What is the primary objective of ISO 13485?

The primary objective of ISO 13485:2016 is to specify requirements for a quality management system (QMS) enabling organizations to consistently provide medical devices and related services that meet customer and applicable regulatory requirements. This standard applies to organizations involved in one or more stages of the medical device life cycle, including design, development, production, distribution, installation, servicing, and decommissioning. It emphasizes documented processes, risk-based controls, validation, traceability, and post-market obligations across Clauses 4–8 to ensure regulatory compliance and product safety/performance.

Who is legally or professionally required to comply with ISO 13485?

ISO 13485 applies to organizations whose activities include one or more stages of the medical device life cycle, such as manufacturers, production organizations, installers, servicers, and suppliers of related services. Target entities include medical device manufacturers, contract manufacturers, suppliers (e.g., sterilization, calibration), importers, distributors, and software developers for Software as a Medical Device. Organizations must identify their regulatory roles and incorporate applicable regulatory requirements into the QMS, with no specific employee or revenue thresholds mandated.

Does ISO 13485 require an external audit or third-party certification?

ISO 13485 does not require third-party certification, but certification by accredited bodies is typically pursued to demonstrate conformity. Certification involves a Stage 1 documentation review and Stage 2 implementation audit, followed by annual surveillance and triennial recertification. While voluntary, certification serves as a market access enabler and regulatory proxy, aligning with notified body expectations under regimes like EU MDR.

How often should an assessment for ISO 13485 be performed?

Internal audits for ISO 13485 must be conducted at planned intervals to determine QMS effectiveness (Clause 8.2.4). Management reviews occur at planned intervals (Clause 5.6), typically annually. Surveillance audits follow certification, usually annually, with full recertification every three years. Assessments should be risk-based, informed by changes, nonconformances, and regulatory updates.

What are the consequences of non-compliance with ISO 13485?

Non-compliance with ISO 13485 risks regulatory enforcement, product holds, recalls, fines, market withdrawal, and certification suspension. Weaknesses in documentation, validation, CAPA, or post-market surveillance trigger audit nonconformities, FDA Form 483 observations, or EU notified body actions, potentially leading to legal liability and supply chain disruptions.

Can ISO 13485 be mapped to other international frameworks?

ISO 13485 cannot claim conformity to ISO 9001 unless all its requirements are met, but Annex B provides correspondence to ISO 9001:2015. It aligns with ISO 14971 for risk management and complements regulatory frameworks like EU MDR and FDA QMSR (effective February 2, 2026), serving as a harmonized QMS backbone without replacing jurisdiction-specific obligations.

What is the first step to begin implementing ISO 13485?

The first step to implement ISO 13485 is to define the QMS scope, including justification for any exclusions (Clause 4.1 and Scope). Document organizational roles under regulations, identify applicable requirements, and perform a gap analysis against Clauses 4–8 to establish processes, documentation, and risk-based controls.

What is the primary objective of EN 1090?

EN 1090 ensures controlled execution and conformity assessment of structural steel and aluminium components for CE marking under the Construction Products Regulation (CPR). It comprises EN 1090-1 for conformity assessment including certified Factory Production Control (FPC) and Declaration of Performance (DoP), EN 1090-2 for steel technical requirements (welding, tolerances, inspection), and EN 1090-3 for aluminium. Risk-based Execution Classes (EXC1–EXC4) scale controls based on Consequence Class (CC1–CC3), Service Category (SC1–SC2), and Production Category (PC1–PC2).

Who is legally or professionally required to comply with EN 1090?

Manufacturers of load-bearing steel and aluminium structural components and kits for permanent incorporation in EU/EEA construction works must comply with EN 1090 to affix CE marking. This includes fabricators, steelwork contractors, and welding shops supplying to buildings, bridges, or industrial structures. Notified Bodies certify FPC; non-compliance bars market access.

Does EN 1090 require an external audit or third-party certification?

Yes, EN 1090-1 mandates third-party certification of the FPC system by a Notified Body under AVCP systems. This involves initial inspection, Initial Type Testing (ITT) or Initial Type Calculation (ITC) review, certificate issuance, and ongoing surveillance audits to verify performance constancy.

How often should an assessment for EN 1090 be performed?

