Bring any framework. Vissibl maps your controls once and keeps them audit-ready, always.
ISO 13485 · Medical Devices QMS

No certificate, no market. Prove your devices are made to standard.

ISO 13485 is the global quality management standard for medical devices. For most manufacturers and their suppliers it is not optional, it is the gateway to market access, underpinning CE marking, FDA and TGA expectations and every serious procurement conversation. It shares its backbone with ISO 9001, tightened for the regulatory demands of medical devices.

See pricing
  • Aligned to ISO 9001
  • Clauses 4 to 8 mapped
  • Certifiable in 4 to 8 months
QMS COVERAGE
ISO 13485 Monitor
Live
Quality management system
LIVE100
Design & development controls
LIVE92
Risk management, ISO 14971
ACTION80
CAPA & traceability
LIVE88
4 to 8
Clauses
Market
Access
91%
Programme health
The shift

In medical devices, quality is not a differentiator. It is the price of entry.

No certificate, no sale

Regulators, notified bodies and distributors require a 13485 system before your device reaches a patient. Without it you are not in the market.

Regulation keeps rising

EU MDR, FDA and regional regimes keep raising the bar on evidence, traceability and post-market surveillance. One managed system keeps you ahead.

Trust is clinical, not commercial

Buyers are trusting you with patient safety. A certified quality system is how you prove that trust is earned, not assumed.

Who it's for

For everyone in the medical device chain.

Device manufacturers

Full design, production and post-market controls apply.

Software as a medical device

SaMD and digital health teams meeting device-grade quality expectations.

Component & contract manufacturers

Suppliers who must evidence 13485 to keep device-maker customers.

Importers & distributors

Handling, storage and traceability obligations across the supply chain.

What it requires

Clauses 4 to 8. Built for regulated devices.

Quality management system (Clause 4)

Documented QMS, document and record control tuned to regulatory needs.

Management responsibility (Clause 5)

Leadership, quality policy, objectives and defined responsibilities.

Resource management (Clause 6)

Competence, infrastructure and work environment, including contamination control.

Product realisation (Clause 7)

Design and development controls, purchasing, production and traceability. The largest group.

Measurement & improvement (Clause 8)

Monitoring, internal audit, CAPA and handling of nonconforming product.

Risk management throughout

ISO 14971 risk management applied across the product life cycle, the thread running through the whole standard.

What sets 13485 apart

What sets 13485 apart. Risk, design controls and traceability.

13485 goes beyond general quality by demanding device-grade rigour: formal design and development controls, risk management to ISO 14971 across the life cycle, and end-to-end traceability so any unit can be tracked and, if needed, recalled. This is the evidence a notified body examines most closely.

  • Design and development controls with design history evidence
  • Risk management to ISO 14971 across the product life cycle
  • Full traceability from materials to delivered device
  • CAPA and post-market feedback that close the loop and stand up at audit
Gateway
To market access

CE, FDA and TGA expectations all lean on a 13485-aligned quality system.

5
Clause groups

Clauses 4 to 8 to implement and evidence in one connected system.

4 to 8
Months to certify

For a business already running a quality system in good standing.

Less work than you think

Already run ISO 9001? The backbone carries across.

13485 shares its foundations with ISO 9001, so your document control, internal audit programme, management review and CAPA workflow transfer directly. The additions are device-specific: design controls, ISO 14971 risk management and traceability.

  • Document and record control transfers from your 9001 system
  • Internal audit and management review share one schedule
  • Your CAPA and nonconformity workflow handles device findings
  • The genuine additions are design controls, 14971 risk and traceability
  • One workspace, one dashboard, every framework in view
What's driving it

Why device businesses certify.

Australia

TGA conformity assessment.

  • TGA conformity assessment expects a 13485-aligned quality system.
  • Distributors and hospitals require it before listing or purchasing a device.
  • The baseline credential for anyone placing a device on the Australian market.
GCC

Rising regional expectations.

  • Regional health authorities increasingly require internationally recognised device quality systems.
  • Hospital procurement teams expect 13485 as a matter of course.
  • A visible signal of maturity in a market that is professionalising fast.
Global

The de facto passport for devices.

  • Recognised by notified bodies and regulators around the world.
  • The foundation for CE marking and FDA readiness.
  • The credential distributors and multinational buyers expect on the first call.
In Vissibl

Your 13485 programme running every day. Not just before the audit.

Clause-by-clause coverage

Every clause from 4 to 8 mapped from day one. Requirements assessed, linked to evidence, gaps surfaced as they appear.

Design & development controls

Design inputs, outputs, reviews, verification, validation and design history, tracked as a living record.

Risk management, ISO 14971

Product risks identified, evaluated and controlled across the life cycle, with evidence at every stage.

CAPA & traceability

Nonconformities, complaints and CAPA raised, investigated and closed. Full traceability from materials to delivered device.

Internal audit programme

13485 clauses on your audit schedule alongside your other frameworks. Findings tracked to closure.

Integrated with your IMS

13485 sits beside 9001, 14001, 45001, 27001 and 42001. One dashboard, one audit schedule, one evidence trail.

FAQ

Common questions.

Do we legally need 13485 to sell a device?

In most markets, effectively yes. Regulators such as the TGA, FDA and notified bodies operating under EU MDR expect device manufacturers and many suppliers to operate a 13485-aligned quality system. Distributors and hospitals will also ask to see it before purchase. Without it, market access is severely limited.

How is 13485 different from ISO 9001?

13485 shares ISO 9001's backbone but is tightened for the regulatory demands of medical devices. It requires formal design and development controls, ISO 14971 risk management across the life cycle, and end-to-end traceability. Continual improvement is present but is subordinate to safety, effectiveness and regulatory compliance.

We build software as a medical device, does it apply?

Yes. Software as a medical device (SaMD) and digital health teams are expected to meet 13485 quality expectations, with design controls, risk management and post-market surveillance applied to the software life cycle. Regulators and notified bodies are increasingly explicit about this.

How long does certification take?

For a business without an existing management system, typically eight to twelve months given the depth of design controls and evidence required. If you already run ISO 9001 in good standing, four to eight months is realistic. Vissibl surfaces your gap position on day one, so you know where you stand before Stage 1.

We already hold ISO 9001, how much extra work is 13485?

Less than most expect. Document control, internal audit, management review and CAPA workflow transfer directly from your 9001 system. The genuine additions are design and development controls, ISO 14971 risk management and full traceability. Vissibl maps what you already have and shows exactly which device-specific requirements remain.

Industrial landscape representing the rigour of medical device quality
Free gap analysis

See where your device quality system stands before a notified body does.

Bring your existing documentation. We run Vissi Audit against ISO 13485 and surface your gaps in 11 minutes. No prep, no obligation.