ISO 13485:2016 is the international standard for QMS in the medical device industry — and the foundation of the FDA QMSR. Affinity QMS aligns every module to ISO 13485 clause requirements so you can pursue certification and satisfy FDA requirements in a single system.
ISO 13485:2016 is the international consensus standard specifying requirements for a quality management system in the design, production, installation, and servicing of medical devices. Unlike 21 CFR Part 820, which is a US regulatory requirement, ISO 13485 is a certification standard — meaning third-party auditors from a notified body or accredited certification body assess conformance and issue a certificate of compliance. ISO 13485 certification is increasingly required for global market access.
Global Market Access — Where ISO 13485 Is Required
CE Marking
(EU MDR/IVDR)
UKCA Marking
Health Canada
(MDSAP)
TGA
ANVISA
MHLW
(MDSAP)
ISO 13485 Clause Structure
Clause 4 — Quality Management System (General Requirements)
Clause 5 — Management Responsibility
Clause 6 — Resource Management (Personnel, Infrastructure)
Clause 7 — Product Realization (Design, Purchasing, Production)
Clause 8 — Measurement, Analysis, and Improvement (Audits, CAPA)
Every ISO 13485 clause maps to an Affinity QMS module. Your certification auditor asks for clause evidence — you generate it on demand.
| ISO 13485 Clause | Requirement | Affinity QMS Module | What It Does |
|---|---|---|---|
| Clause 4.2 | Documentation Requirements | Document Control | Quality manual, SOPs, work instructions, forms; version control, approval workflows, change control, controlled distribution |
| Clause 6.2 | Human Resources / Training | Training Management | Training records, competency assessments, training matrix by job function, SOP acknowledgment, requalification tracking |
| Clause 7.1 | Planning of Product Realization | DHF / DMR | Product realization planning linked to design inputs, risk management, and verification/validation documentation |
| Clause 7.3 | Design & Development | DHF / DMR | Design History File with design inputs, design outputs, design verification, design validation, design transfer, and design change records |
| Clause 7.4 | Purchasing / Supplier Controls | Supplier Management | Approved vendor list, supplier evaluation and qualification, purchasing information, verification of purchased product |
| Clause 7.1 (Risk) | Risk Management (ISO 14971) | Risk Management | Risk register, hazard identification, risk estimation, risk evaluation, risk controls, FMEA, risk-benefit analysis, residual risk |
| Clause 8.2.2 | Complaint Handling | Complaint Management | Complaint intake, investigation workflow, MDR/vigilance report triage, complaint trending, regulatory reporting |
| Clause 8.2.4 | Internal Audits | Audit Management | Audit planning, audit scheduling, audit program management, finding records, CAPA linkage, audit closure |
| Clause 8.5.2 & 8.5.3 | Corrective & Preventive Action | CAPA Management | CAPA initiation from nonconformities, complaints, audits; root cause analysis; effectiveness verification; trending |
Three distinct buyer profiles pursue ISO 13485 certification. Affinity QMS is designed for all three.
Medtech Startup Pursuing CE Marking
Building a QMS ahead of a CE marking application under EU MDR. Needs ISO 13485 certification from a notified body. Wants software that organizes all design control, risk management, and QMS documentation in the clause structure auditors expect. No enterprise budget.
Device Company Expanding Internationally
US-based device company with FDA clearance pursuing international market access (EU MDR, Health Canada, TGA). Needs to add ISO 13485 certification to their existing QMS without rebuilding their entire quality system. Already has a 510(k) but needs MDSAP for Canada.
Medical Device Contract Manufacturer
Manufacturing devices for multiple OEM clients, each with different QMS expectations. ISO 13485 certification is a baseline requirement for winning contracts. Needs one neutral, configurable platform that satisfies 13485 for all clients and positions the facility for MDSAP in the future.
ISO 13485 is the hub of the global medical device regulatory ecosystem. It connects to FDA QMSR, MDSAP, EU MDR, and multiple national regulatory frameworks.
ISO 13485 certification is not a direct FDA requirement — the FDA requires compliance with 21 CFR Part 820 (QMSR), not ISO 13485 certification per se. However, the FDA QMSR (effective February 2026) incorporates ISO 13485 by reference as the framework for device QMS requirements. This means that manufacturers demonstrating ISO 13485 conformance will substantially satisfy QMSR requirements. ISO 13485 certification is a regulatory requirement for CE marking under EU MDR, Health Canada medical device licensing, TGA registration, and participation in MDSAP.
ISO 9001 is the general quality management system standard applicable to any industry. ISO 13485 is derived from ISO 9001 but is specifically tailored to the medical device industry and includes additional requirements that ISO 9001 does not address: (1) regulatory requirements are integrated throughout the standard, (2) risk management is explicitly required as a core activity (not just risk-based thinking), (3) design and development requirements are more prescriptive and include design transfer, (4) complaint handling includes post-market surveillance and vigilance reporting, (5) cleaning validation and sterility assurance requirements are included, and (6) the standard is not compatible with the Plan-Do-Check-Act cycle in the same way ISO 9001 is. Pursuing ISO 9001 does not constitute ISO 13485 certification.
ISO 13485 certification requires: (1) Implementing a Quality Management System that conforms to all applicable clauses of ISO 13485:2016; (2) Operating the QMS for a sufficient period to generate evidence of conformance (typically 3–6 months minimum); (3) Conducting at least one full cycle of internal audits and management reviews; (4) Selecting an accredited certification body (CB) such as BSI, TÜV Rheinland, SGS, or DNV; (5) Completing a Stage 1 audit (document review) and Stage 2 audit (on-site assessment); and (6) Addressing any nonconformities identified by the certification auditor. Certification is typically valid for three years with annual surveillance audits. Affinity QMS generates all the documentation and records your certification auditor will review.
ISO 13485 Clause 4.2 requires an organization to establish and maintain a Quality Manual, documented procedures for required processes, and records demonstrating conformance and effective operation of the QMS. Affinity QMS Document Control provides: a structured Quality Manual template aligned to the ISO 13485 clause structure; a document library for all SOPs, work instructions, forms, and specifications; full version control with approval workflows and e-signatures; change control processes; controlled distribution with read-receipt tracking; and document retention schedules. When your certification auditor asks for document evidence of Clause 4.2 conformance, Affinity QMS generates the complete document index in minutes.
MDSAP (Medical Device Single Audit Program) is a program that allows a single audit by an MDSAP-recognized auditing organization to satisfy regulatory requirements for FDA (US), Health Canada (Canada), TGA (Australia), ANVISA (Brazil), and MHLW (Japan). The MDSAP audit model is built on ISO 13485:2016 as its QMS foundation, with regulatory requirements from each participating country layered on top. Health Canada has required MDSAP since 2019 for most device manufacturers. ISO 13485 certification is a prerequisite for MDSAP. Manufacturers who achieve ISO 13485 certification first are well-positioned to pursue MDSAP, and Affinity QMS supports both in the same system.
The timeline for ISO 13485 certification depends on the current state of your QMS and the complexity of your operations. A startup building a QMS from scratch should plan for 6–12 months from QMS implementation start to certification: 3–4 months to build and implement the QMS; 3–6 months of operation to generate records; 1–2 months for the certification body audit process. For an organization with an existing QMS transitioning to ISO 13485, the timeline is typically 3–6 months. Affinity QMS accelerates the documentation and implementation phase significantly by providing pre-configured templates, module structures aligned to ISO 13485 clauses, and automated record generation from day one.
Affinity QMS is configured clause-by-clause to ISO 13485:2016. Stop retrofitting generic QMS software to fit a medical device standard — start with a system designed for it.