What is the primary objective of **ISO 13485**?

**The primary objective of ISO 13485:2016 is to specify requirements for a quality management system (QMS) enabling organizations to consistently provide medical devices and related services that meet customer and applicable regulatory requirements.** This standard applies to organizations involved in one or more stages of the medical device life cycle, including design, development, production, distribution, installation, servicing, and decommissioning. It emphasizes documented processes, risk-based controls, validation, traceability, and post-market obligations across Clauses 4–8 to ensure regulatory compliance and product safety/performance.

Who is legally or professionally required to comply with **ISO 13485**?

**ISO 13485 applies to organizations whose activities include one or more stages of the medical device life cycle, such as manufacturers, production organizations, installers, servicers, and suppliers of related services.** Target entities include medical device manufacturers, contract manufacturers, suppliers (e.g., sterilization, calibration), importers, distributors, and software developers for Software as a Medical Device. Organizations must identify their regulatory roles and incorporate applicable regulatory requirements into the QMS, with no specific employee or revenue thresholds mandated.

Does **ISO 13485** require an external audit or third-party certification?

**ISO 13485 does not require third-party certification, but certification by accredited bodies is typically pursued to demonstrate conformity.** Certification involves a Stage 1 documentation review and Stage 2 implementation audit, followed by annual surveillance and triennial recertification. While voluntary, certification serves as a market access enabler and regulatory proxy, aligning with notified body expectations under regimes like EU MDR.

How often should an assessment for **ISO 13485** be performed?

**Internal audits for ISO 13485 must be conducted at planned intervals to determine QMS effectiveness (Clause 8.2.4).** Management reviews occur at planned intervals (Clause 5.6), typically annually. Surveillance audits follow certification, usually annually, with full recertification every three years. Assessments should be risk-based, informed by changes, nonconformances, and regulatory updates.

What are the consequences of non-compliance with **ISO 13485**?

**Non-compliance with ISO 13485 risks regulatory enforcement, product holds, recalls, fines, market withdrawal, and certification suspension.** Weaknesses in documentation, validation, CAPA, or post-market surveillance trigger audit nonconformities, FDA Form 483 observations, or EU notified body actions, potentially leading to legal liability and supply chain disruptions.

Can **ISO 13485** be mapped to other international frameworks?

**ISO 13485 cannot claim conformity to ISO 9001 unless all its requirements are met, but Annex B provides correspondence to ISO 9001:2015.** It aligns with ISO 14971 for risk management and complements regulatory frameworks like EU MDR and FDA QMSR (effective February 2, 2026), serving as a harmonized QMS backbone without replacing jurisdiction-specific obligations.

What is the first step to begin implementing **ISO 13485**?

**The first step to implement ISO 13485 is to define the QMS scope, including justification for any exclusions (Clause 4.1 and Scope).** Document organizational roles under regulations, identify applicable requirements, and perform a gap analysis against Clauses 4–8 to establish processes, documentation, and risk-based controls.

What is the primary objective of **EN 1090**?

**EN 1090 ensures controlled execution and conformity assessment of structural steel and aluminium components for CE marking under the Construction Products Regulation (CPR).** It comprises **EN 1090-1** for conformity assessment including certified **Factory Production Control (FPC)** and **Declaration of Performance (DoP)**, **EN 1090-2** for steel technical requirements (welding, tolerances, inspection), and **EN 1090-3** for aluminium. Risk-based **Execution Classes (EXC1–EXC4)** scale controls based on **Consequence Class (CC1–CC3)**, **Service Category (SC1–SC2)**, and **Production Category (PC1–PC2)**.

Who is legally or professionally required to comply with **EN 1090**?

**Manufacturers of load-bearing steel and aluminium structural components and kits for permanent incorporation in EU/EEA construction works must comply with EN 1090 to affix CE marking.** This includes fabricators, steelwork contractors, and welding shops supplying to buildings, bridges, or industrial structures. **Notified Bodies** certify FPC; non-compliance bars market access.

Does **EN 1090** require an external audit or third-party certification?

**Yes, EN 1090-1 mandates third-party certification of the FPC system by a Notified Body under AVCP systems.** This involves initial inspection, **Initial Type Testing (ITT)** or **Initial Type Calculation (ITC)** review, certificate issuance, and ongoing surveillance audits to verify performance constancy.

How often should an assessment for **EN 1090** be performed?

**EN 1090 requires initial FPC certification followed by periodic surveillance audits by the Notified Body, typically annually.** Frequency scales with **Execution Class** per EN 1090-1 Table B.3; higher EXC (e.g., EXC4) demands more frequent checks. Internal audits support ongoing FPC maintenance.

