Instant downloadAuditor-writtenSecure Stripe checkout

How to Get ISO 13485 Certified: The Process

The ISO 13485 certification process follows a familiar management-system audit path, but with the added rigour that medical devices demand. Knowing the ISO 13485 certification process in advance — including how it interacts with schemes like MDSAP — lets you plan realistically. This guide walks through each stage and how to prepare efficiently for your medical device quality audit.

ISO 13485 certification process toolkit
A toolkit that streamlines every stage of the ISO 13485 certification process.

The ISO 13485 certification process

  1. Gap analysis. Compare your current QMS against ISO 13485:2016 to identify what’s missing.
  2. Define scope. Determine which devices, sites, and processes the QMS covers, and which regulatory requirements apply.
  3. Build the QMS. Write the quality manual and required procedures, establish design controls, risk management, and your medical device file(s).
  4. Implement & operate. Run the QMS long enough to generate objective evidence — records, design history, CAPA, and more.
  5. Internal audit & management review. Check the QMS yourself and have leadership review it — both required before certification.
  6. Stage 1 audit. The certification body reviews your documentation and readiness.
  7. Stage 2 audit. The auditor tests whether the QMS is genuinely implemented and effective, with close attention to design and risk.
  8. Certification. Pass, and you receive a certificate typically valid for three years, with annual surveillance audits.

Get audit-ready faster.

The biggest delay is building the QMS documentation from scratch. The ISO 13485 Toolkit gives you the complete, auditor-written document set ready to tailor — so you spend your time implementing, not drafting.

Get the ISO 13485 Toolkit →

How long does it take?

Typically six to twelve months, and sometimes longer for complex or higher-risk devices — ISO 13485 is more documentation-heavy than most management-system standards, and the design and risk-management evidence takes time to build. Organizations already running ISO 9001 have a partial head start, but the regulatory and device-specific requirements are substantial additions.

A note on MDSAP

If you sell into multiple markets, the Medical Device Single Audit Program (MDSAP) lets a single audit satisfy several regulators (including Australia, Brazil, Canada, Japan, and the US). It’s built on ISO 13485, so a strong 13485 QMS is the foundation for MDSAP too.

How to prepare efficiently

  • Start from a complete document set rather than authoring the manual, procedures, and design templates from scratch — see the documentation checklist.
  • Get risk management and design controls right early — they draw the most audit scrutiny.
  • Understand your target markets’ rules, including the FDA’s QMSR if you sell in the US.
  • Choose a certification body accredited for your device type and markets.

Common pitfalls in the ISO 13485 certification process

Medical device audits are unforgiving of gaps. The most common stumbles are weak design controls, a CAPA system that doesn’t close the loop, incomplete risk management files, and thin post-market surveillance. Teams also underestimate validation — of processes, software, and sterilisation — which auditors probe closely. Run a full internal audit and management review before Stage 2, make sure your medical device files are complete, and choose a certification body experienced in your device class. The standard is published by ISO, and if you need MDSAP or FDA recognition, confirm your body’s scope early.

Frequently asked questions

Is ISO 13485 certification legally required?

Not everywhere by name, but it’s the practical route to demonstrating QMS conformity that regulators expect — and often a de facto requirement for market access.

Does certification prove my device is approved?

No. ISO 13485 certifies your quality system, not any individual device. Device approval is a separate regulatory process.

For the full background, read our complete guide to ISO 13485.

Approached methodically, the ISO 13485 certification process is demanding but predictable: build genuine design, risk, and CAPA discipline, evidence it thoroughly, and the audit confirms a system built for patient safety.

Shopping Cart