What is the primary objective of ISO 13485?

The primary objective of ISO 13485:2016 is to specify requirements for a quality management system (QMS) enabling organizations to consistently provide medical devices and related services that meet customer and applicable regulatory requirements. This standard, structured across Clauses 4–8, emphasizes documented processes, risk-based controls, validation, traceability, and post-market obligations for stages including design, production, distribution, installation, servicing, and disposal. It ensures QMS effectiveness through objective evidence of established, implemented, and maintained procedures, distinguishing it as audit-ready for regulators.

Who is legally or professionally required to comply with ISO 13485?

ISO 13485 applies to organizations involved in one or more stages of the medical device lifecycle, including manufacturers, production, storage/distribution, installation, servicing, and suppliers of related services. Target entities encompass medical device manufacturers (design/manufacture), contract manufacturers, importers, distributors, sterilizers, calibrators, and software providers for Software as a Medical Device. Organizations must identify their regulatory roles (e.g., manufacturer/importer) and incorporate applicable regulatory requirements into the QMS, with no specific employee/revenue thresholds but scope tailored via documented justifications for exclusions.

Does ISO 13485 require an external audit or third-party certification?

ISO 13485 does not mandate external audit or third-party certification, as it is a voluntary international standard. However, certification by accredited bodies via Stage 1 (documentation/readiness) and Stage 2 (implementation/effectiveness) audits, followed by annual surveillance and triennial recertification, is common for market access, regulatory demonstrations (e.g., EU MDR), and supplier qualifications. Internal audits (Clause 8.2.4) are required to verify QMS conformity.

How often should an assessment for ISO 13485 be performed?

Internal audits for ISO 13485 must be performed at planned intervals to determine QMS suitability, adequacy, and effectiveness (Clause 8.2.4). Management reviews occur at planned intervals (Clause 5.6), typically annually, reviewing inputs like audits, complaints, CAPA, and regulatory changes. For certified organizations, external surveillance audits occur annually, with recertification every three years. Frequency is risk-based, with gap analyses recommended annually or upon changes.

What are the consequences of non-compliance with ISO 13485?

Non-compliance with ISO 13485 risks regulatory enforcement, market withdrawal, recalls, fines, and certification suspension. As a QMS benchmark, gaps lead to notified body nonconformities, FDA Form 483 observations, or EU MDR refusals; records must retain for device lifetime or at least two years post-release (Clause 4.2.5). Operationally, it exposes patient safety risks, supply chain failures, and liability from inadequate validation, traceability, or CAPA.

An ISO 13485 be mapped to other international frameworks?

Yes, ISO 13485 provides Annex B correspondence to ISO 9001:2015, but conformity to ISO 13485 does not imply ISO 9001 compliance due to exclusions. It aligns with ISO 14971 (risk management), IEC 62366-1 (usability), and ISO 14644/14698 (cleanrooms), serving as a backbone for EU MDR/IVDR QMS and FDA QMSR (effective February 2, 2026), enabling harmonized implementation without claiming dual conformity.

What is the first step to begin implementing ISO 13485?

The first step to implement ISO 13485 is to define and document the QMS scope, including processes, interactions, exclusions with justifications, and applicable regulatory requirements (Clauses 4.1–4.2). Establish a quality manual detailing scope, procedures, and medical device files per device type/family, ensuring top management commitment via quality policy and objectives (Clause 5).

What is the primary objective of AS9120B?

AS9120B establishes a quality management system (QMS) for organizations that procure, store, split, and resell aerospace parts without altering product characteristics. Built on ISO 9001:2015’s 10-clause structure, it adds over 100 distributor-specific requirements addressing risks like traceability loss, counterfeit parts, documentation errors, and external provider controls. Core focus areas include chain-of-custody integrity via identification/traceability (Clause 8.5.2), counterfeit prevention (Clause 8.1.4), configuration management (Clause 8.1.2), and preservation (Clause 8.5.4), enabling distributors to ensure product conformity and safety in aviation, space, and defense supply chains.

Who is legally or professionally required to comply with AS9120B?

AS9120B applies to stockist distributors, pass-through distributors, and those performing batch splitting of aerospace parts without value-added alterations. It targets organizations in aviation, space, and defense procuring, storing, and reselling parts. Certification is not legally mandatory but is a commercial requirement from OEMs and primes for supply chain approval. As of early 2026, over 2,500 global certifications (over 850 in U.S.) underscore its role as a de facto market entry criterion, listed in IAQG’s OASIS database.

Does AS9120B require an external audit or third-party certification?