What are the consequences of non-compliance with **EN 1090**?

**Non-compliance with EN 1090 prevents lawful CE marking, risking market exclusion, product recalls, fines, and certificate suspension by Notified Bodies.** Under CPR, it exposes manufacturers to liability for structural failures, contractual penalties, and public notification of non-conformities.

Can **EN 1090** be mapped to other international frameworks?

**EN 1090 integrates with standards like ISO 3834 for welding quality and Eurocodes for design, but no direct mappings to unrelated international frameworks are prescribed.** It aligns with ISO 9001 for FPC foundations, with welding levels scaled to Execution Class.

What is the first step to begin implementing **EN 1090**?

**The first step is to determine product scope and Execution Class (EXC1–EXC4) via risk assessment of consequence, service, and production categories.** Default to **EXC2** if unspecified, then conduct a gap analysis against EN 1090-1 FPC requirements.

ISO 13485 vs EN 1090

Standards Comparison

ISO 13485

Mandatory

2016

International standard for medical device quality management systems

EN 1090

Mandatory

2009

EU harmonized standard for steel and aluminium structural execution

Quick Verdict

ISO 13485 provides risk-based QMS for global medical device makers to ensure regulatory compliance and patient safety. EN 1090 mandates CE marking via FPC for EU structural steel/aluminium fabricators. Companies adopt them for market access, liability reduction, and operational excellence.

Quality Management

ISO 13485

ISO 13485:2016 Medical devices Quality management systems

Cost

€€€€

Complexity

High

Implementation Time

12-18 months

Key Features

Risk-based controls across device lifecycle stages
Mandatory medical device files for traceability
Explicit post-market surveillance and complaints handling
Process, software, and sterilization validation requirements
Outsourced processes with written quality agreements

Structural Metalwork

EN 1090

EN 1090 Execution of steel and aluminium structures

Cost

€€€€

Complexity

High

Implementation Time

6-12 months

Key Features

Factory Production Control (FPC) certification by Notified Body
Risk-based Execution Classes (EXC1-EXC4) scaling requirements
CE marking and Declaration of Performance under CPR
Welding quality management aligned with ISO 3834
Material traceability and geometrical tolerance controls

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

ISO 13485 Details

What It Is

ISO 13485:2016 is an international certification standard titled "Medical devices – Quality management systems – Requirements for regulatory purposes." It provides a risk-based framework for organizations in the medical device lifecycle, from design to post-market surveillance, ensuring consistent conformity to customer and regulatory requirements.

Key Components

Organized into Clauses 4–8: QMS/documentation, management responsibility, resources, product realization, measurement/improvement.
Emphasizes documented procedures, medical device files, validation, traceability, and CAPA.
Built on process approach with regulatory integration; certification via accredited bodies with stage 1/2 audits.

Why Organizations Use It

Enables market access (EU MDR, FDA QMSR alignment by 2026).
Reduces risks like recalls via supplier controls and post-market obligations.
Builds stakeholder trust, operational efficiency, and competitive edge in global supply chains.

Implementation Overview

Phased: gap analysis, process design, validation, audits (9–18 months typical).
Applies to manufacturers, suppliers, distributors; requires eQMS, training, continual improvement.

EN 1090 Details

What It Is

EN 1090 is a family of European harmonized standards (EN 1090-1, -2, -3) for the execution and conformity assessment of steel and aluminium structural components and kits. It implements the EU Construction Products Regulation (CPR), enabling CE marking through a risk-based approach via Execution Classes (EXC1-EXC4).

Key Components

**EN 1090-1Conformity assessment, Factory Production Control (FPC) certification, Declaration of Performance (DoP).
**EN 1090-2/-3Technical rules for steel/aluminium execution (materials, welding, tolerances, inspection, corrosion protection).
Core principles: Risk-scaled controls linking consequence class, service category, production category.
Notified Body certification with ongoing surveillance.

Why Organizations Use It

Mandatory for EU market access via CE marking.
Reduces liability, ensures traceability, improves weld quality.
Builds trust with stakeholders, enables high-risk projects.

