISO 13485.

This global standard for medical device quality management systems (QMS), is replacing the previous ISO 13485:2003. 

The new revision, ISO 13485:2016, places a greater emphasis on QMS throughout the supply chain and product lifecycle, as well as device usability and post-market surveillance requirements. Relevant aspects from European Medical Device Directives and FDA regulations are incorporated into the new standard. The standard is not harmonised at this moment. 

Started in March 2016 and over the next three years, ISO 13485:2003 and ISO 13485:2016 will coexist, allowing manufacturers, accreditation/certification bodies and regulators time to transition to the new standard.

Product Owners (or often known as Legal Manufacturers in the EU) might be wondering about the impending changes and actions to take in order to stay compliant. Below are some points that we would like to share with you!

Who is meant to comply to the defined requirements?

maintenance medical device

The requirements in this International Standard can also be used by suppliers or other external parties providing a product or service to the Product Owner/Legal Manufacturer of a Medical Device.

Example of such products and services are:

- Raw materials, 
- Components,
- Or services such as sterilisation services, 

- Calibration,
- D
istribution, or
- M

These suppliers can voluntarily choose to conform to the requirements of this standard or can be required by contract to conform. In most situations, suppliers have also moved ahead to adopt the ISO 13485 as we see the trend of sub-contracting increases. By being ISO 13485 compliant, they assure their clients (Product Owners) that they have met the stringent requirements of the standard. 

What are the changes in ISO 13485:2016?

This new revision is also a stand-alone standard. Compared to the ISO 13485:2003, new definitions and clauses are added. Generally, the essential changes have been seen in the following clauses:

Clause 3 Terms and definitions, 7.3.3 Design and development Inputs (regarding usability), 7.3.7 Design and development validation, 7.3.8 Design and development transfer (and its transfer plans), 7.3.10 Design and development files and 8.2.3 Reporting to regulatory authorities.

Can WE claim conformity to ISO 13485:2016 if we are certified to ISO 9001:2015?

The structure of the ISO 13485:2016 is different to the structure of the ISO 9001:2015.  Therefore, organisations whose QMS comply to ISO 13485:2016 cannot claim conformity to ISO 9001:2015 and vice versa.

What is the focus of the new ISO 13485:2016?


The ISO 13485:2016 has taken a holistic approach towards risk management - focusing on the entire medical device lifecycle as well as how the organisation handles it. Appropriate countermeasures must be implemented throughout the lifecycle of the medical device. 

Specific requirements are also introduced to the design and development clauses. E.g., for medical devices that are used in combination with other devices - "If the intended use requires that the medical device be connected to, or have an interface with other medical device(s), validation shall include confirmation that the requirements for the specified application or intended use have been met when so connected or interfaced".

The design and development file for each medical device type or medical device family shall contain all appropriate records. Some of the other important changes between the 2003 and 2016 revision include: 

- Increased linkage with regulatory requirements,
- Harmonisation of the requirements for software validation (e.g. QMS software, process control software, software for monitoring and measurement),
- Additional requirements in design and development on consideration of usability, use of standards, verification and validation planning, design transfer and design records, and
- Emphasis on complaint handling and reporting to regulatory authorities.

Product Owners, what should you do next?

start early

It is recommended to discuss internally within your team or with your consultants to first understand the additional requirements and subsequently perform a gap analysis. This gap analysis should lead to an implementation plan. Speak to your certification/notified body early to understand their expectation for implementation and timeline too.

As mentioned, the focus on risk management, design and development and alignment with regulatory requirements are the key aspects, on top of the other requirements. Start your preparation early and keep your business going!

About the Author

Dr. Michael Rinck is the founder and managing director of MT Promedt Consulting, a German consulting company specialised in regulatory affairs, quality management systems, CE marking and international product registrations for medical devices, IVDs and combination products.

He is a regulatory specialist with strong scientific background in microbiology possessing a Diploma and a Ph.D. in Microbiology from Technical University Berlin and a License in Pharmacy. He has conducted research in antimicrobial coating, biomaterials and sterilisation technologies and developed and implemented these into routine manufacturing processes.

As an independent consultant with over 25 years of international experience, he was responsible in several positions for R&D, quality control, manufacturing and QA/RA for major health care companies.

free 30 minutes gap analysis