What is the primary objective of **ISO 13485**?

**ISO 13485:2016 specifies requirements for a quality management system (QMS) where organizations demonstrate ability to consistently provide medical devices and related services that meet customer and applicable regulatory requirements.** This standard applies to one or more stages of the medical device life cycle, including design, production, distribution, installation, servicing, and decommissioning. It emphasizes documented processes, risk-based controls, validation, traceability, and post-market obligations to ensure device safety and performance for regulatory purposes.

Who is legally or professionally required to comply with **ISO 13485**?

**ISO 13485 applies to organizations whose activities include one or more stages of the medical device life cycle, such as manufacturers, production organizations, installers, servicers, distributors, importers, and suppliers of related services.** Target entities include medical device manufacturers (design/manufacture), contract manufacturers, sterilization/calibration service providers, and supply chain actors with regulatory roles. Organizations must identify their regulatory roles and incorporate applicable requirements into the QMS.

Does **ISO 13485** require an external audit or third-party certification?

**ISO 13485 certification is performed by accredited third-party certification bodies through a two-stage audit process: Stage 1 (documentation review) and Stage 2 (implementation verification), followed by annual surveillance and triennial recertification.** While the standard itself does not mandate certification, it is commonly required for market access, regulatory conformity (e.g., EU MDR expectations), and supplier qualification.

How often should an assessment for **ISO 13485** be performed?

**Internal audits for ISO 13485 must be conducted at planned intervals to determine QMS suitability, adequacy, and effectiveness, with frequency based on process risk and regulatory changes.** Management reviews occur at planned intervals, incorporating audit results, complaints, CAPA status, and performance data. External surveillance audits are typically annual, with full recertification every three years.

What are the consequences of non-compliance with **ISO 13485**?

**Non-compliance with ISO 13485 can result in failed certification audits, regulatory enforcement actions, product holds, recalls, fines, market withdrawal, and loss of notified body approval.** Weaknesses in design controls, validation, CAPA, or post-market surveillance often lead to major nonconformities, increased scrutiny, and operational disruptions like CAPA backlogs or supplier requalification.

An **ISO 13485** be mapped to other international frameworks?

**ISO 13485 cannot be directly claimed as conformity to other standards like ISO 9001, as it excludes certain ISO 9001 requirements deemed inappropriate for regulatory purposes.** Annex B provides correspondence to ISO 9001:2015, but organizations must meet all requirements of the target standard separately. It complements ISO 14971 (risk management) and aligns with regulatory frameworks like EU MDR and FDA QMSR (effective February 2, 2026).

What is the first step to begin implementing **ISO 13485**?

**The first step to implement ISO 13485 is to establish and document the QMS scope per Clause 4.1, including process identification, risk-based controls, outsourcing arrangements, and justifications for any exclusions.** Define organizational roles under regulatory requirements, create a quality manual outlining scope and process interactions, and conduct a gap analysis against Clauses 4–8 to prioritize remediation.

What is the primary objective of **AS9110C**?

**AS9110C’s primary objective is to enable aviation maintenance organizations to consistently provide products and services meeting customer and statutory/regulatory requirements while enhancing customer satisfaction through effective QMS application and continual improvement.** It incorporates ISO 9001:2015’s Annex SL structure (Clauses 4–10) with maintenance-specific additions like configuration management, counterfeit parts prevention, product safety, traceability, preservation, and human factors controls, ensuring continuing airworthiness in repair stations and MRO providers.

Who is legally or professionally required to comply with **AS9110C**?

**AS9110C applies to organizations providing aviation maintenance, repair, overhaul (MRO), and continuing airworthiness services, including repair stations, independent MROs, and OEMs with autonomous MRO operations.** It targets civil/military contexts regardless of size, where primary business involves compliant products/services; certification is often mandated by OEMs, airlines, and regulators for OASIS listing and contract eligibility, with customer/regulatory requirements overriding standard provisions.

Does **AS9110C** require an external audit or third-party certification?

**Yes, AS9110C requires third-party certification through accredited bodies, with the QMS fully operational for at least three months, including a full internal audit cycle and management review prior to initial audit.** Stage 1 reviews documentation; Stage 2 verifies implementation via on-site evidence of processes like operational planning and leadership commitment.

How often should an assessment for **AS9110C** be performed?

**Internal audits for AS9110C must be performed at planned intervals based on process risk, status, and results, with full coverage annually and critical processes (e.g., Clause 8 operations) audited more frequently.** Management reviews occur regularly (e.g., semi-annually), supported by performance data; surveillance audits follow certification, with recertification every three years.

