An explanation of the key differences between ISO 9001: 2008 and ISO 13485 : 2003.

ISO 13485 : 2003 is based upon ISO 9001: 2000, but as you would expect the standard has been modified to include the specific requirements relating to medical devices.

The main differences between ISO 13485: 2003 and ISO 9001: 2000 are in 5 key areas:

1. Product specific
2. Regulatory
3. Documentation
4. Customer satisfaction
5. Continual improvement

The following descriptions provide a summary of the key differences. For a complete description of the requirements of ISO 13485: 2003 refer to the British Standard document, which contains an explanation of the differences with the ISO 9001: 2008 standard (Annex B).

Please note that the current revision of the international standard is ISO 13485 : 2003, but if you live in the UK and Europe it is now (BS EN) ISO 13485 : 2012. The 2 revisions are identical in their main core text and clauses, but some of the annex information at the back of the standard has been changed for the UK and Europe only. For more information please see ISO 13485 standard revised

Product specific

The medical device industry is subject to rigorous and stringent controls due to the application of the product(s). This is reflected in the ISO 13485: 2003 standard with the following inclusions, which are not covered in the ISO 9001: 2008 standard:

  • Risk management has to be in place for all stages of product realisation (Clauses 7.1 and 7.3.2)
  • Medical device terminology (Clause 3)
  • Work environment – training and supervision of staff working in special conditions, and the prevention of contamination (Clause 6.4)
  • Communication of advisory notes (clause 7.2.3)
  • Clinical evaluation, as part of design and development validation, in line with regulatory requirements (clause 7.3.6)
  • Cleanliness of products and contamination control (clause
  • Status of product with respect to monitoring and measurement (clause
  • Customer property, which includes confidential health information (clause 7.5.4)
  • Statistical techniques, in line with regulatory requirements (clause 8.1)
  • Nonconforming product – authorised personnel must be identified, concessions must meet regulatory requirements, and the adverse effect of rework must be determined (clause 8.3)

Regulatory requirements

The intent of the standard is to facilitate the harmonisation of quality management system regulations around the world. Meeting product regulation requirements is also a key element of this standard, as the aim is to develop safe products which have an effective performance. Reference to regulatory requirements is mentioned throughout. Each organisation must make itself familiar with current regulations, both national and international, and make sure that these regulations are communicated to all staff.


The requirements for documents, documented procedures and records are far more onerous in ISO 13485: 2003 than in ISO 9001: 2008.

Additional requirements include:

  • a file for each type/model of medical device (4.2.1) which states:
    1. product specification
    2. QMS requirements
    3. manufacturing, installation and servicing processes
  • Quality manual – this must show the structure of documentation within the QMS (4.2.2)
  • retention of obsolete controlled documents and records (4.2.3) is required for the lifetime of product (min. 2 years) as specified by regulatory requirements
  • responsibilities and authorities (5.5.1) must be defined, documented and communicated
  • maintenance activities (6.3) which affect product quality
  • health, cleanliness, clothing and contamination (6.4 and including work instructions
  • purchased product – to ensure conformity to requirements. Also, traceability of purchased product including documents and records (7.4)
  • installation activities ( including verification
  • servicing activities (
  • validation of computer software ( that impacts product conformity
  • validation of sterilisation (
  • product identification including returns (
  • active and implantable medical devices ( including:
    1. traceability
    2. personnel performing inspection (
  • preserving conformity of product (7.5.5) including constituent parts including:
    1. product with a limited shelf life
    2. product requiring special storage conditions
  • control of monitoring and measuring devices (7.6)
  • feedback system of early warning (8.2.1) of quality problems
  • analysis of data (8.4)
  • advisory notes (8.5.1) – issue and implementation
  • notification of adverse events (8.5.1) to regulatory authorities
  • customer complaints (8.5.1) including authorisation when corrective and/or preventive action are not taken.

Customer Satisfaction

ISO 9001: 2008 requires customer satisfaction and customer perceptions to be monitored and measured. In the regulatory environment of medical devices customer satisfaction is felt to be too subjective. The requirement is therefore to monitor information to demonstrate customer requirements have been met (8.2.1).

Continual Improvement

Continual improvement of the QMS is not a requirement of ISO 13485: 2003. The requirement is to maintain the continued suitability and effectiveness of the QMS (8.5.1).

Would you like to learn the differences in a classroom environment?

The Batalas ISO 13485 Internal Auditor training course and the ISO 13845 Lead Auditor training course covers in detail the difference, why not take a look at these course.