Major Revisions to ISO 13485:2016

By Linda Chatwin

Time To Read 3 minutes

The 2016 revision to ISO 13485 brings with it many changes.  In this article, we highlight some of the more significant revisions.

The most prevalent change that one can readily identify is risk. The standard expects manufacturers to apply a risk-based approach to the control of the appropriate processes needed for the quality management system.

Risk is mentioned some 15 times throughout the standard, to account for the specific issues being addressed. Risk is to be considered in outsourcing and supplier controls, with respect to software validations, and in the training of personnel commensurate with risks inherent in the processes they perform. Risk is to be taken into account in product planning processes.

Top Management responsibilities are clarified, with explicit requirements for reviews at documented, planned intervals. More emphasis is put on results of activities and effectiveness of the quality system and measurable quality objectives.

There is more emphasis on training to quality processes, establishing competence and awareness of personnel duties. The standard now specifies that the organization shall determine any user training needed to ensure specified performance and safe use of the medical device.

Facilities must be arranged in order to prevent mix-ups and control of contamination and and requirements for documenting the work environment have been added.

Design and development planning requirements are stated to more closely reflect regulatory expectations of design control planning.

A design and development transfer sub-clause was added.

A Design History File (DHF) must be documented and maintained.. For change control, there must be an evaluation of the change effect on products, processes and activities.

The purchasing process focuses the supplier sourcing and selection criteria on the effect of the supplier performance on the quality of the medical device, the risk associated with the medical device, and the product meeting applicable regulatory requirements.

Documented procedures are required for traceability.

A new requirement was added to include notification of changes in purchased product.

Installation and servicing activities include requirements for analysis of records and details where procedures are required.

There is a specific requirement for software validation, prior to initial use.

A number of requirements are added for record keeping with respect to service, installation and verification and validation activities.

Corrective and preventive actions must verify that the actions do not have an adverse effect on product, and that corrective actions are taken without undue delay.

Complaint handling is added as a completely new sub-clause to the standard, and requires much the same complaint handling process as FDA for recording, investigating, communication and moving to CAPAs when indicated or justifying why they are not.

Status identification of product is required throughout the stages of production and storage, and details regarding the preservation of product are added.

Monitoring and measurement of product, and non-conforming product sections add requirements to identify the test equipment used to perform measurement activities and details related to kinds of controls that are to be documented.

Cleanliness of product requirements is enhanced for non-sterile product whose use depends on cleanliness.

how to start preparing now

Here are ways your company can prepare for a more successful transition:

    1. Plan the transition – what will be needed? From whom? When? Risks?
    2. Consider ISO 9001 – does the company also need to maintain that certification?
      1. How to reconcile the requirements of the two standards
      2. How to meet the requirements of each
      3. Is some division in the Quality System needed?
      4. Review related procedures – what changes will be needed?
    3. What paradigm shifts will the company need? Are they aligned and what is the significance?
    4. What and when should training be considered?
    5. Don’t wait! Due to the significant divergences and changes, it will take time to comply!

Fill in the form to download your copy of the article:


Linda M. Chatwin, RAC, J.D. – UL LLC

Ms. Chatwin has been involved with regulated medical products for over 30 years. She understands the regulatory maze required to bring products to market. She holds a Regulatory Affairs Certification and is an attorney in the U.S.  She has obtained product approvals for a wide range of products, and remains involved in changing requirements for medical devices worldwide. Currently, she heads the North American Advisory Services group for UL, LLC, assisting clients with regulatory issues and challenges, including implementation of UDI processes. Ms. Chatwin travels worldwide to speak about changing market access issues.

Walt Murray – MasterControl

Walt Murray is a quality management and regulatory affairs professional with more than 32 years of experience working with internationally recognized, highly regulated companies, including Aventis-Pasteur, Merck, Pfizer, Stryker, USANA and Del Monte Foods. A Six Sigma Black Belt, Murray is certified in quality and environmental systems auditing (AQS Systems), critical-thinking skills and process control. He also has extensive training and consulting expertise in quality event/CAPA management, risk management, supplier control and audit management.

Having personally performed more than 200 third-party audits, for a variety of Fortune 500 life sciences companies, Murray has hosted investigational and systems audits by the FDA, Therapeutic Goods Administration (TGA), Medicines and Healthcare Products Regulatory Agency (MHRA) and Health Canada.

Murray holds a Bachelor of Science degree in analytical chemistry from the University of Richmond and has completed graduate-level coursework at the University of Tennessee, Knoxville. He is an active member of the Society of Manufacturing Engineers (SME), the Regulatory Affairs Professional Society (RAPS), the American Society for Quality (ASQ), the Society for Quality Assurance (SQA) and the Intermountain Biomedical Association (IBA), as well as board member of BioUtah’s Compliance Forum.  His broad knowledge base makes him a much sought-after speaker at national and international compliance forums such as MD&M, AdvaMed, SQA, INTERPHEX and others.

Currently, Murray leads the quality and compliance consulting services division of MasterControl, a leading provider of quality management software solutions to regulated companies worldwide.