The Essential Parts of an ISO 13485 Medical Device QMS


    Using a quality management system specifically designed for ISO 13485 is a smart move.

    To get the most value from a QMS, you need a solution which is tailored to the unique needs of the modern medical device quality management system, as well as the size of your manufacturing company.

    How do ISO 13485 medical device quality management systems differ from more generic solutions? How will you know when you've found a good one?

    The best systems include features to meet all ISO 13485 requirements and capabilities which facilitate more efficient compliance and greater collaboration. We'll show you what to look for in an ISO 13485 QMS below so that you can move forward confidently.

    The Crucial Components of an ISO 13485 Medical Device Quality Management System

    ISO 13485 is a set of international standards for a quality management system which can help medical device manufacturers design, manufacture, and distribute quality medical devices which meet customer requirements.

    While a system or software is not explicitly required by 13485:2016, adopting a QMS solution can enable organizations to achieve certification with 13485 and meet regulatory requirements. ISO 13485 can be supported by a generic eQMS software which is customized to meet medical device manufacturing requirements or a specialized solution (like Qualio) which contains capabilities for document management, training, quality events, and other core aspects of the QMS.

    Document Management

    Data from major regulatory agencies reveals that organizations frequently face actions due to document management issues. Many documents are inadequate or inaccurate during clinical trials. Document deficiencies are among the most common warnings for FDA 21 CFR 820 noncompliance or other actions from the US FDA or European Medicines Agency. Regulatory risk isn’t the only thing to worry about. Ineffective ISO 13485 documents can facilitate issues with product quality.

    Documentation is at the core of ISO 13485 compliance and effective quality processes. Look beyond software compliance to ensure a solution can facilitate effective collaboration and workforce efficiency at every stage of the document control lifecycle. Prioritize solutions with:

    • Efficient document draft collaboration
    • Automated document routing for approval
    • Streamlined document change control processes
    • Smart search for simple document retrieval
    • Robust capabilities for document archival and obsolescence
    • FDA-compliant eSignatures and data handling

    In an ISO 13485 environment, document management is the basis of quality. The QMS’s document capabilities should include links to all procedures and processes which have an impact on product quality, safety, or compliance. Managing documents manually is highly complex, but the right eQMS solution can create automation and efficiency.

    Training Management

    Training management is at the core of a quality-driven culture. An ISO 13485 eQMS with robust training capabilities can help medical device manufacturers reduce risk and increase productivity. The outcome of learning & development should be to meet all applicable regulatory requirements for staff training. Learning activities should also have a measurable impact on the staff's ability to adhere to policies and procedures for quality. Ensure that a prospective system can offer:

    • Role-specific training capabilities
    • Integrated capabilities to assign training based on CAPA and other events
    • Visibility for leadership to track training progress
    • Self-serve learning for a global workforce
    • Integrate with other QMS processes

    Integrate CAPA or change control processes with corresponding employee training. Eliminate recurring quality events by ensuring that proper training is carried out initially.

    RELATED READING: The 5 Best Medical Device Quality Assurance Training Options

    Quality Events

    Risk management is closely tied to quality events in the ISO 13485 framework. ISO 13485 says, "The organization shall establish documented requirements for risk management throughout product realization." This includes:

    • Risk Assessment
    • Risk Analysis
    • Risk Reduction

    Quality events can occur at any stage during the product lifecycle, and an eQMS should offer robust capabilities to address:

    • Non-conformances
    • Deviations
    • Customer Complaints
    • CAPA

    The best solutions help organizations take a risk-based approach to quality events with quantitative and qualitative tools for smarter quality-driven decisions. The system should provide a centralized and automated way to manage all quality events at every stage of the product lifecycle, and make it easy for organizations to initiate compliant change control processes in response to quality events. 

    Product Development

    Quality-driven design and development processes are critical in the medical device manufacturing industries. Your product development must adhere to regulatory requirements for product safety and risk control. In the device manufacturing vertical, a flawed product can result in hazards to patient health and safety. Accordingly, ISO 13485:2016 includes clear directives for many aspects of the product development lifecycle:


    Document all stages of product development and define responsibilities and approving authorities for all activities.


    Organizations must identify the goal and objectives of product design. This includes risk management, a project timeline, and the allocation of resources.


    Organizations must create clear definitions of how inputs are used, usability requirements, customer requirements, and product features. Other required inputs are product features, safety features, risk control techniques, CAPA, regulatory requirements, sterilization requirements, and cost studies.


    Design outputs can include raw materials, manufacturing process specifications, and QA processes. Other outputs can consist of product identification, manufacturing, packaging, inspection, and documentation of regulatory submission, as well as a validated design file.


    Product design processes should encompass review and validation to ensure the design meets requirements, and the review process addresses safety concerns.

    Design Verification

    Product design verification is required, which can include lab testing, calculations, or other forms of proof.

    Design Validation

    After a design is verified, it must be validated to ensure it conforms to end-user requirements via initial test lots.


    Organizations need a documented procedure to transfer product design outputs to manufacturing.

    Change Control

    Mechanisms are required to control change in product design and development at any time, based on a review, validation, complaints, or other issues.

    Design and Development

    A design and development file is required for each device, which includes references to records for requirements, review, and other components of the product lifecycle.

    A QMS system for ISO 13485 should incorporate streamlined workflows for every aspect of the product development lifecycle. At each stage, validation and approval are required. Does a QMS contain built-in mechanisms for global collaboration around approval processes with automated notifications? The system should make it easy to move documents through the required approval and collect complaint eSignatures.

    RELATED READING: What is the Best ISO 13485 Quality Management System Software?

    Closed-Loop Quality

    Agility, or continuous improvement, is a significant emphasis in both ISO 9001 and ISO 13485. While ISO 9001 takes a general approach to constant development, 13485 drills down on the types of actions medical device manufacturers need to take to ensure they are continually working to produce the safest, highest quality products.

    Medical device manufacturers are required to focus on regulatory approval, customer requirements, and most of all, active risk management. The safe design and manufacture of medical devices require organizations to build risk management into every part of the product lifecycle.

    Using multiple QMS systems or a module-based system can make effective risk management more complicated since you lack a unified view of activities across the organization. The best QMS for 13485 offers a closed-loop approach to total quality management and a single place to manage audits, suppliers, and change management.

    The Best System for ISO 13485 Compliance

    Your organization can achieve certification and compliance with ISO 13485 through a variety of means. You could attempt to manage quality processes on paper or use an approach which involves several different, standalone systems to maintain employee training, quality measurement, and document control. You can also streamline the challenge of meeting the complex requirements of ISO 13485 with a cloud-based, integrated tool which is specially designed for the unique needs of medical device manufacturers.

    A right-sized solution for your organization's industry and needs is a huge benefit to achieving a quality-driven culture. Picking the best tool for your organization can mean a faster implementation and lower costs of adoption since you don't need to customize the solution as extensively. It can lead to easier adoption and less employee resistance. Most importantly, the right QMS can significantly reduce regulatory risk and lead to more exceptional quality at every stage of the product lifecycle.