ISO 13485
International standard for quality management systems in medical devices; required for NHS medical device procurement.
Definition
ISO 13485 is the international standard for quality management systems in medical devices. It builds on ISO 9001 general QMS requirements with medical-device-specific provisions covering risk management, regulatory compliance, design controls, product realisation, post-market surveillance, and customer feedback. Certification is required by the UK Medical Devices Regulations 2002 (as amended) and is universally expected by NHS buyers for medical device procurement.
How it works in practice
ISO 13485 certification requires implementing a QMS specifically covering medical device design, manufacture, distribution, and post-market activities. The standard is more prescriptive than ISO 9001: risk management to ISO 14971 is required throughout the product lifecycle; design controls follow defined stages with documented design history files; production controls require validation of processes affecting product quality; post-market surveillance includes complaint handling, vigilance reporting, and corrective and preventive actions. Certification involves implementing the QMS, internal audit, management review, and external audit by an accredited certification body. For UK companies the relevant accreditation regime is UKAS-accredited certification bodies; for international companies the body must be recognised by the Medicines and Healthcare products Regulatory Agency (MHRA). The cost varies substantially with company size and product complexity: a small medical device company typically spends £30K-£80K on initial certification plus ongoing maintenance. The standard underpins UK Medical Devices Regulations compliance: medical devices placed on the UK market must meet specific safety and performance requirements with ISO 13485 typically the underlying QMS evidence. UK regulatory regime is evolving post-Brexit; some changes to harmonised standards and conformity assessment routes are expected.
Common questions
Is ISO 13485 required for all medical device contracts?
For NHS direct procurement of medical devices, yes, universally required. For non-clinical contracts in NHS (corporate services, FM, IT) ISO 13485 is not relevant; ISO 9001 / ISO 27001 are appropriate. The requirement depends on whether the contracted offering is itself a medical device or supports medical device delivery.
What is the UK MHRA?
Medicines and Healthcare products Regulatory Agency, the UK regulator for medicines and medical devices. MHRA approves manufacturers, registers devices, monitors post-market safety, and enforces medical devices regulation. UK regulatory regime is evolving post-Brexit but MHRA continues to be the relevant authority.
How is ISO 13485 different from ISO 9001?
ISO 13485 builds on ISO 9001 general QMS requirements with medical-device-specific provisions: more prescriptive risk management to ISO 14971, design controls with documented design history files, process validation requirements, and post-market surveillance including vigilance reporting. Many medical device companies hold both ISO 9001 (general QMS) and ISO 13485 (medical device QMS).