ISO 13485:2003 specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer requirements and regulatory requirements applicable to medical devices and related services.
The primary objective of ISO 13485:2003 is to facilitate harmonized medical device regulatory requirements for quality management systems. As a result, it includes some particular requirements for medical devices and excludes some of the requirements of ISO 9001 that are not appropriate as regulatory requirements. Because of these exclusions, organizations whose quality management systems conform to this International Standard cannot claim conformity to ISO 9001 unless their quality management systems conform to all the requirements of ISO 9001.
All requirements of ISO 13485:2003 are specific to organizations providing medical devices, regardless of the type or size of the organization.
If regulatory requirements permit exclusions of design and development controls, this can be used as a justification for their exclusion from the quality management system. These regulations can provide alternative arrangements that are to be addressed in the quality management system. It is the responsibility of the organization to ensure that claims of conformity with ISO 13485:2003 reflect exclusion of design and development controls.
If any requirement(s) in Clause 7 of ISO 13485:2003 is(are) not applicable due to the nature of the medical device(s) for which the quality management system is applied, the organization does not need to include such a requirement(s) in its quality management system.
The processes required by ISO 13485:2003, which are applicable to the medical device(s), but which are not performed by the organization, are the responsibility of the organization and are accounted for in the organization’s quality management system.
Though based on ISO 9001, 13485 removes 9001’s emphasis on continual improvement and customer satisfaction. In its place is an emphasis on meeting regulatory as well as customer requirements, risk management and maintaining effective processes, namely the processes specific to the safe design, manufacture and distribution of medical devices.
13485 is in part designed to produce a management system that facilitates compliance to the requirements of customers and-preeminently-various global regulators. While being certified to 13485 does not fulfill the requirements of either the FDA or foreign regulators, the certification aligns an organization’s management system to the requirements of the FDA’s Quality System Regulation (QSR) requirements as well as many other regulatory requirements found throughout the world. Therefore, 13485 certification serves to create a management system that can be thought of as a framework on which to build compliance to various regulatory and customer requirements.