AS9120B requires third-party certification through accredited bodies for formal recognition and OASIS listing. Organizations conduct internal audits (Clause 9.2) at planned intervals, but external certification involves Stage 1 (documentation review) and Stage 2 (on-site effectiveness audit) per IAQG rules. Surveillance audits occur annually, with recertification every three years, ensuring QMS conformity to all clauses including distributor-specific controls.

How often should an assessment for AS9120B be performed?

AS9120B requires internal audits at planned intervals to cover the QMS annually, plus management reviews at defined intervals. Clause 9.2 mandates an audit program ensuring objectivity, with results analyzed in Clause 9.1.3. External surveillance audits occur yearly post-certification, and full recertification every three years. Assessments evaluate performance trends, nonconformities, risks, and supplier metrics.

What are the consequences of non-compliance with AS9120B?

Non-compliance with AS9120B risks exclusion from OEM supply chains, loss of OASIS listing, and commercial penalties. While not legally mandated, failure leads to audit nonconformities, contract disqualification by primes, reputational damage, and potential liabilities from counterfeit parts or traceability failures impacting product safety. Internal gaps trigger corrective actions; certification denial delays market access.

An AS9120B be mapped to other international frameworks?

AS9120B aligns directly with ISO 9001:2015’s high-level structure, enabling seamless mapping of its 10 clauses. It augments ISO 9001 baseline requirements with aerospace additions (e.g., counterfeit prevention, traceability), allowing integrated QMS for certified organizations. Clause-by-clause equivalence supports transition or dual compliance without redundant efforts.

What is the first step to begin implementing AS9120B?

The first step is conducting a gap analysis against AS9120B clauses using a certified checklist to identify current QMS deficiencies. Form a cross-functional team to assess scope (Clause 4.3), justify “not applicable” determinations (e.g., Clause 8.3 design), and prioritize distributor risks like traceability and suppliers. Document context (Clause 4.1-4.2) and produce a risk register (Clause 6.1) for planning.

Standards Comparison

ISO 13485 vs AS9120B

ISO 13485

Mandatory

2016

International standard for medical device QMS

AS9120B

Mandatory

2016

Aerospace QMS standard for distributors ensuring traceability and counterfeit prevention.

Quick Verdict

ISO 13485 ensures medical device QMS for regulatory compliance and patient safety, while AS9120B mandates aerospace distributor controls for traceability and counterfeit prevention. Companies adopt them for market access, risk reduction, and supply chain credibility.

Quality Management

ISO 13485

ISO 13485:2016 Medical devices Quality management systems

Cost

€€€€

Complexity

High

Implementation Time

12-18 months

Key Features

Risk-based QMS for medical device lifecycle
Regulatory requirements integration and compliance focus
Design controls with verification and validation
Process validation and sterile device controls
Post-market surveillance and complaint handling

Quality Management

AS9120B

AS9120B Quality Management Systems for Distributors

Cost

€€€€

Complexity

High

Implementation Time

6-12 months

Key Features

Traceability controls for split lots and chain-of-custody
Counterfeit and suspected unapproved parts prevention
Risk-based external provider evaluation and flowdown
Configuration management for distribution operations
Product preservation and preservation controls

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

ISO 13485 Details

What It Is

ISO 13485:2016 is an international certification standard specifying requirements for a quality management system (QMS) tailored to medical devices and related services. Its primary purpose is enabling organizations to consistently meet customer and regulatory requirements across the device lifecycle, from design to post-market activities. It employs a risk-based process approach, emphasizing documented processes, validation, and traceability for regulatory audits.

Key Components

Organized into Clauses 4–8: QMS/documentation (4), management responsibility (5), resources (6), product realization (7), measurement/improvement (8).
Core elements include design controls, supplier management, process validation, traceability, and post-market surveillance.
Built on process approach with PDCA; integrates ISO 14971 risk management.
Third-party certification via accredited bodies with stage audits and surveillance.

Why Organizations Use It

Drives market access, reduces regulatory friction (e.g., EU MDR, FDA QMSR alignment effective 2026), mitigates risks like recalls, and builds stakeholder trust. Provides competitive edge through operational excellence and supply chain assurance.

Implementation Overview

Phased approach: gap analysis, documentation build, training, validation, internal audits, certification (9–18 months typical). Applies to manufacturers, suppliers, distributors globally; suits all sizes with tailored exclusions.

AS9120B Details

What It Is

AS9120B is the IAQG quality management system standard for aviation, space, and defense distributors. It augments ISO 9001:2015's high-level structure with distributor-specific requirements. Primary purpose: mitigate risks like traceability loss, counterfeit parts, and documentation errors in procurement, storage, splitting, and resale without altering products. Employs risk-based thinking and PDCA approach.

