How does ISO 13485 compare to ISO 9001?

When developing a medical device, it is essential to build a strong quality management system (QMS). When building your QMS, it is of utmost importance to adhere to the relevant national and international regulatory requirements. In the context of quality management, the two main ISO standards are ISO 9001 and ISO 13485. Although ISO 13485 is based on ISO 9001, it is important to remember that there are considerable differences between the two standards.

In this blog, we will explore their similarities and differences, to help you decide which standard is best for your digital health solution.

A quality management system (QMS) is a formalised system that documents the relevant processes, procedures and responsibilities for meeting the regulatory and customer requirements related to the product. A good QMS helps a company ensure that continuous improvements are made to their products and services, provides a baseline for training staff, and enables correction action to take place for any problems that arise.

Where a certified QMS is generally a validation of good practice, in a regulated market such as the medical device field, it is also mandatory. Having a good QMS is your first step towards bringing a compliant solution to the market. It also helps tremendously with compliance, which is very important if you are active in the digital health industry, where adherence to regulations is mandatory in order to protect patients and their data.

Read more about the importance of building a strong QMS here.

ISO 9001 is an international standard for quality management systems. It is not specific to the medical device sector, and can be applied to any kind of organisation. The current version was published in 2015. 

ISO 13485 is a quality management standard specifically for the design and manufacturing of medical devices. The current version was published in March 2016.

First and foremost, ISO 9001 and ISO 13485 both strive to achieve an effective quality management system.

Here is how ISO 9001 and ISO 13485 are alike:

• Both standards strongly feature risk management, in which risks are assessed and subsequently minimised. 
• They have a common emphasis on having properly-trained staff and a robust infrastructure in order to ensure overall quality and safety.
• Both standards provide a foundation for creating quality products by taking into account the customer’s opinions and requirements. 
• The two standards are based on the same cycle model, which is called the PDCA (Plan-Do-Check-Act) cycle. The PDCA is a 4-step quality improvement model that enables continuous enhancements to a product or service.

1. The general idea…

ISO 9001 is a general standard for any type of organisation, regardless of industry. ISO 13485, however, is specifically for the design and manufacturing of medical devices, as it contains additional requirements for the medical device industry. One example here is the keeping of documentation and the control of records.

2. Different requirements

Although both standards take customer satisfaction into account, each standard approaches this factor differently. ISO 9001 focuses on customer needs as a measure of quality, without additional requirements related to things such as contamination control. In contrast, ISO 13485 has more in-depth specifics, such as the validation of processes, equipment, cleanliness, and risk management. Thus, ISO 13485 places greater emphasis on the safety and efficacy of medical devices.

3. Management roles

Each different ISO standard has different requirements in terms of how roles are defined within an organisation. With ISO 9001, there are no specific staffing requirements, and the management team can assign responsibilities without defining roles. ISO 13485 specifically states that organisations must identify a member of the management team to be responsible for the QMS. 

4. Documentation

ISO 9001 requires documentation to be kept about the QMS processes, whereas the document requirements for ISO 13485 are much more stringent. ISO 13485 additionally asks for documentation such as product specifications and installation and maintenance processes, in addition to the description of processes also required in ISO 9001. 

It never hurts to have an ISO 9001 certification, as it is the widely-accepted quality standard across all industries. However, when building a medical device, not being compliant with ISO 13485 may prevent you from entering the market, especially if you need to get a CE or FDA approval.

Partnering with Extra Horizon will make you sleep better at night. Not only do we understand your compliance challenges through our experiences with all of our other clients, but Extra Horizon is also an ISO 13485-certified organisation. This means that we are already implementing all of those processes, procedures, and documentation initiatives, which in turn gives you the benefit of Extra Horizon being a trusted supplier. You will not even have to think about the regulatory aspects of everything that we have built for you.