Skip to main content
v2026.1714 entries · CC-BY 4.0
CiteLicenceEN-GB
CASRAI

Definition · Plain-language

ISO 13485

ISO 13485 is the quality-management standard written specifically for organisations involved in the medical-device lifecycle, with a strong regulatory emphasis.

CASRAI research-methods explainer — ISO 13485

The step most authors miss

Doing CRediT right? Don’t stop at the statement.

A CRediT statement credits you inside one paper. The recognition CRediT was built for happens when those roles are tied to you, persistently. Sign in with your ORCID — free — and claim your CRediT contributions on casrai.org, the home of the standard. They become a verified, portable part of your identity, not a line that disappears into one PDF.

Free: claim your contributions, then export a journal-ready CRediT statement, schema.org structured data, JATS XML, CSV or BibTeX — and preview your public profile. A membership publishes that profile publicly and verifies the journals you serve.

Sign in with ORCID — free Why this matters →

A medical-device-specific QMS

ISO 13485 applies to organisations across the medical-device lifecycle — design, development, production, storage, distribution, installation and servicing — as well as suppliers and other parties. While it uses the same management-system foundations as ISO 9001, it is tailored to the sector’s safety and regulatory demands. Continual improvement, prominent in ISO 9001, is replaced by an emphasis on maintaining the effectiveness of the QMS and meeting regulatory requirements. The standard exists because medical devices can directly affect patient safety, so the system controlling them must be demonstrably rigorous and traceable.

Regulatory focus and key requirements

ISO 13485:2016 is markedly more prescriptive than ISO 9001 about documentation, risk management, design and development controls, traceability and record retention. It requires risk management to be applied across product realisation, detailed device files, controls over sterile and implantable products where relevant, and clear handling of complaints and regulatory reporting. These requirements map closely to legal frameworks, so certification is often a practical prerequisite for placing devices on the market. Conformity supports, but does not replace, compliance with regulations such as the EU MDR or US FDA requirements.

How it relates to ISO 9001

ISO 13485 was derived from ISO 9001 and retains a recognisable structure, but the two have diverged. Notably, ISO 13485:2016 deliberately does not adopt the High-Level Structure (Annex SL) used by ISO 9001:2015, because the medical-device community valued stability and regulatory alignment over harmonisation. An organisation already certified to ISO 9001 will find familiar concepts but must add substantial sector-specific controls. Many medical-device firms hold ISO 13485 as their primary certification, sometimes alongside ISO 9001 for non-device parts of the business.

Key facts

At a glance

  • Definition: QMS requirements specific to medical devices and related services
  • Current version: ISO 13485:2016
  • Focus: regulatory compliance, risk management, traceability, documentation
  • Derived from: ISO 9001, but more prescriptive and not on Annex SL
  • Aligns with: FDA Quality System Regulation, EU Medical Device Regulation
  • Emphasis: maintaining QMS effectiveness rather than continual improvement

Common misconceptions

What people often get wrong

Often heard: ISO 13485 is just ISO 9001 for hospitals.

Actually: ISO 13485 is for organisations in the medical-device lifecycle — manufacturers, suppliers and servicers — not hospitals generally. It is far more prescriptive than ISO 9001 on risk, design controls and traceability, and is structured around regulatory compliance rather than general quality.

Often heard: Holding ISO 13485 means a device is legally approved for sale.

Actually: ISO 13485 certifies the quality management system, not market approval. It supports regulatory compliance and is often expected by regulators, but placing a device on the market still requires meeting the specific legal requirements of each jurisdiction, such as the EU MDR or FDA clearance.

Often heard: If you are ISO 9001 certified you are automatically ISO 13485 ready.

Actually: ISO 9001 provides a familiar foundation, but ISO 13485 adds extensive medical-device-specific requirements for risk management, design files, sterilisation and traceability. Significant additional work is needed to bridge from one to the other.

Going deeper

Related CASRAI guidance

ISO 9001ISO 9001 vs ISO 13485NonconformityInternal auditStandards dictionaryPlain-language explainers
LAC

Partner Deal

LAC Health Supplies Mobile App

Referenced across the research world

University of Cambridge logoColumbia University logoUniversity of Edinburgh logoHarvard University logoUniversity of Oxford logoPrinceton University logoStanford School of Medicine logoUniversity College London logoORCID logoCrossref logoUniversity of Cambridge logoColumbia University logoUniversity of Edinburgh logoHarvard University logoUniversity of Oxford logoPrinceton University logoStanford School of Medicine logoUniversity College London logoORCID logoCrossref logo
  • University of Cambridge logo
  • Columbia University logo
  • University of Edinburgh logo
  • Harvard University logo
  • University of Oxford logo
  • Princeton University logo
  • Stanford School of Medicine logo
  • University College London logo
  • ORCID logo
  • Crossref logo

View CASRAI adoption →