Quality Management Systems
ISO 13485:2016 certification demands more than documented procedures — it requires a quality management system that operates as designed under real audit conditions. We build systems that pass both the certification audit and the FDA inspection.
Start Your ISO 13485 Gap AnalysisThe ISO 13485 Landscape
ISO 13485:2016 establishes the requirements for a quality management system specific to medical devices. Unlike ISO 9001, it is not a general quality standard — it incorporates regulatory requirements inherent to the medical device industry, including design controls, risk management (ISO 14971), and post-market surveillance obligations. Many markets, including the EU (MDR 2017/745), Canada (MDSAP), and Japan require ISO 13485 certification either directly or as a component of market authorization.
The standard has eight clauses, but audit findings concentrate heavily in a few areas: Clause 7.3 (Design and Development), Clause 8.2 (Monitoring and Measurement), and Clause 8.5 (Improvement, including CAPA). Companies preparing for initial certification most commonly struggle with design controls — particularly the connection between design inputs, design outputs, design verification, and design validation — and with CAPA systems that lack demonstrable effectiveness.
A rigorous gap analysis is the foundation of any certification program. It should not be a checkbox exercise — it should identify which QMS elements don't exist, which exist but don't meet the standard's intent, and which exist on paper but aren't implemented in practice. The last category is the most dangerous: a procedure that describes a process differently from how it actually operates is a finding waiting to happen.
We conduct gap analyses using a clause-by-clause assessment framework mapped to both ISO 13485:2016 and FDA 21 CFR Part 820, so companies preparing for both FDA compliance and ISO certification can address both requirements in parallel rather than separately. The output is a prioritized remediation plan with effort estimates, not a long list of deficiencies with no path forward.
QMS documentation needs to be accurate, current, and auditable — which means it needs to describe what the organization actually does, not an idealized version of a process. Overly prescriptive procedures that don't match operational reality are a chronic source of audit findings. We write procedures at the right level of specificity: enough detail to be consistent and auditable, not so much that normal process variation creates automatic nonconformances.
The documentation hierarchy matters: quality manual, procedures (SOPs), work instructions, forms, and records each have a distinct role. We design the system with document control built in from the start — version control, approval workflows, distribution, and record retention aligned to the applicable regulatory requirements for your device class and markets.
Clause 7.3 (Design and Development) is where the most complex and highest-value work occurs. The design control process must be traceable from user needs through design inputs, design outputs, verification (did we build it right?), validation (did we build the right thing?), and design transfer to manufacturing. The design history file (DHF) and device master record (DMR) must tell a coherent, traceable story to both ISO auditors and FDA investigators. We build design control frameworks that work for your development model — whether waterfall, iterative, or agile-adapted.
ISO 13485:2016 is the international quality management system standard for medical devices. It is required for market access in the EU (MDR), Canada (MDSAP), and Japan, and is closely aligned with FDA's 21 CFR Part 820 Quality System Regulation. Many US device manufacturers pursue it simultaneously with FDA compliance to enable international market access.
From gap analysis to certification audit, ISO 13485 certification typically takes 6–18 months depending on current QMS maturity. Companies with existing FDA compliance programs often move faster because many requirements overlap. We provide a realistic timeline estimate after the initial gap assessment.
ISO 13485 is the international QMS standard; 21 CFR Part 820 is the US FDA Quality System Regulation. FDA's 2024 Quality Management System Regulation (QMSR) update further aligns Part 820 with ISO 13485, so the two standards are now more harmonized than ever. Preparing for both simultaneously is efficient and increasingly the standard approach.
Get Started
In 30 minutes, we can assess your current QMS maturity, identify the highest-priority gaps, and give you a realistic path to certification — with or without a formal engagement.