ISO 13485:2016 – Medical Devices 

Quality Management Systems – Requirements for Regulatory Purposes

ISO 13485 Medical Devices

The international Medical Devices Quality Management Systems (QMS) ISO 13485 standard was revised and published in March 2016, giving us ISO 13485:2016.

Why update the standard?

The old ISO 13485:2003 standard was based on the old ISO 9001:2000, and a lot has changed in the medical device industry since then, therefore an update was long overdue. The technical group (ISO TC 210) that updates this particular standard chose to base the new revision on the old ISO 9001:2008 (and not the latest ISO 9001:2015 standard), as they felt the older 2008 revision better suited the needs of medical device suppliers and their customers.

We discuss some of the changes below, but this list is not exhaustive. If you need a detailed understanding of the changes please checkout our ISO 13485:2016 Transition Workshop

Regulatory requirements

The term “statutory and regulatory requirements” has now been removed and replaced simply by “regulatory requirements”, recognising that this already includes statutory, legal, local/national requirements.



A three year transition period has been proposed following the official publication. Batalas will provide further info of both the ISO and EN versions as soon as they are available.

The working group have decided to follow the original Design Specification from over 5 years ago, which means that the new revision of ISO 13485:2016 will be based on ISO 9001:2008. This means that this current revision will not align with the High Level Structure contained in Annex SL as applied in the new ISO 9001:2015.

This is obviously a big blow for those organisations who currently hold dual certification to 9001 and 13485, as it could potentially mean that you need to hold separate certifications in future.

Those in this position will need to be aware of the changes, and start transition planning to allow for a smooth migration.

Additional help

The working group is now developing a matrix document to help to support organisations who wish to adopt the latest revisions of both ISO 13485:2016 and ISO 9001:2015. They are also publishing a document that tables the clause references between ISO 1384:2003, ISO 13485:2016 and ISO 9001:2015.

Please note that there will not be an updated version of ISO 14969 – Guidance on the application of ISO 13485:2003. The working group are considering an alternative proposal to publish a handbook with guidance and interpretation of the requirements of ISO 13485:2016.

What next

All Batalas ISO 13485 training courses now include the latest 2016 revision (unless otherwise stated). We also offer a transition training course for those who wish upgrade their existing ISO knowledge – click here for more information

Make an enquiry

Need help - get in touch now

Contact us for help with transitioning to the new standard – call one of our friendly team on 0333 700 9001

Make an enquiry
More Info

ISO 13485 Implementation Workshop

We provide a series of workshops to guide your organisation through every stage of the implementation process. Implementation workshops are available as in-company events only.
More Info
More Info

Implementing ISO 13485 and need some support?

If you are looking to implement ISO 13485 in your company and would like some help, Batalas offer support to companies of all shapes and sizes. We have assisted over 4,500 companies in the UK to achieve registration to a recognized management system.
More Info

Frequently Asked Questions for Auditing Management Systems


Firstly, the ISO standard (ISO 13485) states that you must internally audit your organisation at planned intervals and that you must audit if it

  • meets the planned arrangements (with regards to product realization)
  • meets the requirements of the ISO standard
  • meets the requirements of your management system

But you will note that it does not directly say that you must audit every 12 months. Having said that, it is common sense that if you left it longer than 12 months (or even shorter) between audits then would you be able to prove that the system does everything above? Therefore the industry standard is every 12 months, although this can change:

The standard also states that when planning the audit programme you must take into account the “status and importance” of the processes and areas being audited, and very importantly the results of previous audits. In other words, if a process if critical to what you do, or previous audits have found problems, then that process must be audited more often.

One of the main reasons why internal audits raise trivial, and in some cases repeating, nonconformities is that audit reports are not ‘closed out’ correctly. It is important that actions taken to address nonconformities are corrective action (correcting the root cause of the issue) and not correction (purely a short term fix).
Managers are measured on results and therefore results orientated information is of prime concern to them. If the internal audit process includes the identification of process effectiveness and opportunities for improvement then you will grab their attention.

Technically yes.

The requirement in all standards is to conduct internal audits against

  • the appropriate ISO standard
  • any regulatory and legal requirements
  • your own management system requirements

Having said that, if you work in a larger organisation then the likelihood is that you have a team of auditors, some audit the entire system and others will conduct smaller process/procedure audits  – every situation is different, if in doubt give one of our friendly team a call for free advice

Yes. The advantage is that a good auditor may be able to use his/her experience to identify opportunities for improvement which would not have been possible by using your own staff. The downside is that the use of external auditors tends to lead to a lack of ownership of the management system.

Auditing can be seen as a fairly negative process, with the emphasis being on digging into the detail and raising what is seen to many as trivial issues.

Consequently, when selecting internal auditors it is normal to add more junior staff to complement the small team of quality, environmental and health & safety professionals.

Internal auditing should be focused on improving the management system, and hence business performance, and therefore more senior managers should be involved in internal auditing.

One of the ways to get them involved is to allocate to them the task of auditing for improvement, with more junior staff involved in the more time consuming tasks of conformance auditing.