What are the consequences of non-compliance with **AS9110C**?

**Non-compliance with AS9110C risks loss of certification, exclusion from IAQG OASIS, contract ineligibility with OEMs/airlines, and regulatory sanctions like repair station certificate suspension.** It undermines continuing airworthiness, exposes organizations to safety incidents, rework costs, and legal liability from inadequate controls on configuration, traceability, or counterfeit parts.

Can **AS9110C** be mapped to other international frameworks?

**Yes, AS9110C aligns directly with ISO 9001:2015 via its Annex SL high-level structure and shares terminology like “documented information” and “external providers.”** IAQG correlation matrices facilitate mapping to aviation regulations (e.g., FAA/EASA Part 145), enabling integrated QMS without exclusions unless justified in scope.

What is the first step to begin implementing **AS9110C**?

**The first step is to define the QMS scope, determining internal/external issues, interested parties, and applicability, justifying any non-applicable requirements.** Conduct a gap analysis against Clauses 4–10, prioritizing Clause 8 operational controls like configuration management and risk-based planning (Clauses 6.1/8.1.1).

ISO 13485 vs AS9110C

Standards Comparison

ISO 13485

Mandatory

2016

International standard for medical device quality management systems

AS9110C

Mandatory

2016

Aerospace standard for aviation maintenance quality management systems.

Quick Verdict

ISO 13485 ensures medical device safety and regulatory compliance for healthcare manufacturers, while AS9110C mandates aviation maintenance controls for MRO organizations. Companies adopt them for certification, market access, risk reduction, and proving lifecycle quality in regulated sectors.

Quality Management

ISO 13485

ISO 13485:2016 Medical devices Quality management systems

Cost

€€€€

Complexity

High

Implementation Time

12-18 months

Key Features

Risk-based controls across medical device lifecycle
Mandatory validation of processes and software
Medical device files for traceability and conformity
Post-market surveillance and complaint handling integration
Supplier evaluation and outsourcing process controls

Quality Management

AS9110C

AS9110C: Quality Management Systems for Aviation Maintenance Organizations

Cost

€€€€

Complexity

High

Implementation Time

6-12 months

Key Features

Risk-based thinking in strategic and operational planning
Configuration management and traceability controls
Counterfeit and suspect parts prevention
Product safety and human factors integration
External provider evaluation and control

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

ISO 13485 Details

What It Is

ISO 13485:2016 is an international certification standard titled Medical devices — Quality management systems — Requirements for regulatory purposes. It provides a risk-based framework for organizations to demonstrate consistent provision of safe medical devices across lifecycle stages, from design to post-market surveillance.

Key Components

Organized into Clauses 4–8: QMS/documentation, management responsibility, resources, product realization, measurement/improvement.
Emphasizes documented procedures, medical device files, process validation, traceability, and CAPA.
Built on process approach with regulatory integration; certification via accredited bodies.

Why Organizations Use It

Enables market access (EU MDR, FDA QMSR alignment by 2026).
Reduces risks via validation, supplier controls, post-market feedback.
Builds stakeholder trust, lowers costs of quality, supports scalability.

Implementation Overview

Phased: gap analysis, documentation, training, validation, audits.
Applies to manufacturers, suppliers, distributors globally.
Requires Stage 1/2 certification audits, ongoing surveillance.

AS9110C Details

What It Is

AS9110C (AS9110:2016 Rev C) is an international certification standard for quality management systems (QMS) in aviation maintenance organizations (MROs). It builds on ISO 9001:2015 with aerospace-specific requirements for repair stations and continuing airworthiness providers. Its primary purpose is ensuring safe, compliant maintenance of aircraft and components via risk-based thinking, PDCA cycles, and Annex SL structure.

Key Components

Core clauses (4-10): Context, leadership, planning, support, operation, evaluation, improvement.
Aviation additions: configuration management, counterfeit parts prevention, product safety, traceability, human factors.
~28 supplemental requirements over ISO 9001; no fixed control count.
Certification via IAQG-accredited bodies, listed in OASIS database.

Why Organizations Use It

Meets customer/OEM contracts and regulatory alignment (FAA/EASA Part 145).
Mitigates safety risks, ensures airworthiness.
Boosts market access, on-time delivery, customer satisfaction.
Enhances resilience, reduces rework via standardized processes.

Implementation Overview

Phased: gap analysis, process design, training, audits (6-12 months typical).
Applies to MROs globally, any size.
Requires internal audits, management review, Stage 1/2 certification audits.

