Comparing ISO 9001 & ISO 13485: Differences Between the Two Standards
While most standard revisions now follow ISO 9001’s new high-level structure, ISO 13485 does not, even though it was released after ISO 9001. Clearly there are structural differences, but you may be wondering—how different are they?
Today we’re looking at the similarities and differences between the two standards, and whether life sciences companies and related services need both certifications.
Similarities Between ISO 9001 and ISO 13485
When you get down to brass tacks, ISO 9001 and ISO 13485 are both essentially about the same thing: helping companies create consistently safe, high quality products. ISO 9001 also shares other similarities with ISO 13485, such as:
- Risk mitigation: More so than previous versions, both standards emphasize the need for organizations to incorporate risk into design and production.
- Plan-Do-Check-Act: Despite the fact that the two standards do not share the same structure, they both use the Plan-Do-Check-Act process approach.
- Customer focus: Both ISO 9001 and ISO 13485 are built around ensuring customer expectations are met.
- QMS requirements: To comply with either standard, organizations will require effective processes and tools for Document Control, Employee Training, Audits and Corrective Action.
Differences Between ISO 9001 and ISO 13845
Even though they are similar in many ways, it’s important to note there are significant ways in which they are different. These differences go beyond just not sharing the same structure and include:
- Aims and outcomes: ISO 9001 requirements are skewed heavily towards ensuring customer satisfaction, while ISO 13485 puts more emphasis on the safety and efficacy of medical devices.
- Continuous improvement focus: ISO 9001 now requires manufacturers to show continuous improvement. ISO 13485, on the other hand, only requires demonstrating effective implementation and maintenance of the quality system.
- Documentation: ISO 13485’s documentation requirements are much more extensive than those in ISO 9001.
- Risk management Organizations certifying to the medical device standard will also need to show how they incorporate risk management principles into product realization and post-market feedback.
- Regulatory compliance: ISO 13485 is closely linked to regulatory requirements, especially concerning complaint handling, regulatory notifications and post-market surveillance.
Do You Need Both?
Situations where you might consider certifying to both include when medical devices represent just part of your business. For example, organizations providing related services such as contract manufacturers, suppliers or distributors might certify to ISO 13845 in addition to maintaining ISO 9001 compliance.
In general, however, medical device manufacturers will want to choose one or the other, as their structural differences would make it complicated to certify to both.
Not surprisingly, some device manufacturers are opting to drop the ISO 9001 in favor of ISO 13485, maintaining a medical device-specific QMS. If you’re selling devices internationally, ISO 13485 is a natural choice because it is currently being adopted as a standard by many regulatory agencies globally.
Meeting ISO Compliance Deadlines
Compliance dates are coming up soon, so organizations need to be on top of the coming changes. For ISO 9001, certificates to the 2008 version expire on September 14, 2018, with ISO 13485:2003 certificates good until February 28, 2019.
Companies should actively be planning their transition, learning about new requirements, assessing gaps and conducting informal audits so they can get as close to certification as possible on the first visit from external auditors.