“Should I stay or should I go?” asked iconic punk rock band The Clash, and ISO 13485:2016 will be at a similar decision point in 2025 when it undergoes its systematic review. This technical brief aims to

  1. Provide some background on the systematic review of ISO 13485:2016
  2. Explore the factors involved in that review
  3. Share what members of the MedTech industry can do to get involved

 

ISO 13485’s Position

ISO 13485 is a critical part of the regulatory framework for medical devices globally. This status is reflected in its title, “Medical devices — Quality management systems — Requirements for regulatory purposes”, where it is not only a sector-specific (i.e. the medical devices bit) quality management system (QMS) standard, but it is also directed towards the regulatory requirements related to a QMS (i.e. requirements for regulatory purposes and the numerous “applicable regulatory requirements” dotted throughout the normative text). This focus means that conformity to ISO 13485 supports market access across many different countries and regions, and provides customers and other stakeholders with some assurance that the respective organization is adhering to specific requirements and best practices related to their role in the medical device industry. The scope of ISO 13485 applies to all types of medical devices (and I include in vitro diagnostic medical devices and software as a medical device in that, too) and all organizations involved in the lifecycle of a medical device.

This broad application and crucial position in the foundations of many medical device regulatory frameworks around the world make the future of ISO 13485 of strategic importance to the majority of the industry.

Published in 2016, ISO 13485:2016 is the third edition of ISO 13485. It was given a 3-year review period initially and went through a systematic review in 2020 when it was confirmed (i.e. the published 2016 version remains valid and is not updated to a new edition). The review period was then set at the more traditional 5-year period, and thus ISO 13485:2016 is due for another systematic review in 2025.


What is the systematic review?


Standards are only worthwhile if they are kept up to date, still valid, being used (globally in the case of ISO standards), and still useful. The systematic review of ISO standards is the periodic mechanism for the national standards organizations to review published standards. In this instance, the national standards organizations will be asked whether ISO 13485:2016 is still valid, whether it needs to be updated or if it should be withdrawn. To do this, the national standards organizations should solicit feedback from their national stakeholders in order to make an informed decision in the systematic review.


The Survey

As preparation for the systematic review of ISO 13485:2016 in 2025, the ISO technical committee responsible for ISO 13485, ISO TC 210 WG1, opened a public survey for users of ISO 13485:2016 to provide feedback to the working group. The questions in the survey aimed to gather information on how ISO 13485:2016 is used, and perceived, by stakeholders in the medical device industry, and how the standard is valued. The survey ran during late 2023 and closed in January 2024.

ISO TC 210/WG 1 published a paper, "ISO 13485-2016 Users survey - White paper on the results", outlining some of the results from that global survey. There were over 1600 responses to the survey, with approximately ⅔ of the respondents coming from organizations identifying themselves as the legal manufacturer. The survey allowed the respondents to provide feedback on ISO 13485:2016 either by selecting predefined choices, or by using free text fields. Some of the key highlights from the survey were:

  • ~90% of respondents were very, or somewhat, satisfied with the content and use of ISO 13485:2016;
  • Respondents indicated that their use of ISO 13485:2016 still enabled them to conform, and align, with other management system standards (e.g. ISO 9001, ISO 14001) as required;
  • The stability of ISO 13485:2016 and its compatibility with global medical device regulations were of greater importance to the respondents than ISO 13485 following the harmonized approach for management system standards.

Independent of their answers on how satisfied they were with ISO 13485:2016, survey respondents were also able to provide specific comments on each clause of the standard. Over 600 comments were submitted, which ISO TC 210/WG1 have reviewed to determine whether there is a need for technical changes to ISO 13485:2016. There were many requests for ISO 13485 to be updated to reflect the specific requirements of specific national or regional legislation (e.g. the EU MDR), but these kinds of changes would be out of the scope for an ISO management system standard. There were a lot of requests for more specific requirements for certain technologies (e.g. software as a medical device) or certain organization types (e.g. those with virtual offices), as well as calls for further guidance on how to implement the existing requirements. It was clear from the responses that awareness of the existing guidance on the implementation of ISO 13485:2016 was low (see ISO 13485:2016 - Medical devices - A practical guide), in part due to it not being a typical ISO standard format. ISO TC210/WG1 has recognised that further guidance on specific areas would be beneficial, and it should be in a format that is more visible and accessible for organizations (than the current practical guide). Therefore a New Work Item Proposal (NWIP) is underway, which if/when approved will eventually lead to updated guidance in an ISO standard format (e.g. Technical Specification or a Technical Report). 


Key stakeholder considerations

One of the factors at play in the systematic review decision, will be a desire to transfer ISO 13485 to the harmonised approach used in other ISO management system standards (see Annex SL and Annex SL Appendix 2 REV 4 of ISO/IEC Directives, Part 1 Procedures for the technical work Consolidated ISO Supplement — Procedures specific to ISO). Moving ISO 13485:2016 to the harmonised approach is achievable. A move to the harmonised approach would leave ISO 13485 closely aligned with the structure and content of other management system standards such as ISO 9001 and ISO 14001, a move that could be beneficial for organisations maintaining conformity to multiple management system standards. It would also make combined certification audits (by a certification body) feasible and/or easier. In order for ISO 13485 to remain valid ‘for regulatory purposes’ (e.g. ensure requirements are clear, specific, and require objective evidence to demonstrate conformity), it is likely that modifications to the standard text (of the Annex SL) would be required; the question is whether that would still be acceptable for all stakeholders? The likely number of modifications to the standard text of Annex SL could also increase the development time of the revised standard.

