ISO 13485
Benefit from Our Experience
An ISO 13485 Internal Audit is
a systematic, independent, and documented review of your organization's Quality Management System. It ensures the QMS
conforms to ISO 13485 requirements
is effectively implemented
is efficient
drives continuous improvement.
(616) 365-9822
Our Guarantee
"We offer a no cost, no obligation initial analysis as well as accomplishment Guarantees."
Brandon Kerkstra - President of MSG
ISO 13485
ISO 13485:2016 is the global standard for quality management systems (QMS) in the medical device industry, building on ISO 9001 with enhanced focus on safety, risk, and regulatory compliance. Published by ISO, it ensures consistent design, production, installation, and servicing of medical devices through documented processes, traceability, and continual improvement—essential for meeting FDA, EU MDR, and other regulatory requirements.
Tailored for medical devices — from design to post-market servicing
Structures eight clauses with a process-based, risk-focused approach
Mandates robust documentation for traceability and audit readiness
Requires risk-based decision-making (Clause 7.1) across the product lifecycle
Enforces strict design & development controls (Clause 7.3) for safety and performance
Validates sterile and software processes (Clause 7.5) to prevent failures
Aligns with global regulations — FDA 21 CFR Part 820, EU MDR, etc.
Drives improvement via internal audits (Clause 8.2.4) and management reviews (Clause 5.6)
Core Purpose
ISO 13485:2016 is the internationally recognized standard for quality management systems (QMS) in the medical device industry, ensuring consistent design, production, installation, and servicing of safe and effective devices. Building on ISO 9001 with stricter requirements for risk management, traceability, and regulatory compliance, it enables manufacturers to meet global standards like FDA 21 CFR Part 820 and EU MDR—driving patient safety, product reliability, and market trust through documented, auditable processes.
- Tailored for medical devices — from implants to diagnostic equipment and software
- Structures eight clauses with a process-based, risk-focused QMS framework
- Enforces robust documentation for full traceability and regulatory audits
- Requires risk-based decision-making (Clause 7.1) across the entire product lifecycle
- Mandates strict design & development controls (Clause 7.3) to ensure safety and performance
- Validates sterile and software processes (Clause 7.5) to prevent failures in critical applications
- Aligns with global regulations — FDA, EU MDR, Health Canada, and more
- Drives continual improvement via internal audits (Clause 8.2.4) and management reviews (Clause 5.6)
What Triggers an ISO 13485 Internal Audit?
| Event | Frequency | Scope | Typical Responsibility |
| Scheduled Internal Audit | Annually or as defined in the audit program (typically every 12 months to cover the full QMS over a cycle) | Entire QMS, covering all ISO 13485 clauses (e.g., 4-8), processes, and departments | Quality Manager or Internal Audit Team Lead |
| Significant Process Change | As needed (e.g., after major updates to design, production, or validation processes) | Affected processes or procedures (e.g., clause 7.3 design and development, or clause 7.5 production) | Process Owner or Quality Manager |
| Nonconformity or Corrective Action | Upon identification of major nonconformities, complaints, or CAPA implementation | Specific areas related to the nonconformity (e.g., clause 8.2.3 monitoring and measurement, clause 8.5 improvement) | Quality Manager or Corrective Action Team |
| Regulatory or Legal Changes | After updates to medical device regulations (e.g., FDA 21 CFR 820, EU MDR) | Impacted compliance obligations and processes (e.g., clause 4.1 general QMS requirements) | Regulatory Affairs Manager or Quality Manager |
| Management Review Follow-Up | After management review meetings (typically annually) | Areas for improvement identified in reviews (e.g., clause 5.6 management review) | Quality Manager or Management Review Team |
| Supplier or External Provider Issues | When supplier performance affects product quality or safety | Supplier management and purchasing processes (e.g., clause 7.4 purchasing) | Supply Chain Manager or Quality Manager |
| Product or Design Changes | Following new product introductions or design modifications | Design controls and risk management processes (e.g., clause 7.3 design and development, clause 7.1 planning) | Design and Development Manager or Quality Manager |
| Pre-Certification or Surveillance Audit | Prior to certification, recertification, or surveillance audits (e.g., every 1-3 years) | Full QMS or areas flagged in prior external audits | Quality Manager or Internal Audit Team |
Events that trigger an ISO 13485 Internal Audit
Event Trigger | Frequency | Scope | Typical Responsibility |
|---|---|---|---|