Key Components

Over 100 aerospace additions to ISO 9001 clauses 4-10.
Pillars: context/leadership (Clauses 4-5), planning/support (6-7), operations (traceability, counterfeit prevention, provider controls in Clause 8), evaluation/improvement (9-10).
Built on ISO 9001 HLS; certification via accredited bodies, OASIS listing.

Why Organizations Use It

Commercial necessity for OEM/Tier-1 supply chains.
Reduces counterfeit risks, builds customer trust, enables market access (over 2,500 global certifications).
Enhances efficiency, compliance with regulations like FAA/EASA.

Implementation Overview

Phased: gap analysis, process design, training, audits (6-12 months).
For distributors globally; requires internal audits, management reviews, certification audits.

Key Differences

Aspect	ISO 13485	AS9120B
Scope	Medical device lifecycle QMS: design to post-market	Aerospace parts distribution: procurement to resale
Industry	Medical devices, global manufacturers/suppliers	Aerospace distribution, aviation/space/defense
Nature	Regulatory-purpose QMS certification standard	IAQG QMS certification for distributors
Testing	Process validation, internal audits, certification audits	Traceability checks, supplier audits, certification audits
Penalties	Loss of certification, regulatory non-compliance	Loss of certification, supply chain exclusion

Scope

ISO 13485

Medical device lifecycle QMS: design to post-market

AS9120B

Aerospace parts distribution: procurement to resale

Industry

ISO 13485

Medical devices, global manufacturers/suppliers

AS9120B

Aerospace distribution, aviation/space/defense

Nature

ISO 13485

Regulatory-purpose QMS certification standard

AS9120B

IAQG QMS certification for distributors

Testing

ISO 13485

Process validation, internal audits, certification audits

AS9120B

Traceability checks, supplier audits, certification audits

Penalties

ISO 13485

Loss of certification, regulatory non-compliance

AS9120B

Loss of certification, supply chain exclusion

Frequently Asked Questions

Common questions about ISO 13485 and AS9120B

ISO 13485 FAQ

AS9120B FAQ

You Might also be Interested in These Articles...

NIST CSF 2.0 Implementation Tiers Roadmap: Step-by-Step Guide from Partial to Adaptive Cybersecurity Maturity

Master NIST CSF 2.0 Implementation Tiers with a step-by-step roadmap. Assess your tier, build gap analyses, and advance from Partial (Tier 1) to Adaptive (Tier

Top 5 Audit Survival Secrets for Your First SOC 2 Type 2: What Auditors Really Check (and How to Pass)

Master your first SOC 2 Type 2 audit with proven strategies: 40-sample testing, vendor gaps, CPA walkthroughs. Get checklists, scripts & tips from SignWell to s

Why the SEC Stepped In: The Investor-Driven Push for Cybersecurity Transparency

Discover why the SEC's 2023 cybersecurity rules treat cyber risks as material financial threats. Explore the 'stick and carrot' approach for standardized disclo

Run Maturity Assessments with GRADUM

Transform your compliance journey with our AI-powered assessment platform

Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

100+ Standards & Regulations

AI-Powered Insights

Collaborative Assessments

Actionable Recommendations

Explore More Comparisons

See how ISO 13485 and AS9120B compare against other standards

Other ISO 13485 Comparisons

Other AS9120B Comparisons

What It Is

Key Components

Organized into Clauses 4–8: QMS/documentation (4), management responsibility (5), resources (6), product realization (7), measurement/improvement (8).

Core elements include design controls, supplier management, process validation, traceability, and post-market surveillance.

Built on process approach with PDCA; integrates ISO 14971 risk management.

Third-party certification via accredited bodies with stage audits and surveillance.

What It Is

Key Components

Over 100 aerospace additions to ISO 9001 clauses 4-10.

Pillars: context/leadership (Clauses 4-5), planning/support (6-7), operations (traceability, counterfeit prevention, provider controls in Clause 8), evaluation/improvement (9-10).

Built on ISO 9001 HLS; certification via accredited bodies, OASIS listing.

Aspect

ISO 13485

AS9120B

Scope

Medical device lifecycle QMS: design to post-market

Aerospace parts distribution: procurement to resale

Industry

Medical devices, global manufacturers/suppliers

Aerospace distribution, aviation/space/defense

Nature

Regulatory-purpose QMS certification standard

IAQG QMS certification for distributors

Testing

Process validation, internal audits, certification audits

Traceability checks, supplier audits, certification audits

Penalties

Loss of certification, regulatory non-compliance

Loss of certification, supply chain exclusion