EN 1090 requires initial FPC certification followed by periodic surveillance audits by the Notified Body, typically annually. Frequency scales with Execution Class per EN 1090-1 Table B.3; higher EXC (e.g., EXC4) demands more frequent checks. Internal audits support ongoing FPC maintenance.

What are the consequences of non-compliance with EN 1090?

Non-compliance with EN 1090 prevents lawful CE marking, risking market exclusion, product recalls, fines, and certificate suspension by Notified Bodies. Under CPR, it exposes manufacturers to liability for structural failures, contractual penalties, and public notification of non-conformities.

Can EN 1090 be mapped to other international frameworks?

EN 1090 integrates with standards like ISO 3834 for welding quality and Eurocodes for design, but no direct mappings to unrelated international frameworks are prescribed. It aligns with ISO 9001 for FPC foundations, with welding levels scaled to Execution Class.

What is the first step to begin implementing EN 1090?

The first step is to determine product scope and Execution Class (EXC1–EXC4) via risk assessment of consequence, service, and production categories. Default to EXC2 if unspecified, then conduct a gap analysis against EN 1090-1 FPC requirements.

Standards Comparison

ISO 13485 vs EN 1090

ISO 13485

Mandatory

2016

International standard for medical device quality management systems

EN 1090

Mandatory

2009

EU harmonized standard for steel and aluminium structural execution

Quick Verdict

ISO 13485 provides risk-based QMS for global medical device makers to ensure regulatory compliance and patient safety. EN 1090 mandates CE marking via FPC for EU structural steel/aluminium fabricators. Companies adopt them for market access, liability reduction, and operational excellence.

Quality Management

ISO 13485

ISO 13485:2016 Medical devices Quality management systems

Cost

€€€€

Complexity

High

Implementation Time

12-18 months

Key Features

Risk-based controls across device lifecycle stages
Mandatory medical device files for traceability
Explicit post-market surveillance and complaints handling
Process, software, and sterilization validation requirements
Outsourced processes with written quality agreements

Structural Metalwork

EN 1090

EN 1090 Execution of steel and aluminium structures

Cost

€€€€

Complexity

High

Implementation Time

6-12 months

Key Features

Factory Production Control (FPC) certification by Notified Body
Risk-based Execution Classes (EXC1-EXC4) scaling requirements
CE marking and Declaration of Performance under CPR
Welding quality management aligned with ISO 3834
Material traceability and geometrical tolerance controls

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

ISO 13485 Details

What It Is

ISO 13485:2016 is an international certification standard titled "Medical devices – Quality management systems – Requirements for regulatory purposes." It provides a risk-based framework for organizations in the medical device lifecycle, from design to post-market surveillance, ensuring consistent conformity to customer and regulatory requirements.

Key Components

Organized into Clauses 4–8: QMS/documentation, management responsibility, resources, product realization, measurement/improvement.
Emphasizes documented procedures, medical device files, validation, traceability, and CAPA.
Built on process approach with regulatory integration; certification via accredited bodies with stage 1/2 audits.

Why Organizations Use It

Enables market access (EU MDR, FDA QMSR alignment effective February 2026).
Reduces risks like recalls via supplier controls and post-market obligations.
Builds stakeholder trust, operational efficiency, and competitive edge in global supply chains.

Implementation Overview

Phased: gap analysis, process design, validation, audits (9–18 months typical).
Applies to manufacturers, suppliers, distributors; requires eQMS, training, continual improvement.

EN 1090 Details

What It Is

EN 1090 is a family of European harmonized standards (EN 1090-1, -2, -3) for the execution and conformity assessment of steel and aluminium structural components and kits. It implements the EU Construction Products Regulation (CPR), enabling CE marking through a risk-based approach via Execution Classes (EXC1-EXC4).

Key Components

**EN 1090-1Conformity assessment, Factory Production Control (FPC) certification, Declaration of Performance (DoP).
**EN 1090-2/-3Technical rules for steel/aluminium execution (materials, welding, tolerances, inspection, corrosion protection).
Core principles: Risk-scaled controls linking consequence class, service category, production category.
Notified Body certification with ongoing surveillance.

Why Organizations Use It

Mandatory for EU market access via CE marking.
Reduces liability, ensures traceability, improves weld quality.
Builds trust with stakeholders, enables high-risk projects.