Serious complaint, adverse event, or trend in post-market surveillance | As needed upon event or trend detection | Complaint handling, vigilance/MD reporting, CAPA, risk management, affected products/processes | QA/RA Manager; Post-Market Surveillance Lead |
Regulatory change (e.g., MDR/IVDR, FDA QMSR, country-specific regs) | On change release/impact assessment completion | Regulatory compliance processes, labeling/UDI, technical documentation, QMS interfaces | Regulatory Affairs; Quality System Owner |
Major nonconformity found in prior internal or external audit (NB/FDA/MDSAP) | Follow-up within defined CAPA timeframe | Impacted processes and any interfaces; effectiveness verification | Internal Audit Lead; Process Owners |
New product introduction or significant design change (design transfer) | At design transfer or shortly after launch | Design controls (ISO 13485:2016 §7.3), DMR/DP, verification/validation, risk, labeling, production readiness | R&D Quality; Design Authority; Manufacturing Engineering |
Process validation failure or revalidation trigger (e.g., sterilization, molding, packaging seal) | Upon failure or revalidation event | Validated processes, PQ/OQ/IQ records, change control, monitoring data, product release criteria | Validation Engineer; QA; Production Lead |
Supplier critical issue (e.g., special process, sterile barrier materials, critical components) | As needed after issue, significant change, or poor performance trend | Supplier qualification/monitoring, incoming inspection, purchasing controls, traceability, SCAR effectiveness | Supplier Quality; Purchasing; QA |
Change control affecting product safety/performance (materials, software, equipment, site) | Per change implementation or prior to release, as defined in SOP | Change records, risk assessment, verification/validation, labeling, training, DHF/DMR updates | Change Control Board; QA/RA; Process Owners |
CAPA trend indicating systemic issues (e.g., repeat defects, field returns) | Triggered by data review (monthly/quarterly) | Root cause, containment, corrective action effectiveness, affected processes and training records | CAPA Board; Quality Engineering |
Environmental control/contamination control deviation (cleanroom, bioburden, endotoxin) | As needed on excursion or recurring trend | Controlled environments, monitoring, gowning, cleaning validation, sterilization, product release impact | Microbiology/Facilities; QA; Production |
Field safety corrective action/recall or reportable malfunction trend | Immediately after action initiation and post-effectiveness check | Risk management, complaint handling, traceability, distribution, communication controls, training effectiveness | RA/QA; Post-Market Team; Supply Chain |
Management review outputs requiring verification (resources, process changes, objectives) | After each management review cycle | QMS performance metrics, quality objectives, resource adequacy, improvement actions effectiveness | Top Management; Quality System Owner |
Software lifecycle nonconformity (embedded device SW or QMS software: eQMS, ERP, LIMS) | On detection of failure/defect or major update | Software development/validation records, configuration management, cybersecurity, release controls | Software QA; Design Authority; IT/CSV |
Training effectiveness gap affecting product quality or compliance | When gap identified via metrics, deviations, or audits | Competence/awareness records, role-based training matrices, process execution evidence on shop floor | HR/Training; QA; Department Managers |
Facility move, new manufacturing line, or new sterilization supplier/site | Prior to and after change, per plan | Technology transfer, validations, environmental controls, supplier qualification, logistics/traceability | Operations; Validation; Supplier Quality; QA/RA |
Planned internal audit program per ISO 13485 §8.2.4 requirements | On a defined annual/rolling schedule based on status and importance of processes & results of previous audits | All QMS processes over the cycle (design, purchasing, production, storage, distribution, servicing, PMS, etc.) | Internal Audit Lead; Independent Trained Auditors; Process Owners for corrective actions |
Preparation for notified body/MDSAP/FDA inspection or certification surveillance | Ahead of external audit/inspection windows | Areas with prior weaknesses, high-risk processes, regulatory focus topics (e.g., complaint/CAPA, design, sterilization) | QA/RA; Internal Audit Team; Site Leadership |
Management Solutions Group
Professional Services
Focused On
Our Clients
With a combined 100 years of experience in quality and process management systems, MSG presents practical solutions to companies that want help or are struggling to obtain their first certification or working to be certified or improve in new areas of business.
Copyright 2008 - 2021 Management Solutions Group, All Rights Reserved