ISO 13485:2012
Medical Devices Management

ISO Consultant Colin says…

When you consider that the majority of medical products interface with the human anatomy somewhere, be it either internal or external, then one could quickly understand why it can take a company at least 6 months to become successfully approved for this standard

ISO 13485: 2012 – What’s it all about ?

ISO 13485 is slightly different to many of the management system standards. Through the European Medical Devices Directive, 93/42/EEC, anyone intending to put a medical device onto the market in the EEC must have their Quality System assessed and certified prior to the goods being released. This certification must be against ISO 9001 or ISO 13485 and ISO 14971*, and be completed by a Notified Body. On a successful outcome of this assessment a certificate of conformity is issued allowing use of a CE Mark on the goods concerned and permission to sell the device in the European Market.

Hence certification against ISO 13485 directly affects a company’s ability to trade, while management system standards in other industries, such as ISO 9001, are rarely directly specified, legal requirements prior to entering a market.
*ISO 14791 is titled “Medical Devices: application of risk management” and should be used in conjunction with ISO 13485 when developing medical devices.


Essential for suppliers of medical devices

If you want to design, produce and sell medical products you absolutely have to be awarded this certificate, there are no other options.

Increase access to more markets worldwide

With a practical outlook the number of people on the planet is rising, modern medicine is reliant on so many devices, in short you have a very strong market.

Increase efficiency, cut costs

Integrating any strict controls does take time, the upshot is very often the increase of production efficiency and a reduction in overall production cost.

Why would my business want approval against this standard ?

As indicated above, if you want entry to this market, then approval against this standard is mandatory. Hence the decision to go through the potentially expensive certification is much more simple, if you want to be in this market this is one of the costs of entry.

How long would it take to become approved ?

This is a difficult question as so much depends on the type of product and size of business, but starting from scratch it is unlikely that a company would gain certification in less than six months. As a single product business with under 30 employees I would anticipate this needing at least 15 days of our help to get through the initial approval and be awarded a certificate of conformance.

What must I need to do ?

In short, identify the areas of your business where significant risk to the Security of your information exists. Then develop and implement appropriate controls to reduce that risk.

Annex A of ISO 27001 gives a range of controls which can be used to control information security. The applicability of these controls against your business needs to be established, and where the risk is significant, controls need to be developed.

The effectiveness of these controls must then be assessed through a series of internal audits, and by monitoring your security performance against measureable objectives. A system for the reporting of security breaches and potential breaches also needs to be established.

What is this likely to cost ?

Our fee’s are based on a day rate. The number of days are based on your activities, but are typically 10-12 days for a small business.
Certification by a UKAS ( i.e. UK Government approved body) is likely to cost £ 5-6000 for a three year certificate.

We currently offer the following routes in pursuing this set of ISO Standards

Working towards this set of control implementation and effectively becoming ready for the inspection audit is available to our clients via the colourised options below.

Face to Face


Do it yourself

Share This