Implementation Overview

Phased: Gap analysis, FPC design, personnel training, NB audits.
Applies to fabricators in construction; scales by size/EXC.
Requires FPC certification, welding coordinator, ISO 3834 alignment. (178 words)

Key Differences

Aspect	ISO 13485	EN 1090
Scope	Medical device QMS lifecycle from design to post-market	Structural steel/aluminium execution and conformity assessment
Industry	Medical devices, global manufacturers and suppliers	Construction, EU steel/aluminium structural fabricators
Nature	Voluntary certification standard for regulatory alignment	Harmonized standard mandatory for EU CE marking
Testing	Internal audits, process validation, certification body audits	FPC certification, ITT/ITC, notified body surveillance
Penalties	Loss of certification, market access barriers	Market exclusion, legal enforcement under CPR

Scope

ISO 13485

Medical device QMS lifecycle from design to post-market

EN 1090

Structural steel/aluminium execution and conformity assessment

Industry

ISO 13485

Medical devices, global manufacturers and suppliers

EN 1090

Construction, EU steel/aluminium structural fabricators

Nature

ISO 13485

Voluntary certification standard for regulatory alignment

EN 1090

Harmonized standard mandatory for EU CE marking

Testing

ISO 13485

Internal audits, process validation, certification body audits

EN 1090

FPC certification, ITT/ITC, notified body surveillance

Penalties

ISO 13485

Loss of certification, market access barriers

EN 1090

Market exclusion, legal enforcement under CPR

Frequently Asked Questions

Common questions about ISO 13485 and EN 1090

ISO 13485 FAQ

EN 1090 FAQ

You Might also be Interested in These Articles...

NIST CSF 2.0 Plain English Decoder: Translating Govern, Supply Chain, and Core Functions from Jargon to Actionable Insights

Demystify NIST CSF 2.0 jargon with plain English tables for Govern, Supply Chain & Core Functions. Actionable steps for risk oversight & vendor management. Empo

TISAX Tabletop Exercises for EV Battery Suppliers: Ransomware Drill Scripts and AAR Templates with 2025 ENX Podcast Breakdown

Practical TISAX tabletop scripts for EV battery suppliers facing 'Very High' ASLP. Download ransomware AAR templates, get 2024 ENX lessons & 2025 podcast on VDA

SEC Cybersecurity Rules Materiality Determination Framework: Step-by-Step Guide with Checklists and Real-World Examples

Master SEC Form 8-K Item 1.05 materiality determinations with our step-by-step framework, checklists, case law factors, and real-world examples. Avoid enforceme

Run Maturity Assessments with GRADUM

Transform your compliance journey with our AI-powered assessment platform

Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

100+ Standards & Regulations

AI-Powered Insights

Collaborative Assessments

Actionable Recommendations

Check out these other Gradum.io Standards Comparison Pages

GLBA vs AS9120B

Discover GLBA vs AS9120B: Compare financial privacy/safeguards rules with aerospace distributor quality standards. Unlock compliance strategies, risks & implementation tips. Dive in now!

SQF vs ISO 27018

Compare SQF vs ISO 27018: GFSI food safety for supply chains meets cloud PII privacy code. Key modules, audits, benefits & gaps revealed. Optimize your compliance now!

WEEE vs MAS TRM

Discover WEEE vs MAS TRM: EU e-waste directive meets Singapore tech risk guidelines. Unlock compliance strategies, key differences & implementation tips now!

ISO 13485

EN 1090

Quick Verdict

ISO 13485

Key Features

EN 1090

Key Features

Detailed Analysis

ISO 13485 Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

EN 1090 Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

Key Differences

Scope

Industry

Nature

Testing

Penalties

Frequently Asked Questions

ISO 13485 FAQ

What is the primary objective of ISO 13485?

Who is legally or professionally required to comply with ISO 13485?

Does ISO 13485 require an external audit or third-party certification?

How often should an assessment for ISO 13485 be performed?

What are the consequences of non-compliance with ISO 13485?

Can ISO 13485 be mapped to other international frameworks?

What is the first step to begin implementing ISO 13485?

EN 1090 FAQ

What is the primary objective of EN 1090?

Who is legally or professionally required to comply with EN 1090?

Does EN 1090 require an external audit or third-party certification?

How often should an assessment for EN 1090 be performed?

What are the consequences of non-compliance with EN 1090?

Can EN 1090 be mapped to other international frameworks?

What is the first step to begin implementing EN 1090?

You Might also be Interested in These Articles...

NIST CSF 2.0 Plain English Decoder: Translating Govern, Supply Chain, and Core Functions from Jargon to Actionable Insights

TISAX Tabletop Exercises for EV Battery Suppliers: Ransomware Drill Scripts and AAR Templates with 2025 ENX Podcast Breakdown

SEC Cybersecurity Rules Materiality Determination Framework: Step-by-Step Guide with Checklists and Real-World Examples

Run Maturity Assessments with GRADUM

Check out these other Gradum.io Standards Comparison Pages

GLBA vs AS9120B

SQF vs ISO 27018

WEEE vs MAS TRM