Quality Management Systems for Drugs and Devices
3
The ISO 9001 family of standards, including ISO
13485, promotes the process approach, which uses
resources and is managed to transform inputs into
outputs (Figure 1-1). The process approach applies a
system of processes and the processes’ identification
and interaction and their management. The process
approach emphasizes the following:
• understanding and meeting requirements
• looking at processes in terms of added value
• obtaining process performance results
• continual process improvement
Plan-Do-Check-Act (PDCA)9 (Figure 1-2) applies to
all processes. Each ISO 9001 main clause starts with
a ‘planning’ activity, has a ‘doing’ activity, has a ‘check-
ing’ activity (measurement may be implied) and has an
‘acting’ activity (improvement may be applied).
EN ISO 13485:2016 is the latest harmonized
European publication used by organizations wishing to
implement a QMS in conformance with the EU Medical
Devices Directive (93/42/EEC, MDD), Active Implantable
Medical Devices Directive (90/385/EEC, AIMDD) and
In Vitro Diagnostics Directive (98/79/EC, IVDD).10-12 The
standard is applicable to manufacturers placing medical
devices on the EU market. For the rest of the world, ISO
13485:2003 remains the applicable standard. The two
versions have the same requirements. The 2016 version
includes annexes detailing the ISO 13485 sections, where
the notified body focuses on the directives’ additional
requirements for CE marking. The standard is used to
assess medical devices’ and related services’ ability to meet
customer and regulatory requirements. It is not intended
to imply uniformity in the QMS structure or documen-
tation. The standard is complementary to product and
technical requirements. Some requirements in the stan-
dard apply to specific products, such as implantable or
sterile devices. ISO 13485 is a standalone standard based
on ISO 9001, containing all of the ISO 9001 clauses
except, primarily, those concerning continuous improve-
ment and customer satisfaction. ISO/TR 1496913 gives
guidance on implementing ISO 13485. ISO 13485 is
not intended to include requirements specific to other
Clause in ISO 9001:2015 Clause in ISO 13485:2016
7.5.1 General 4.2.1 General
7.5.2 Creating and Updating 4.2.4 Control of Documents
4.2.5 Control of Records
7.5.3 Control of Documented Information 4.2.3 Medical Device File
4.2.4 Control of Documents
4.2.5 Control of Records
7.3.10 Design and Development Files
8 Operation 7 Product Realization
8.1 Operational Planning and Control 7.1 Planning of Product Realization
8.2 Requirements for Products and Services 7.2 Customer-Related Processes
8.2.1 Customer Communication 7.2.3 Communication
8.2.2 Determining the Requirements for Products and Services 7.2.1 Determination of Requirements Related to Product
Table 1-2. Similarities Between ISO 9001 and ISO 13485 (cont.)
Figure 1-1. Basic Process Model
Inputs
Management
Activities
Enablers
Outputs
3
The ISO 9001 family of standards, including ISO
13485, promotes the process approach, which uses
resources and is managed to transform inputs into
outputs (Figure 1-1). The process approach applies a
system of processes and the processes’ identification
and interaction and their management. The process
approach emphasizes the following:
• understanding and meeting requirements
• looking at processes in terms of added value
• obtaining process performance results
• continual process improvement
Plan-Do-Check-Act (PDCA)9 (Figure 1-2) applies to
all processes. Each ISO 9001 main clause starts with
a ‘planning’ activity, has a ‘doing’ activity, has a ‘check-
ing’ activity (measurement may be implied) and has an
‘acting’ activity (improvement may be applied).
EN ISO 13485:2016 is the latest harmonized
European publication used by organizations wishing to
implement a QMS in conformance with the EU Medical
Devices Directive (93/42/EEC, MDD), Active Implantable
Medical Devices Directive (90/385/EEC, AIMDD) and
In Vitro Diagnostics Directive (98/79/EC, IVDD).10-12 The
standard is applicable to manufacturers placing medical
devices on the EU market. For the rest of the world, ISO
13485:2003 remains the applicable standard. The two
versions have the same requirements. The 2016 version
includes annexes detailing the ISO 13485 sections, where
the notified body focuses on the directives’ additional
requirements for CE marking. The standard is used to
assess medical devices’ and related services’ ability to meet
customer and regulatory requirements. It is not intended
to imply uniformity in the QMS structure or documen-
tation. The standard is complementary to product and
technical requirements. Some requirements in the stan-
dard apply to specific products, such as implantable or
sterile devices. ISO 13485 is a standalone standard based
on ISO 9001, containing all of the ISO 9001 clauses
except, primarily, those concerning continuous improve-
ment and customer satisfaction. ISO/TR 1496913 gives
guidance on implementing ISO 13485. ISO 13485 is
not intended to include requirements specific to other
Clause in ISO 9001:2015 Clause in ISO 13485:2016
7.5.1 General 4.2.1 General
7.5.2 Creating and Updating 4.2.4 Control of Documents
4.2.5 Control of Records
7.5.3 Control of Documented Information 4.2.3 Medical Device File
4.2.4 Control of Documents
4.2.5 Control of Records
7.3.10 Design and Development Files
8 Operation 7 Product Realization
8.1 Operational Planning and Control 7.1 Planning of Product Realization
8.2 Requirements for Products and Services 7.2 Customer-Related Processes
8.2.1 Customer Communication 7.2.3 Communication
8.2.2 Determining the Requirements for Products and Services 7.2.1 Determination of Requirements Related to Product
Table 1-2. Similarities Between ISO 9001 and ISO 13485 (cont.)
Figure 1-1. Basic Process Model
Inputs
Management
Activities
Enablers
Outputs