ISO 13485 is a harmonized standard that formulates requirements for Quality Management (QM) or QM systems (QMS) of medical device manufacturers.

These manufacturers can use ISO 13485 to prove that they meet the MDR and IVDR legal requirements for a QM system. Even the FDA references ISO 13485 in its Quality System Management Regulations (21 CFR part 820).


On this page, you will find links to articles that will help you set up, operate, and audit Quality Management Systems:

  1. Articles on the basics
  2. Articles on standard operating procedures
  3. Articles on inspections (audits and validations)
  4. Articles on further topics
  5. Support in setting up and improving QM systems

1. Articles on the basics

a) FAQ on quality management and ISO 13485

The FAQ on quality management systems and ISO 13485 is a valuable introduction and answers the following questions, among others:

  • Who needs a QM system?
  • Does the QM system have to meet the requirements of ISO 13485 or ISO 9001?
  • In which cases must the QM system be certified according to ISO 13485?
  • What do you have to do to obtain ISO 13485 certification?
  • How long does ISO 13485 certification take, and how much does it cost?
  • What is the path to ISO 13485 certification?

b) Standards

There are many standards and versions defining requirements for quality management:

  • ISO 9001:2015 – Delta to ISO 13485:2016
  • Update ISO 13485: The new 2021 version is here
  • ISO 14969 or ISO 13485: Which standard do your auditors benefit from
Tip: Affordable download

You can find ISO 13485 as a PDF for download from the Estonian standardization organization, not free of charge but at a reasonable price.

c) QM manual

In contrast to ISO 9001, ISO 13485 requires organizations to have a QM manual. This manual must describe the quality objectives and quality policy.

The Quality Management Representative (QMR) usually maintains this manual.

2. Articles on standard operating procedures

a) General

ISO 13485 requires you to describe your processes and procedures. This is usually done with the help of standard operating procedures and work instructions, which, in turn, reference other specification documents such as templates, forms and checklists.

This article provides you with an overview of the necessary standard operating procedures. When writing these standard operating procedures, it is advisable to choose a risk-based approach.

Another article describes the differences between process orientation and process management.

b) Specific standard operating procedures

You will find further articles on specific standard operating procedures:

c) Validation of procedures, processes, and tools

ISO 13485 insists on the validation of processes and tools. Please refer to the following articles:

3. Articles on audits

The effectiveness of the QM system is checked as part of external audits by notified bodies and internal audits. The internal auditors are responsible for the latter.

Part of these audits must also include supplier audits. Furthermore, notified bodies are obliged to carry out unannounced manufacturer audits.

At least for the external audits, there are specifications regarding the audit duration. The Medical Device Single Audit Program (MDSAP) also determines requirements for the duration and subject matter of the audits. This enables manufacturers to prove that they meet the regulatory requirements for the QM system in many countries (EU, FDA, Australia, Japan, Brazil).

4. Articles on further topics

The following articles are also relevant for organizations that develop medical devices:

  • Dealing with critical parts / devices / components
  • Differences between design review and design review

5. Support with your QM system

Do you still have questions, for example about setting up your QM system? Then, take advantage of our free micro-consulting service.

The Johner Institute supports medical device manufacturers, their service providers, and laboratories in developing and continuously improving QM systems.

a) Training and further education

The seminars provide you with the necessary competence:

b) Help for self-help

The Medical Device University supports you in setting up your QM system. The program includes:

  • Onboarding with an overview of the roadmap
  • Video training
  • Sample templates that you still need to adapt to your own situation
  • Weekly sessions with experts who will answer your questions

c) Consulting and taking on roles

Benefit from the Johner Institute’s consultants! These …

Interested? Then, contact us right away.

QM document control: How many fail audits

Document control is a documented procedure that specifies how documents are created, reviewed, approved, labeled, distributed, and updated. Organizations certified according to ISO 9001 or ISO 13485 are obliged to document control. 1. Subject matter of document control It is obvious that document control is about documents. What is less obvious is what documents are.…


DAkkS: What’s behind the outrage about ISO 13485?

The DAkkS, the German Accreditation Body, is Germany’s national accreditation authority. Recently, manufacturers, associations, and certification bodies have been raising their voices against the DAkkS. It is being vilified as an example of how German bureaucracy nips any innovation in the bud. What is the truth of these accusations? Are they justified? This article presents…


Creating Standard Operating Procedures for QM

In a Standard Operating Procedure (SOP), companies define their processes, for example how they develop medical devices or provide services. Standards such as ISO 9001 and ISO 13485 require Standard Operating Procedures. Companies can define these specifications in their quality management manual directly or in independent documents. 1. Standard Operating Procedures: introduction, definitions a) Definition ISO…


Quality Management Representative

The Quality Management Representative (QMR) is also called the quality representative or “management representative” by ISO 13485. In this article, you will learn which tasks the person with this role is responsible for within an organization and which regulatory requirements must be observed. 1. Regulatory requirements a) Requirements of ISO 13485 The requirements of ISO…