ISO 13485 is an internationally recognized standard for Quality Management Systems (QMS) specifically designed for the medical device industry.
Therefore, it has become common for MedTech manufacturers to require their suppliers to be certified to ISO 13485.
The Question Is: Do Your Suppliers Need an ISO 13485 QMS Certificate?
The short, official answer is:
NO – suppliers have no legal or regulatory obligation to have an ISO 13485 certification.
The decision to pursue an ISO 13485 certification is ultimately up to the individual supplier and should be based on their business needs and goals.
For some suppliers, an ISO 13485 certification may be necessary to meet their customers' requirements or to demonstrate their commitment to quality and safety.
However, the cost and effort required to obtain and maintain an ISO 13485 certification may not be justified for other suppliers.
Suppliers who lack certification may still provide high-quality components that meet or exceed the requirements of ISO 13485.
In this case, obtaining an ISO 13485 certification may not provide any additional benefits and may be a duplication of efforts.
So, as a legal manufacturer, you should not solely rely on ISO 13485 certification. It is only sometimes telling the entire story.
Far too often have we seen suppliers with an ISO 13485 QMS certification on their walls but no Quality Management System justifying it.
This is why supplier audits are essential – you should identify and mitigate potential supply chain risks through thorough supplier assessments and audits.
As a legal manufacturer, you are ultimately responsible for ensuring your suppliers comply with regulations and provide high-quality materials.
It is also worth noting that ISO 13485 is not the only standard that applies to the medical device industry.
Other standards and regulations, such as the FDA's Quality System Regulation (QSR), may also apply.
These standards may be more relevant to certain suppliers and provide an alternative means of demonstrating compliance and commitment to quality.
Conclusion
Suppliers have no legal or regulatory obligation to have an ISO 13485 certification. Our recommendation is to verify each supplier individually.
What is more important than a certificate is that the Quality Management System works and meets (or exceeds) all mandatory requirements.
Author: Simon Föger
PS: Are you lacking the necessary resources to verify your supplier’s QMS?
SIFo Medical supports you in conducting supplier audits. Benefit from the expertise of experienced auditors in the medical device industry.
You will receive complete documentation of the results, including concrete suggestions for improvement. For more information, contact us via e-mail at office@sifo-medical.com.
PPS: If you want to learn more about Quality- and Supplier Management in MedTech, check out our free learning resources at our SIFo Medical YouTube channel.
References
[1] ISO 13485:2016 Medical devices – Quality management systems – Requirements for regulatory purposes
[2] FDA Quality System Regulation (QSR)