Implementation Overview

Phased: Gap analysis, FPC design, personnel training, NB audits.
Applies to fabricators in construction; scales by size/EXC.
Requires FPC certification, welding coordinator, ISO 3834 alignment. (178 words)

Key Differences

Aspect	ISO 13485	EN 1090
Scope	Medical device QMS lifecycle from design to post-market	Structural steel/aluminium execution and conformity assessment
Industry	Medical devices, global manufacturers and suppliers	Construction, EU steel/aluminium structural fabricators
Nature	Voluntary certification standard for regulatory alignment	Harmonized standard mandatory for EU CE marking
Testing	Internal audits, process validation, certification body audits	FPC certification, ITT/ITC, notified body surveillance
Penalties	Loss of certification, market access barriers	Market exclusion, legal enforcement under CPR

Scope

ISO 13485

Medical device QMS lifecycle from design to post-market

EN 1090

Structural steel/aluminium execution and conformity assessment

Industry

ISO 13485

Medical devices, global manufacturers and suppliers

EN 1090

Construction, EU steel/aluminium structural fabricators

Nature

ISO 13485

Voluntary certification standard for regulatory alignment

EN 1090

Harmonized standard mandatory for EU CE marking

Testing

ISO 13485

Internal audits, process validation, certification body audits

EN 1090

FPC certification, ITT/ITC, notified body surveillance

Penalties

ISO 13485

Loss of certification, market access barriers

EN 1090

Market exclusion, legal enforcement under CPR

Frequently Asked Questions

Common questions about ISO 13485 and EN 1090

ISO 13485 FAQ

EN 1090 FAQ

You Might also be Interested in These Articles...

Top 10 Reasons CMMC Level 3 Certification Unlocks Competitive Edge for Primes Handling Critical DoD Programs

Discover top 10 reasons CMMC Level 3 certification unlocks competitive edge for DoD primes. Reduced APT risks, procurement prefs, NIST 800-172 compliance via v2

Top 10 Cost-Saving Hacks for CMMC Compliance: Budgeting Blueprints for Small DIB Suppliers

Slash CMMC costs 30-50% with top 10 hacks for small DIB suppliers. Enclave scoping, FedRAMP clouds, automation, POA&M tips & budgeting blueprints for Level 2 co

NIST CSF 2.0 Plain English Decoder: Translating Govern, Supply Chain, and Core Functions from Jargon to Actionable Insights

Demystify NIST CSF 2.0 jargon with plain English tables for Govern, Supply Chain & Core Functions. Actionable steps for risk oversight & vendor management. Empo

Run Maturity Assessments with GRADUM

Transform your compliance journey with our AI-powered assessment platform

Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

100+ Standards & Regulations

AI-Powered Insights

Collaborative Assessments

Actionable Recommendations

Explore More Comparisons

See how ISO 13485 and EN 1090 compare against other standards

Other ISO 13485 Comparisons

Other EN 1090 Comparisons

What It Is

Key Components

Organized into Clauses 4–8: QMS/documentation, management responsibility, resources, product realization, measurement/improvement.

Emphasizes documented procedures, medical device files, validation, traceability, and CAPA.

Built on process approach with regulatory integration; certification via accredited bodies with stage 1/2 audits.

What It Is

Key Components

**EN 1090-1Conformity assessment, Factory Production Control (FPC) certification, Declaration of Performance (DoP).

**EN 1090-2/-3Technical rules for steel/aluminium execution (materials, welding, tolerances, inspection, corrosion protection).

Core principles: Risk-scaled controls linking consequence class, service category, production category.

Notified Body certification with ongoing surveillance.

Aspect

ISO 13485

EN 1090

Scope

Medical device QMS lifecycle from design to post-market

Structural steel/aluminium execution and conformity assessment

Industry

Medical devices, global manufacturers and suppliers

Construction, EU steel/aluminium structural fabricators

Nature

Voluntary certification standard for regulatory alignment

Harmonized standard mandatory for EU CE marking

Testing

Internal audits, process validation, certification body audits

FPC certification, ITT/ITC, notified body surveillance

Penalties

Loss of certification, market access barriers

Market exclusion, legal enforcement under CPR