ISO 13485 comprises the eight original 2008 version sections, which are preceded by an introduction. Sections one through
three describe the purpose and harmonization for use of the standard. Sections four through eight contain the conformance
conditions of the standard, i.e., the requirements necessary for compliance, so they would be examined individually and
collectively as an integrated system. Many items which were implicit before are now explicit in the wording for deployment.
-Section Four (Systemic Requirements): This section defines the general documentation requirements for compliance.
It explains how to implement and maintain a QMS for devices; prepare a quality manual, quality policy, and quality objectives;
control QMS documents and records; and maintain document integrity. Important to note is the new EDMS requirement for
storing and handling of documentation.
-Section Five (Management Requirements): This section defines management’s role in the planning (risk based),
establishment, maintenance and performance of an ISO 13485 QMS. It requires upper management to actively participate in
quality planning, and to ensure that the quality policy is understood throughout the organization. Specific requirements for
carrying out periodic (risk established) management reviews of the QMS, including how often reviews should take place with
defined roles; what to cover; and expected outputs to planned objectives, are also covered in section five.
-Section Six (Resource Requirements): This section defines the requirements for the provision of resources, including
physical resources (e.g, the need for adequate space, tools and equipment); environmental resources (e.g, the environment must
suit the type of device being made); and human resources (e.g, how to train and maintain competent personnel). Key topics
covered in section six include the importance of defining employee job requirements (like software) and how to keep good
training records that verify and validate usability conditions
-Section Seven (Product Realization Requirements): The most extensive section covers everything that is required
in order to produce a product, from customer requirements and communication to creating (designing and manufacturing),
installing, and supporting a medical device through post-market surveillance. Requirements are given for how to correctly
perform the most basic tasks (e.g, processing maintenance; all risk management planning and analysis phases), are also covered
in section seven. New items such as rigorous technical design transfer, risk based reviews, deployed change control and the
formality of design and development files (i.e. parent/child DHFs) that should be audited during the design control process.
-Section Eight (Remedial Requirements): This final (but explicit) section defines the remedial processes necessary in
order to maintain the effectiveness of the QMS. Key topics covered in section eight include handling adverse events and customer
complaints; conducting risk-based internal audits; formalities for monitoring and measuring processes and product, including
nonconforming product; analyzing data for effectiveness (in management and design reviews); and taking corrective and
preventive actions based on explicit risk and opportunity analyses using rigorous statistically developed tools.
The ISO/TR 14969:2004 guidance document for application of ISO 13485 has been replaced by a more extensive 220 page
practical guide produced by the standards technical committee (TC210).11 The additional guidance for implementing a medical
device QMS can be obtained from a document provider for a nominal cost. The international Medical Device Regulatory Forum
(IMDRF) has a rich library of credible guidance documents that are free and available on the website.12