At the time of the last systematic review in 2020, several key stakeholders expressed their concerns about the move towards the harmonised approach and called for time to allow ISO 13485:2016 to bed-in whilst other aspects of the medical device industry were still in a state of change. There was also a concern about maintaining alignment with an approach for which the medical device industry has no direct influence over the frequency of updates (e.g. updates to the ISO harmonised approach would be a trigger to revise ISO 13485 at the next review point).

As already mentioned, ISO 13485:2016 holds a special place in the foundations of many medical device regulatory frameworks around the world. For example:

There are numerous other national regulatory frameworks that are founded on either the principles or requirements of ISO 13485:2003 and/or ISO 13485:2016. Several of the above (and more) were cited as part of the stakeholder feedback for the 2020 systematic review (e.g. from national committees, IMDRF, trade associations and the MDSAP RAC Chair). The US FDA’s incorporation of ISO 13485:2016 as part of the amendments to 21 CFR 820 is now official (it was still a ‘plan’ back in 2019) and other regulatory authorities may have plans involving ISO 13485 too. For example, we know that the European Union and the UK’s MHRA are both official observers to the MDSAP and Singapore’s Health Sciences Authority (HAS) have just recently been added to that list. The MHRA have openly been discussing the idea of utilising MDSAP certification as part of changes to the UK regulatory framework and amongst the recent calls for the urgent revisions to the EU MDR and IVDR there have been requests from industry for the inclusion of MDSAP within the EU framework.

The three possible outcomes of the systematic review are confirm, revise or withdraw. At this stage, given the nature of ISO 13485 as summarized above, it is highly unlikely that there would be a vote to withdraw the standard, so I shall not dwell on that further. It comes down to confirm (i.e. retain with no changes) or revise (i.e. a new work item to review and rewrite ISO 13485:2016).

Confirmation would leave the 2016 version untouched for the next five years. That is five more years for regulatory frameworks to align with, or get closer to, the requirements of ISO 13485:2016. This would support the aim of getting closer to global regulatory harmonization desired by the IMDRF and many national competent authorities, including a more robust foundation for the efforts around regulatory recognition and reliance. A potential downside to confirmation is that it would be another five years for ISO 13845:2016 to feel more out of touch with the industry, especially when it comes to technology related challenges as the use of artificial intelligence (AI), including machine learning (ML), in both medical devices and in software used within the quality management systems continues to grow. And if the harmonized approach changes further in that time, that is potentially another degree of separation between ISO 13485:2016 and its alignment with other management system standards, which could make it more challenging for organizations claiming conformity to ISO 13485 and other standards such as ISO 9001 or ISO 14001.

Aside from switching to the harmonized approach, is there a need to revise the content of ISO 13485:2016? Perhaps. But whilst individually we all may wish for minor revisions to certain clauses of ISO 13485:2016 or the addition of a new requirement, or even the removal of a particularly troubling requirement, the consequences of a revision do need to be considered. Consequences such as:

  • the time it would take to produce the revised edition, during which further changes in the industry may occur and the harmonized approach may change again,
  • the need for organizations to direct resources to QMS updates, training and transition rather than developing new products and monitoring existing products on the market,
  • the cost and duration of implementation for device manufacturers, service providers and conformity assessment bodies,
  • the impact on regulations that are directly or indirectly linked to ISO 13485:2016,
  • the uncertainty that occurs during transition periods, especially where conformity to ISO 13485 is a customer requirement or is leveraged as part of a regulatory reliance scheme.

An important question in the confirm vs. revise decision, is “what is the overall benefit for making the changes if the standard is revised?” Would the improvements outweigh the pain and cost of the (non-exhaustive) consequences mentioned above? That is not for me to answer here, the purpose of this blog is to simply raise awareness of the systematic review and the considerations involved.

 

 

Why is all of this relevant to you?

Let’s start with an assumption, if you are reading this blog then you are involved directly or indirectly in the medical device industry. And if that is the case, then ISO 13485:2016 probably plays an important role in what you do, what your customers do, or what your clients or your suppliers do. Therefore, the future of ISO 13485 will have an impact on you or your organization at some level. Which factors are important for you and your organization?

Regardless of whether you participated in the public survey, the systematic review is an opportunity to communicate with your national standards organization, either directly, via members of the relevant national mirror committee for ISO TC 210 or via other stakeholders such as trade associations. Here are some of the ways you can get involved and express your views on whether ISO 13485:2016 should be confirmed or revised:

  • Identify the applicable national mirror committee for ISO TC210/WG 1 (e.g. NA 176-01-02 AA in Germany and CH210/01 in the UK) for your location and start a conversation on the topic.
  • Ensure that those voting in the systematic review of ISO 13485:2016 on your behalf (e.g. your applicable national standards organization) are aware of your preferences and concerns related to the possible outcomes of the review (i.e. confirm/no changes, revise or withdraw).
  • Engage with colleagues within your organization and peers within your networks to make them aware of the systematic review and their opportunity to express their views on the review of ISO 13485:2016.
  • Engage with any trade associations or professional bodies with which you or your organization are affiliated and determine if they are establishing a position on the systematic review of ISO 13845:2016.

We are passionate about your success. Tell us more about your regulatory and quality needs to learn about how we can help.

Book a Consultation

GLOBAL BOTTOM CTA INSTRUCTIONS:

To display custom copy instead of global copy in this section, please go to Show Global Content for Bottom CTA? toggle in the "Contents" tab to the left, toggle it off, save, and then REFRESH the page editor, the custom text will then show up and ready to be edited.

Turning the global content back on will be the same process, go to the toggle and toggle it back on, save and refresh!