Key Differences

Aspect	ISO 13485	AS9110C
Scope	Medical device lifecycle QMS	Aviation maintenance/repair QMS
Industry	Medical devices, global manufacturers	Aerospace MRO, aviation repair stations
Nature	Regulatory-ready certification standard	Aerospace-specific certification standard
Testing	Process validation, internal audits	Configuration audits, human factors checks
Penalties	Loss of certification, regulatory holds	Loss of certification, airworthiness suspension

Scope

ISO 13485

Medical device lifecycle QMS

AS9110C

Aviation maintenance/repair QMS

Industry

ISO 13485

Medical devices, global manufacturers

AS9110C

Aerospace MRO, aviation repair stations

Nature

ISO 13485

Regulatory-ready certification standard

AS9110C

Aerospace-specific certification standard

Testing

ISO 13485

Process validation, internal audits

AS9110C

Configuration audits, human factors checks

Penalties

ISO 13485

Loss of certification, regulatory holds

AS9110C

Loss of certification, airworthiness suspension

Frequently Asked Questions

Common questions about ISO 13485 and AS9110C

ISO 13485 FAQ

AS9110C FAQ

You Might also be Interested in These Articles...

Beyond Reactive: Transforming Compliance into Real-Time Threat Prevention

Discover how modern compliance monitoring tools leverage continuous, real-time oversight and automated alerts to shift organizations from reactive problem-solving to proactive threat detection and prevention, safeguarding against emerging risks before they escalate.

Thailand PDPA Implementation Guide: Subordinate Regulations for 72-Hour Breach Reporting and Cross-Border Transfers (2022-2024 Rules)

Step-by-step Thailand PDPA guide: 72-hour breach notifications, cross-border transfers (2022-2024 rules). Risk checklists, GDPR templates avoid THB 5M fines. Mu

Your Compliance Command Center: How Modern Tools Orchestrate Cross-Departmental Adherence

Unlock your compliance command center with modern tools for real-time monitoring, automation & integrations across IT, HR, Legal & Finance. Slash non-compliance

Run Maturity Assessments with GRADUM

Transform your compliance journey with our AI-powered assessment platform

Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

100+ Standards & Regulations

AI-Powered Insights

Collaborative Assessments

Actionable Recommendations

Check out these other Gradum.io Standards Comparison Pages

ISO 50001 vs ISO 28000

Discover ISO 50001 vs ISO 28000: Energy management for efficiency & savings vs supply chain security for resilience. Compare PDCA structures, benefits & integration to boost your ops now.

UL Certification vs Basel III

Explore UL Certification vs Basel III: Compare safety marks, factory audits & standards with capital buffers, LCR/NSFR & leverage rules. Master compliance now!

COPPA vs FedRAMP

Compare COPPA vs FedRAMP: Child privacy rules meet federal cloud security. Key diffs, $170M fines, consent methods & baselines. Master compliance now!

ISO 13485

AS9110C

Quick Verdict

ISO 13485

Key Features

AS9110C

Key Features

Detailed Analysis

ISO 13485 Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

AS9110C Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

Key Differences

Scope

Industry

Nature

Testing

Penalties

Frequently Asked Questions

ISO 13485 FAQ

What is the primary objective of ISO 13485?

Who is legally or professionally required to comply with ISO 13485?

Does ISO 13485 require an external audit or third-party certification?

How often should an assessment for ISO 13485 be performed?

What are the consequences of non-compliance with ISO 13485?

An ISO 13485 be mapped to other international frameworks?

What is the first step to begin implementing ISO 13485?

AS9110C FAQ

What is the primary objective of AS9110C?

Who is legally or professionally required to comply with AS9110C?

Does AS9110C require an external audit or third-party certification?

How often should an assessment for AS9110C be performed?

What are the consequences of non-compliance with AS9110C?

Can AS9110C be mapped to other international frameworks?

What is the first step to begin implementing AS9110C?

You Might also be Interested in These Articles...

Beyond Reactive: Transforming Compliance into Real-Time Threat Prevention

Thailand PDPA Implementation Guide: Subordinate Regulations for 72-Hour Breach Reporting and Cross-Border Transfers (2022-2024 Rules)

Your Compliance Command Center: How Modern Tools Orchestrate Cross-Departmental Adherence

Run Maturity Assessments with GRADUM

Check out these other Gradum.io Standards Comparison Pages

ISO 50001 vs ISO 28000

UL Certification vs Basel III

COPPA vs FedRAMP