ISO 9001:2008 impact on ISO 13485:2003


Q: Why does Annex B of ISO 13485:2003: Medical devices — Quality management systems — Requirements for regulatory purposes address ISO 9001:2000?

Shouldn’t it be ISO 9001:2008 Quality management systems–Requirements?

A: ISO 9001 is “controlled” by Technical Committee (TC) 176 while ISO 13485 is “controlled” by TC 210. They are two separate, independent technical committees that write and revise standards.

ISO 13485:2003 is founded on ISO 9001:2000, with additional requirements added for the medical device industry. In other words, ISO 13485:2003 is ISO 9001:2000 (but with the requirement for “continual improvement” removed) and additional requirements for the medical device industry

When TC 176 revised ISO 9001 in 2008,  TC 210 decided not to make a change to ISO 13485 because ISO 9001 requirements didn’t change substantially.   It is important to note that many governments such as Health Canada have adopted ISO 13485:2003 as their law or have their medical device law based on 13485:2003. Many medical device companies today get ISO 13485:2003 registered and have dropped ISO 9001:2008 altogether as not being necessary.

By the way, TC 210 issued a technical corrigendum to ISO 13485:2003 in August of 2009 correcting its reference to “ISO 9001” to “ISO 9001:2000” to make this clear.

Jim Werner
Voting member to the U.S. TAG to ISO TC 176
Medical Device Quality Compliance (MDQC), LLC.
ASQ Senior Member
ASQ CQE, CQA, RABQSA Lead QMS Assessor

Aside | This entry was posted in ISO 13485 - Medical Devices and tagged , , , . Bookmark the permalink.

2 Responses to ISO 9001:2008 impact on ISO 13485:2003

  1. Hi Suresh,

    I am responding on Jim’s behalf: The answer is “no” – both ISO9001 and ISO13485 cover validation at section 7.5.2 in both standards. But ISO13485 has additional requirements for validation. ISO13485, Appendix B explains the differences between ISO 13485 and 9001.

  2. Suresh says:

    Hi Jim,
    The major difference between the two would be the validation right? ISO 13485 covers this and ISO 9001 does not. Correct if I’m wrong

Comments are closed.