Warning: Undefined array key "longTitle" in /home/u571561899/domains/crescentqualitycertification.com/public_html/includes/service-page.php on line 40
ISO 13485 Consultancy — Medical Devices Quality Management · Crescent Quality Certifications

Product & Regulatory

ISO 13485 medical device quality, regulator ready.

A quality management system aligned to medical device regulations across major jurisdictions — design controls, risk management, traceability, and the documentation regulators actually look for.

Request a readiness assessment Our approach
What it is

The international QMS standard for medical device manufacturers.

ISO 13485 specifies the requirements for a quality management system where an organisation needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements. Although it shares DNA with ISO 9001, the 2016 revision deliberately kept the older structure rather than adopting the harmonised high-level structure, because medical device regulators expect a particular form of documentation and control.

A certified ISO 13485 quality management system is the foundation on which CE marking under EU MDR, 510(k) submissions to the US FDA, MDSAP audits, and CDSCO licensing in India all sit. The certificate on its own does not grant market access — but without it, the regulatory pathways are materially harder and slower.

Who needs it

Manufacturers, suppliers, and service providers in the medical device chain.

Medical device manufacturers — active, non-active, implantable, and in-vitro diagnostic — are the core audience. So are sterilisation service providers, distributors acting as legal manufacturer, contract manufacturers, component suppliers, and organisations providing calibration or software services to the medical device industry. In India, MDR 2017 has sharpened the expectation that any Class B, C, or D device manufacturer operates a compliant QMS, with ISO 13485 being the conventional evidence.

Benefits

What a well-built BIFMA system earns you.

01

Regulatory market access.

EU MDR, FDA 21 CFR 820, Health Canada, MDSAP, and Indian MDR all look for or align with ISO 13485. The certificate removes the QMS conversation from most regulatory interactions.

02

Design control discipline.

Clause 7.3 design and development is considerably more prescriptive than ISO 9001. Building compliant design files is far easier when the QMS was built for it.

03

Risk management integration.

ISO 14971 risk management becomes integrated into the QMS rather than a parallel track. Post-market surveillance feeds back into risk files as regulators expect.

04

Supplier control.

Purchasing controls under Clause 7.4 force disciplined qualification and monitoring of component suppliers — which is where most field failures actually originate.

05

CAPA credibility.

Corrective and preventive action under 13485 is substantially more rigorous than under 9001. Done properly, it is one of the strongest signals of a mature medical device manufacturer.

06

Audit predictability.

Notified body audits, MDSAP audits, and FDA inspections are more predictable when the QMS is already aligned to the standard they expect to find.

Requirements, in outline

What the standard actually asks of you.

The 2016 revision retained the ISO 9000:2008 structure. Clause 4 covers QMS scope and documentation, including the medical device file — a curated dossier per device family. Clause 5 covers management responsibility. Clause 6 addresses resources, infrastructure (including work environment and contamination control where relevant), and human resources including competence requirements.

Clause 7 is the operational heart of the standard: product realisation, customer-related processes, design and development (with risk management integrated throughout), purchasing, production and service provision (including installation and servicing, sterile barrier systems, process validation, traceability, and records of particular-identification for implantable devices), and control of monitoring and measuring equipment. Clause 8 drives measurement, analysis, and improvement — including feedback and complaint handling, reporting to regulatory authorities, internal audit, monitoring and measurement, control of non-conforming product, data analysis, and corrective/preventive action. Post-market surveillance is woven through 7 and 8.

Our approach

Five stages, from discovery to certificate.

01

Regulatory scoping

Agree the intended markets and device classifications, align the QMS scope with regulatory expectations (EU MDR / FDA / MDR-India / MDSAP), and identify the additional requirements beyond ISO 13485 itself.

02

QMS & medical device file

Build the QMS documentation, the medical device file structure, risk management files (ISO 14971), and design & development files to the depth regulators expect.

03

Process validation & controls

Where processes cannot be fully verified (sterilisation, moulding, packaging, software, electronic records), install validation protocols, IQ/OQ/PQ, and ongoing monitoring.

04

Internal audit & management review

Rigorous internal audit, including against ISO 14971 and any jurisdictional supplementary requirements, and a management review to the depth an external auditor will apply.

05

Certification audit

Stage 1 (documentation + medical device file review) and Stage 2 (implementation) attendance, findings response, and surveillance support.

Timeline & investment

Honest ranges, not placeholder pricing.

A single-site manufacturer with an existing draft QMS and a defined product portfolio typically reaches Stage 2 in fourteen to twenty weeks. Organisations entering regulated manufacture from scratch, or those simultaneously pursuing EU MDR technical documentation, should plan six to nine months. Process validation for sterilisation or sterile barrier systems can dominate the timeline.

Fees depend on device classification, process complexity, number of sites, and whether regulatory submissions are in parallel scope. Certification body fees and any notified body fees are separate; we help evaluate notified bodies against your target markets rather than steering you to a single body.

Frequently asked

Questions we answer on most BIFMA calls.

They are close but not identical. The US FDA has proposed harmonising 21 CFR 820 with ISO 13485:2016 (the Quality Management System Regulation, QMSR), with the final rule effective in 2026. Until then, organisations selling into the US need to bridge the two explicitly.

Under EU MDR, distributors taking on relabelling, repackaging, or sterilising activities can become a legal manufacturer — and require ISO 13485 accordingly. Pure distributors typically do not, but their suppliers usually do.

ISO 14971 is the risk-management process; ISO 13485 requires you to apply risk management throughout the product lifecycle. We integrate ISO 14971 into design controls, supplier management, production, and post-market surveillance rather than running it as a parallel document set.

SaMD manufacturers need ISO 13485 plus IEC 62304 for software lifecycle processes and typically IEC 82304-1 for healthcare software. We build all three into the QMS from the outset.

Possible but usually a bad idea. The two standards diverge on documentation, CAPA, risk, and design control depth. Running a single unified QMS to 13485 and covering 9001 as a subset is cleaner.

Related services

Often pursued alongside BIFMA.

ISO 9001

Embed a quality management system that customers, regulators, and auditors recognise on sight.

Learn more

CE Marking

Directive selection, technical file preparation, testing liaison, and declaration of conformity.

Learn more

ISO 27001

Information security management aligned to Annex A controls, ready for customer and regulator scrutiny.

Learn more

Get a readiness assessment for ISO 13485.

Half a day with a senior consultant, a clause-level gap report, and a candid timeline. No commitment beyond the assessment itself.

Request assessment