ISO 13485 Medical devices -- Quality management systems -- Requirements for regulatory purposes is a voluntary standard, published by International Organization for Standardization (ISO) for the first time in 1996, and contains a comprehensive quality management system for the design and manufacture of medical devices. The latest version of this standard supersedes earlier documents such as EN 46001 (1993 and 1996) and EN 46002 (1996), the previously published ISO 13485 (1996 and 2003), and ISO 13488 (also 1996).

The current ISO 13485 edition was published on 1 March 2016.

Though it is tailored to the industry's quality system expectations and regulatory requirements, an organization does not need to be actively manufacturing medical devices or their components to seek certification to this standard, in contrast to the automotive sector's ISO/TS 16949, where only firms with an active request for quotation, or on the bid list, of an International Automotive Task Force supply chain manufacturer can seek registration.

While it remains a stand-alone document, ISO 13485 is generally harmonized with ISO 9001. A principal difference, however, is that ISO 9001 requires the organization to demonstrate continual improvement, whereas ISO 13485 requires only that the certified organization demonstrate the quality system is effectively implemented and maintained. Additionally, the ISO 9001 requirements regarding customer satisfaction are absent from the medical device standard.

ISO 13485 places specific emphasis on resource and environment management, tailored to the medical device and software sectors. For example, the standard requires organizations to ensure that their personnel are not only qualified but also adequately trained to understand and implement regulatory requirements. Moreover, the infrastructure and work environment must support compliance and safety. In software engineering for medical devices, this extends to maintaining cybersecurity measures and ensuring a development environment free from potential risks to data integrity or software reliability.

Other specific differences include:

Compliance with ISO 13485 is often viewed as the initial step in ensuring adherence to European regulatory requirements. This is particularly significant when it comes to assessing the conformity of Medical Devices and In-vitro Diagnostic Medical Devices in accordance with Regulation (EU) 2017/745 (MDR), and Regulation (EU) 2017/746 (IVDR) before allowing their sale. A fundamental aspect of proving conformity lies in the establishment and implementation of a Quality Management System compliant with ISO 9001, ISO 13485, and ISO 14971. While it's important to note that the European Union Directives don't explicitly mandate certification to ISO 9001 and/or ISO 13485, it is the preferred approach for demonstrating compliance to these standards, and this certification is issued by specialized organizations referred to as "Registrars."

Furthermore, some of these registrars also serve as Notified Bodies, which play a pivotal role in the pre-market assessment of certain medical devices. When a Notified Body conducts a thorough evaluation and issues a positive assessment, it results in the coveted certificate of conformity, granting the CE mark and the authorization to market the medical device within the European Union. It's important to underline that the Notified Body's assessment scrutinizes the company's Quality Management System in great detail, along with a meticulous review of the requisite Technical Documentation. This comprehensive evaluation is a crucial element that the Notified Body takes into account when granting the certificate of conformity for the company's product or products.