Do I really need to get certified?
Throughout our involved with many manufacturers of medical devices, suppliers, service providers, economic operators and design interested companies, we have received uncountable times over the past years the question “Do I really need to have a certified ISO 13485 to provide my products to the market?”. Read here, whether you would be required to get certified according ISO 13485.
What is ISO 13485?
In the medical device business, the performance and safety of a product during its use is of upmost concern. These aspects are often summarized as “quality” of a medical device and in order to establish a common understanding of good quality, standards need to be established. ISO 13485 is one of these standards defining the aspects of a Quality Management System (QMS) for medical devices. As other QMS exist as well, ISO 13485 holds specific aspects for the MedTech industry. But don’t get confused on the use – ISO 13485 is the QMS and has nothing to do with product requirements. Product requirements are defined in the Medical Device Regulation (MDR) 2017/745.
Why a Quality Management System (QMS)?
So why is then a QMS needed at all?
Not only that it is demanded by the regulation MDR that processes need to be established, implemented and maintained, the MDR calls out explicitly for a QMS. To be clear here, the MDR does not call for ISO 13485, but generally for a QMS. This is, in fact, to assure that quality is managed and processes are implemented. These processes are needed not only for the development and bringing to market, but also for the market surveillance of the product and continuous improvement of the system itself.
Who needs to get certified according ISO 13485?
These requirements lead to the question who needs to be certified according to ISO 13485? The regulation, again, does not explicitly call out for certification, but states that manufacturers of medical devices need to show compliance to a QMS. These manufacturers are understood to be the legal entity making a medical device available to the market under their name. This “making available” includes the overview and management of all requirements as stated in ISO 13485 and the MDR for the product. Thus, showing compliance to a QMS is best done when being certified, even though it is not an explicit requirement.
So I don't need a QMS?
If you are not the legal manufacturer of the product, there is no requirement in the MDR that your QMS has to be certified according to ISO 13485. However, the processes need to be established, implemented, and maintained necessary to provide the service to the legal manufacturer. As stated in the beginning, there are many different QMS specific to the nature of service and products provided. The basic QMS is ISO 9001 and the main aspects which are defined in that standards are also applicable to ISO 13485.
So, depending on the service you are providing to the legal manufacturer an ISO 9001 might be sufficient. Whereas the service is specific to the medical device industry, ISO 13485 might be more appropriate to be implemented, but certainly not required.