ISO 13485

ISO 13485:2016, Medical devices – Quality management systems – Requirements for regulatory purposes, is an internationally agreed standard that sets out the requirements for a quality management system specific to the medical devices industry.

How do I get ISO 13485?

Here are the following stages to becoming and staying certified to ISO 13485:

1. Establish a system that complies with the standard
2. Understand how the Medical Device Regulations [MDR] affect you.
3. Complete a technical file for each product
4. Brief staff
5. Operate the system to make sure it is working correctly
6. Carry out internal audits and management reviews
7. Appoint a “notified body” to audit you against the standard and the MDR
8. Keep using the system once it has been certified (to keep the certificate)

There is more detailed information below about the various stages you need to go through.

Your ISO 13485 certification journey

Group 161

Getting Started

  1. Provide a comprehensive briefing of what the standard asks you to do in simple to understand terms
  2. Begin to understand in detail how you operate
  3. Set a timetable and stick to it
  4. Decide what you want covered by the certificate – which sites, products and services.
  5. Put the right resources in place
  6. Collect all existing documentation
  7. Establish a dedicated client portal on our collaboration and document sharing platform
  8. Work with you to understand how the MDR regulations apply to you
Group 162


  1. Establish a detailed project plan in our online project management platform (and stick to it)
  2. Decide with you what you need operationally
  3. Map out your business processes
  4. Complete a gap analysis between what the standard and MDR requires and what you have/do already
  5. Implement the system
  6. Submit the system to Episode Head Office for final QC checks
  7. Submit it to you for your approval
  8. Ensure all records, especially technical files are complete and up to date
  9. Separate consultant Internally audit the system
  10. Carry out a management review
Group 163


  1. Work with you to select and appoint a UKAS accredited certification body.
  2. Be onsite throughout the certification process
  3. Address any issues that arise during the audit
  4. Brief you on post-certification activity
    a. 3 year cycle of annual surveillance audits and
    b. what you need to do throughout the year to maintain the system
  5.  Agree where the finished, certified system should be housed (in our free online platform or local in your own IT infrastructure)

Episode guarantees certification


How much will it cost?

There are the following costs that will arise

  1. External consultants

Episode always gives a fixed fee proposal for a project, and we include guaranteed certification. A typical project is about £9,500, but this does depend on the size and complexity of your business.

  1. Certification costs

You will need an external company certify the system as being compliance with the standard. There are a few notified bodies in the UK (see here) and the costs will be in the region of £8,000 to £10,000.

  1. Internal business costs.

Sometimes, but rarely, you may have to invest in things such as having machinery serviced &/or calibrated.

Why should I choose Episode?

For a fixed cost we will do as much of the work as possible, and guarantee certification.

Episode has worked with over 40 clients, many of whom have more than one standard they comply with (one has 5). All have been successfully certified and many  subsequently ask us to help them maintain certification, and get more out of the system.

How long will it take?

The standard and MDR are detailed requirements to work though and comply with. It is difficult to give precise timescales, as it depends on a number of things such as how complex the business is, how close you are to complying with the standard already, and so on. We recommend planning for it taking at least 6 months.

Will it create red tape and take too much time?

Done wrong, absolutely. Too many systems we see have a form or document to cover every aspect of the standard. That’s the easy way to build a system, and an equally easy way to cripple you operationally. You know when this is the case when you spend a  month “updating” (i.e. creating false) records, etc. before the auditor next comes.

Done right, as we will make sure it is, the system should be at the core of how you work. Remember, we make ISO work for you, not the other way around.

What’s business strategy got to do with it?

The standard is written to help you arrive at your business strategy, if you haven’t already, and then tailor systems and processes to achieving that strategy. ISO even considered renaming ISO 9001 Business, rather than, quality, management systems. It is actually a really good business model to adopt (we have).

To speak to an expert to discuss your requirements call us on 0113 801 9001

What is quality management and ISO 13485?

ISO 13485:2016, Medical devices – Quality management systems – Requirements for regulatory purposes, is a stand-alone QMS standard, derived from the ISO 9001 quality management standard. ISO 13485 adapts the ISO 9001 process-based model for a regulated medical device manufacturing environment.

While ISO 13485 is based on ISO 9001, it is designed for regulatory compliance. It is therefore more prescriptive in nature and requires a more thoroughly documented quality management system.

ISO 13485 was written to support medical device manufacturers in designing quality management systems that establish and maintain the effectiveness of their processes. It ensures the consistent design, development, production, installation, and delivery of medical devices that are safe for their intended purpose.

There is an emphasis on risk management and risk-based decision making for processes outside the realm of product realisation. The focus is on risks associated with the safety and performance of medical devices and compliance with regulatory requirements. In addition, the standard asks companies to be very stringent when it comes to outsourcing processes by putting into place controls, such as written agreements, for assessing their suppliers – again based on risk. 6

ISO 13485 also reflects the increased regulatory requirements for organisations across the medical devices supply chain.

When done correctly, gaining and maintaining ISO certification is not as complicated as most think. Trust Episode to make ISO work for you, not the other way around.

Contact us today on 0113 8019001 or click here to email us


It was only by utilising the expert guidance and experience of ‘Episode Ltd.’ That Thurston Group was able to attain certification within an exceptionally challenging time frame. We therefore offer our thanks to Episode Ltd. For the diligent and professional services provided. We also look forward to working with them again soon and would not hesitate to recommend their services."


Peter Spieight, Senior Divisional Director, Thurston Group, Wakefield

Roger's support was invaluable in terms of gap analysis, recommendations for improvement, and facilitation of the certification process. I would strongly recommend Roger to any organisation wishing to develop or improve its management systems, in a way which minimizes bureaucracy, and focuses on best serving the needs of the organization.

Gary Evans, Flour Corporation, Abu Dhabi