What Is ISO 13485:2016? Requirements, Certification, and Compliance Explained

The medical device industry has entered a new regulatory phase as the FDA transitions from the long-standing Quality System Regulation (QSR) to the Quality Management System Regulation (QMSR). This change took place on February 2, 2026, and aligns with U.S. requirements more closely with ISO 13485:2016, the globally recognized standard for medical device quality management systems.  

Because of this shift, many organizations are taking a closer look at how their quality systems, engineering processes, and documentation practices align with ISO-based frameworks. Companies that previously relied only on FDA QSR requirements now need to ensure their systems meet the expectations outlined in ISO 13485:2016.  

Learn more about the shift from QSR to QMSR >>

What Is ISO 13485:2016?

ISO 13485 is an international standard that defines the requirements for a quality management system (QMS) used by organizations involved in the design, development, production, installation, or servicing of medical devices.  

The standard was developed to ensure that medical device manufacturers maintain consistent processes that support product safety, regulatory compliance, and quality control throughout the entire product lifecycle.  

Unlike general quality standards, such as ISO 9001, ISO 13485:2016 is specifically tailored to the medical device industry and incorporates requirements related to regulatory compliance, risk management, traceability, and documentation.  

Why ISO 13485 Is Gaining Attention with the QSR-to-QMSR Transition

The FDA historically regulated medical device manufacturers under 21 CFR Part 820, commonly known as the Quality System Regulation (QSR). 

The new Quality Management System Regulation (QMSR) updates this framework by aligning it more closely with ISO 13485 requirements. 

This alignment is significant because ISO 13485 is already widely used by manufacturers selling devices in international markets such as:

• Europe (EU MDR environment)
• Canada
• Japan
• Australia
• Many other global regions

The shift toward QMSR means U.S. manufacturers are increasingly expected to operate under a quality management system that resembles ISO 13485. 

Core Requirements of ISO 13485

ISO 13485 establishes requirements across several areas of a medical device quality management system. The standard is comprehensive, but its requirements fall into a few key categories. 

1. Quality Management System Structure

At the highest level, ISO 13485 requires organizations to implement a documented quality management system that governs how products are developed and manufactured. 

This includes: 

• Documented procedures
• Quality policies and objectives
• Controlled records and documentation
• Process monitoring and improvement

Organizations must demonstrate that their QMS consistently supports the production of safe and compliant medical devices. 

2. Design and Development Controls

ISO 13485 places emphasis on design control processes, ensuring medical devices are developed through structured and documented workflows. 

Key design control activities include: 

• Design planning
• Design inputs and outputs
• Design verification and validation
• Design reviews
• Design transfer to manufacturing

These activities are documented within records such as the Design History File (DHF). 

3. Risk Management

Risk management is a central component of ISO 13485. Medical device manufacturers must identify and mitigate risks throughout the product lifecycle. Risk management activities typically align with ISO 14971, the standard specifically focused on medical device risk management. 

Examples of risk management activities include: 

• Hazard identification
• Risk analysis and evaluation
• Risk control measures
• Post-market monitoring

4. Supplier and Purchasing Controls

Medical devices often rely on components sourced from external vendors. ISO 13485 requires organizations to implement strong supplier qualification and monitoring processes. 

Supplier controls typically include: 

• Supplier evaluation: Ensure vendors meet quality expectations
• Approved supplier lists: Maintain controlled vendor selection
• Supplier audits: Verify compliance and performance
• Incoming inspection: Confirm components meet specifications

5. Traceability and Documentation

Traceability is especially important in regulated industries like medical devices. ISO 13485 requires organizations to maintain records that track components, materials, and manufacturing processes. 

This documentation supports several regulatory objectives, including: 

• Product recalls if necessary
• Investigation of quality issues
• Verification of regulatory compliance

Examples of required records include:

• Device Master Records (DMR)
• Device History Records (DHR)
• Design History Files (DHF)
• Complaint handling records

ISO 13485 Certification

ISO 13485 certification is required for companies that manufacture medical devices for global markets. Certification is performed by an accredited third-party certification body. The certification process involves these main steps: 

1. Quality management and system implementation
2. Internal audits and documentation preparation
3. Stage 1 audit (documentation review)
4. Stage 2 audit (full system audit)
5. Certification approval

After certification, organizations must undergo regular surveillance audits to maintain compliance. 

Typical ISO 13485 Certification Timeline

The timeline can vary based on your organization’s size, complexity, and existing quality processes. 

Phase	Duration
QMS development and documentation	3-6 months
Internal audits and preparation	1-2 months
Certification audit process	1-3 months

Need Support Navigating ISO 13485 Requirements?

Successfully navigating regulatory expectations like ISO 13485 compliance and the ongoing QSR-to-QMSR transition requires more than updating documentation. You also need to evaluate how your engineering processes, product development workflows, and manufacturing readiness align with quality system requirements. 

At DISHER Engineering, we support medical device manufacturers with product development and manufacturing readiness services to bring innovative—and compliant—devices to market. We can help with: 

• Medical device product development 
• Mechanical and electronic system design 
• Design for manufacturability (DFM) 
• Prototype development and validation 
• Manufacturing readiness and scale-up support 
• Risk management and compliance documentation 

Contact us online to start the conversation.