Introducing ISO

Introducing ISO

September 10, 2021 | Catherine McConnell

Standards: some people’s are high, some people’s are questionable, and some people are that one college roommate who never – ever – cleaned (read also: VERY low standards). Roommates are one thing, but when it comes to the quality of products you use every day, you expect a certain minimum threshold. In manufacturing ISO (International Organization for Standardization) is the international authority on quality standards. There are general standards as well as industry specific standards, this blog focuses on the medical device manufacturing industry, but there is plenty of information about the general standards as well if the medical scene isn’t for you.


The ISO standards exist to ensure a variety of things from consistency to safety. Some of the most common standards in the medical manufacturing field are ISO standards and FDA (Food and Drug Administration) standards. The two most common ISO standards are ISO 9001 (general manufacturing) and ISO 13485 (medical device manufacturing).


ISO 9001 is mostly about consistency and leaves a lot of room for companies to create their own standards that they then have to keep. Individual companies are responsible for determining their relevant inputs and outputs, the sequence and interaction of their processes, the application of critical methods, the resources needed and their availability, and who is responsible for what. The goal throughout should be to address risks and opportunities as well as evaluate processes and decide what needs to be changed in order to improve them and your quality management system (QMS) overall. Companies also need to keep documentation regarding their plans for maintaining that QMS.


Some of this documentation includes the scope of the QMS, the quality objectives, the fitness of resources for monitoring and measuring the conformity of products and services to requirements, the reasoning behind internal standards when no national or international standards exist, and competence among employees to uphold these standards.


That’s a lot to document, but wait there’s more! – more requirements for how you store and maintain controlled documents. To be considered a controlled document, a document needs an ID like a title, date, author, and reference number. Then, the documents need to be protected and preserved from unauthorized changes or changes that aren’t documented properly but must also be available to relevant employees. However, when the documents need to be changed or updated you need version control to see what changes were made when, and by who. Finally, you need to be able to retain that documentation for whatever length of time is required.


Those are the basics for ISO 9001, which is essentially the basic ISO standard. It can be applied to any industry. Some industries, such as medical device manufacturing, have their own standards, ISO 13485, for example, which is much more focused on finding and eliminating risks, and requires more specific documentation about the medical devices being made.


One difference to note is that for ISO 13485 manufacturers are required to keep a medical device file for “each medical device or medical device family” that they produce. This file should include a description of the device and its intended use, any labels or instructions, product specifications, production specifications from manufacturing to distribution, measurement and monitoring procedures, and, when needed, installation and servicing information.


Find the full ISO 9001 standards here, find the full ISO 13485 standards here.


The ISO standards are, as mentioned before, international standards. Based on what countries you produce in or sell to you will encounter additional, national standards. For the United States medical manufacturing industry these are the FDA 21 CFR part 820 standards. The European Union equivalent to this FDA standard is the European Medical Device Directive or 93/42/EEC which stipulates which medical devices may be sold in that market. In Canada you would be looking to comply with CMDR and GD207.


Whatever standards you comply with, you will experience both internal and external auditing. Internal auditing is how you check yourself to make sure your QMS is up to par. External audits are how regulatory and certification-granting bodies check your QMS.

To learn more about audits checkout our Audit Survival Guide.

Catherine McConnell
Catherine McConnell
Marketing Intern

Former marketing intern at Perdix Software, Catherine McConnell is a SUNY Brockport Graduate with a BS in Dance and Finance. Her previous work experience includes Market Research Consulting through Entrepreneurs EDGE, and a marketing internship at ImpromptMe, Ltd. Currently, Catherine is employed as Project Coordinator at Transperfect.

With her dual passions for creativity and analysis, Catherine has found marketing to be the perfect combination of the two. Having grown up dancing, Catherine was able to learn communication, artistic skills, and self-promotion from a young age and is pleased to be able to put those skills to use promoting small businesses and economic development. In her free time, Catherine enjoys dancing, cooking, and listening to podcasts.