ISO 13485:2016 is the central global standard for quality management systems (QMS) in the medical device industry. The standard clearly sets out how a good QMS must look and function. It thus belongs to the essential body of knowledge for companies of absolutely all sizes, including startups and smaller businesses.
This article explains how to think about ISO 13485 practically, particularly from the perspective of smaller companies and startups with limited resources. The focus is on developing a practical and pragmatic approach to quality that aligns with business realities.
For further background on ISO 13485 basics, please see our article: ISO 13485 – Introduction, General Understanding and the Role of Training in the Medical Technology Sector.
ISO 13485, titled Medical Devices – Quality Management Systems – Requirements for Regulatory Purposes, addresses exactly this. It outlines specific requirements for a quality management system through which organisations must consistently demonstrate their capability to manufacture safe, effective, and compliant medical devices.
A Quality Management System (QMS) in this context means structured processes that manage product quality and regulatory compliance systematically. The QMS encompasses how organisations plan, document, control and continually improve their activities, from product development to complaint handling and risk mitigation.
While ISO 13485 certification is generally not mandatory in many jurisdictions, most regulatory systems require compliance. Countries such as Australia, Japan, and Brazil have long accepted audits under the Medical Device Single Audit Program (MDSAP), and regulators such as the US FDA and the European Union have aligned their regulations with the standard.
ISO 13485 is therefore relevant for organisations of every size, including startups and small enterprises. Without adherence to the standard, access to regulated markets is virtually impossible, particularly for medium to high risk products. For startups, however, ISO 13485 is especially about building trust with regulators, users, patients, and business partners. Certification serves as proof of control, responsibility, and accountability, essential for establishing credibility.
While larger companies might have extensive resources dedicated solely to quality management, startups typically work with fewer resources and fewer staff. The key difference lies in the practical application of ISO 13485 by smaller companies, who use leaner systems and simpler structures while maintaining the same level of transparency and accountability.
For smaller companies, having the right approach to implementing ISO 13485 is crucial for the optimal allocation of resources. Rather than memorising detailed clauses, you should approach ISO 13485 by answering six essential questions:
Answering these questions helps translate the ISO 13485 standard into practical system elements such as clearly documented procedures, integrated risk management, defined design control, structured training and competence development, effective supplier management, and systematic complaint handling.
For detailed requirements, see our article: ISO 13485 – Introduction, General Understanding and the Role of Training in the Medical Technology Sector.
What does practical implementation look like for smaller companies? ISO 13485 concerns management, teams, documentation, risk and traceability.
ISO 13485 is fundamentally scalable. Smaller companies can meet all its requirements effectively through smart, lean, and practical systems. Importantly, ISO 13485 makes quality everyone's responsibility, even in very small teams. It is about creating a sustainable, repeatable, and accountable approach to delivering safe and effective medical products.
Ultimately, ISO 13485 promotes continuous improvement, encouraging companies not just to correct mistakes but to learn and grow from them, embedding quality deeply into everyday operations. And that is important, because a functioning quality management system is essential for patient safety, no matter how big or small the company producing the product may be.
Got a question? Get in touch with Anne via email microconsulting@johner-institute.nz
“This article is part of the QMS Series from the HealthTech Activator, in partnership with the Johner Institute New Zealand.
Over 12 months, this practical and flexible program builds your understanding of ISO 13485 quality management requirements. The series features blog articles, webinars, white papers, and optional assessments. Each quarter focuses on a key area—starting with general awareness and implementation of strategies, then progressing through risk management and ending with audit preparation.”