ISO Standards for Medical Devices: What they are and When you Need Them

By Published On: October 24th, 2023Categories: EU MDR

The whole point of medical devices is to improve patient safety and patient quality of life. That’s it, that’s the gist.

To do that, medical devices need to work, and they need to be safe.
But how do you ensure medical devices are made in a way that upholds the safety and performance expected by the manufacturer and regulatory authorities?
This is where international harmonized standards come in.
A harmonized standard is essentially a recommended process developed by subject matter experts. It outlines a formula that describes the best way of doing something.
For many medical device manufacturers, compliance with standards is also the easiest way to live up to strict regulatory requirements.
So, buckle up – in this article, we review the most common harmonized standards used in the medical device industry and advise when to apply which standards!

What are ISO standards for medical devices?

The most commonly used harmonized standards are ISO standards.
ISO standards are generally recognized as the gold standard for medical devices for various topics, from quality management to risk assessment to sustainability. They are established to comply with regulatory requirements in local and global markets.

Who makes ISO standards?

ISO is the International Organization for Standardization, which develops and publishes international standards.
ISO is an independent, non-governmental international organization with a membership of 169 national standards bodies. Their Central Secretariat is based in Geneva, Switzerland.

“Mandatory” ISO standards

No ISO standards are mandatory, per se.
They are recommended by regulatory authorities and notified bodies but are not legally obligatory.
However, the easiest way to regulatory happiness for medical devices is compliance with these standards, as the EU and all regulatory authorities worldwide recognize them.

ISO 13485 Medical Devices – Quality Management Systems: Requirements for regulatory purposes

ISO 13485 is arguably the most essential ISO standard for medical devices in the world.
It specifies the requirements for a quality management system for medical devices.
And while it is not mandatory under the European Medical Device Regulation (EU MDR; 2017/745), it is highly recommended for any medical device manufacturer implementing a quality management system.
Medical device manufacturers are welcome to design and implement quality management systems on their own, but for a well-established quality management system, compliance with ISO 13485 is simply the easiest.
Any medical device manufacturer can implement ISO 13485, regardless of size or type.
ISO 13485 has been harmonized with the FDA quality regulation 21 CFR 820 (quality management for medical devices) over the years, and the FDA is currently undergoing a large project to further harmonize with ISO 13485 to globalize quality management requirements as much as possible.

ISO 14971 Medical Devices – Application of risk management to medical devices

ISO 14971 specifies the terminology, principles, and processes for risk management of medical devices. The standard applies to software as a medical device and in vitro diagnostic medical devices and to all medical device lifecycle phases.
Risk management is quickly becoming the emphasis of every significant regulatory agency globally.
Compliance with ISO 14971 is a surefire way to establish compliant risk management processes.

ISO 62304 Medical Device Software – Life cycle processes

Medical device software is not new, but it has only recently (as in the past 20 years) gotten the attention it needs, regulatory-wise.
And so, software also has a standard, of course.
ISO 62304 defines the medical device software’s lifecycle requirements, including processes, activities, and tasks.
Essentially, it establishes a common framework for medical device software throughout its lifecycle.

ISO 10993 Biological Evaluation of Medical Devices

When medical devices are evaluated, many of the safety aspects to consider are things like allergic reactions, skin irritation, and biological compatibility (biocompatibility – see what they did there?).
ISO 10993 includes a series of standards to evaluate the biocompatibility of medical devices during pre-clinical testing.
The standard consists of a series of biological tests to be performed on the medical device, depending on the risk of the device to the patient body, i.e., length and type of contact with the patient.
Lower-risk medical devices with limited contact need only three biological tests, while higher-risk devices with prolonged contact with blood may have to perform up to eleven tests.

Sterilization Standards

When working with sterilized medical devices, some additional aspects must be considered to live up to the regulatory requirements.
Those aspects are encompassed in the following ISO standards, specifically designed for sterilized medical devices.

ISO 11135 Sterilization of Healthcare Products – Ethylene Oxide

Ethylene oxide is a commonly used sterilization method for medical devices that cannot be sterilized by steam sterilization (for example, if they are moisture or heat-sensitive).
ISO 11135 specifies the requirements for the development, validation, and routine control of ethylene oxide sterilization processes.
It applies both to medical device manufacturers and industrial and health care facilities.

ISO 11137 Sterilization of Healthcare Products – Radiation

Gamma sterilization uses gamma radiation to kill microorganisms on medical devices.
Like ISO 11135, it specifies requirements for the development, validation, and routine control of radiation sterilization processes.
The standard is limited to medical devices

ISO 17665 Sterilization of Healthcare Products – Moist heat

Last of the commonly used methods of sterilization for medical devices, ISO 17665 specifies the requirements for developing, validating, and routine-controlling moist heat sterilization processes.

ISO 11607 Packaging for Terminally Sterilized Medical Devices

Once your device has been sterilized, you gotta ensure it stays sterile. What better way than to comply with ISO 11607?
This standard outlines the requirements and test methods for sterile barrier and packaging systems intended to maintain the sterility of terminally sterilized medical devices until their point of use.
It applies to medical device manufacturers, industry, and healthcare facilities.

Other important ISO standards

The ones listed above are the ISO standards that are not technically or legally required but which you need an excellent rationale for not complying with.
The following ISO standards are more voluntary in nature – you can choose to comply with them if you want, but no one will (probably) bat an eye if you don’t.
They’re good-to-haves, not must-haves.

ISO 9001 Quality Management

For corporate organizations in any sector, whether large or small.
Medical device manufacturers do not have to comply with this standard, but most multinational or global companies do.
The standard focuses on customers, motivation, and implication of top management, process approach, and continual improvement.

ISO 14001 Environmental Management

ISO 14001 is a series of standards related to environmental systems and their requirements. It is a practical tool for companies and organizations to manage environmental responsibilities.

ISO/IEC 27001 Information Security, Cybersecurity, and Privacy Protection – Information Security Management Systems

With cybersecurity becoming an increasingly important topic in our digital world, especially within medical device software and its risks to patient information, standards for information security management are slowly becoming critical.
ISO 27001 guides companies in establishing, implementing, maintaining, and improving their information security management systems. Any company can apply the standard in any sector.

Other standards you might want to check out

While ISO standards are the most commonly used for regulatory compliance, there is a series of standards that are indispensable for active devices.

IEC 60601 Medical Electrical Equipment – General Requirements for Basic Safety and Essential Performance

Although not an ISO standard, the IEC 60601 series of standards provides guidance on medical electrical equipment.
It is unavoidable for manufacturers of active devices in most regulatory markets globally, as regulatory authorities expect compliance.

Want more EU MDR and Regulatory Insights?

We send weekly emails with the latest regulatory developments, templates, and strategies straight to QA/RA Professionals like you. Sign up below to get access today.