Subscribe to Email Updates

Quality Creates...Perspective

What Are the Changes in ISO 13485:2016?

Rachel Beavins Tracy
by Rachel Beavins Tracy on Fri, Apr 06, 2018

What Are the Changes in ISO 13485:2016?Transitioning to the New 13485:2016 Standard - Ensuring Compliance

If your organization is one of the more than 59,000 certified to ISO 13485, you should already be planning for your transition to the newest version of the standard. As of February 28, 2019, all ISO 13485:2003 certificates will expire, with the Medical Device Single Audit Program (MDSAP) requiring manufacturers to transition to the latest standard by January 1, 2019.

ISO 13485 is based on the popular ISO 9001 for quality management systems, although key structural differences make it a standalone standard. In this post, we’re looking at what the changes are in ISO 13485:2016, and what companies can do to streamline the transition process.

Regulatory Alignment

One of the main reasons for updating ISO 13485:2003 is to bring it into alignment with regulatory requirements. The new standard is closely linked to regulations in terms of:

  • Documentation. 
  • Complaint management.
  • Reporting issues to regulators.

Many regulatory bodies worldwide are incorporating ISO 13485 into their requirements, making it a natural fit for organizations marketing product internationally.

Risk Management in ISO 13485

What makes ISO 13485 different from other post-ISO 9001:2015 standards is that it doesn’t have the new high-level Annex SL structure that’s received so much focus. However, it’s still similar to other new standards in that it requires risk-based approaches to protecting quality and safety. In fact, it’s mentioned over a dozen times in the 2016 version, compared with just two instances in ISO 13485:2003.

To comply with the new standard, companies will need to show they take risk into account for the entire organization’s Quality Management System (QMS) processes, including:

  • Supplier and contract manufacturer selection.
  • Product realization.
  • Employee training.
  • Design and development.
  • Corrective action.
  • Software use and validation.

Software Validation

Validating your computer systems ensures they are up to the task of protecting safety and quality. ISO 13485 has more specific requirements for validation of systems like like Enterprise Resource Planning (ERP), QMS and Laboratory Information Management Systems (LIMS), as well as any other applications used in the development or maintenance of medical devices.

Software validation is a lengthy and resource-intensive process, and can take months to complete. That’s why many life sciences companies opt for automated validation, which can turn a 4-day validation project into one that’s completed in a day.

Transitioning to ISO 13485:2016

It’s not exactly panic time yet, but there’s no time to waste when it comes to preparing for the new standard. What steps should you focus on?

  • Training: Not only will you want to purchase a copy of ISO 13485, you’ll also need to think about whom you’ll send for internal auditor training from your organization. Unless you’re bringing in consultants to do the audit, but even then the training will still help you smooth the transition.
  • Analyzing gaps: Which areas of the standard do you already have controls for, and where will you need to create new controls or processes?
  • Auditing your processes: As you conduct your internal audits in preparation for certification (or recertification), it’s important to pay attention to past compliance issues.
  • Taking corrective action: Auditors are going to want to see effective problem-solving using the QMS.

Compliance with ISO 13485 provides a solid foundation for compliance with many global regulations, including European Medical Device Directives (MDD), MDSAP and 21 CFR Part 280. And while the changes to the most recent version of the standard will require some strategic planning to meet, it will ultimately make products safer and organizations more effective.

Are You Maintaining Compliance and Achieving Operational Excellence?

Leave a comment

Rachel Beavins Tracy
Rachel Tracy is a writer for ETQ with expertise in environmental, healthcare and technology topics. She has a master’s degree from Vanderbilt University and has been writing for businesses since 2008.
Written by Author

Related posts

ETQ Salutes Customers Recognized for Their  Pandemic Work

Spotlighting ETQ customers on the frontlines of the effort to defeat a global pandemic

At ETQ, we spend a lot of time...

Chris Nahil
By Chris Nahil - April 15, 2020
Lab Safety: How QMS Software Can Prevent Costly Mistakes


Creating a culture of quality in the workplace starts with reducing the potential for human error. 

Simple mistakes can...

Rachel Beavins Tracy
By Rachel Beavins Tracy - July 30, 2019
ETQ Reliance 2019 Now Available

We are excited to announce the release of ETQ Reliance 2019, a major upgrade to our flagship QMS SaaS product. The latest...

Morgan Palmer
By Morgan Palmer - January 29, 2019