Skip to main content

Picture this: you’re certified to ISO 9001 and someone in your supply chain starts asking about ISO 13485. In 2026, it’s not an uncommon occurrence. As a result of FDA’s QMSR coming into effect, medical device manufacturers are leaning harder on their supplier base for documented quality evidence. Companies fluent in ISO 9001 are being confronted with questions relating to ISO 13485 more frequently than ever. The two standards share common ground, but they’re not interchangeable, and knowing where they diverge is the first step to understanding what a move to 13485 would actually require.

What Do ISO 13485 and ISO 9001 Actually Have in Common?

Both standards are built around the same foundational quality management principles. Items such as leadership commitment, documented processes, corrective action, and supplier controls appear in both standards. The good news is that if your ISO 9001 QMS is well-run, your 13485 comprehension will not not start at zero.

The structural overlap is real enough that many organizations integrate the two rather than maintaining separate systems. For manufacturers supplying both kinds of customers, a single integrated QMS that satisfies both standards is the most practiced discipline.

Why Isn’t ISO 9001 Enough for Medical Device Work?

ISO 9001 is built around continuous improvement and customer satisfaction. ISO 13485 hones in on patient safety and regulatory compliance. That distinction drives everything from how design controls are handled to how nonconforming product is managed.

By themselves, the differing documentation requirements tease how different these two standards are. ISO 13485 carries up to 139 specific documented requirements whereas ISO 9001 takes an approach that leaves much of that structure to the organization. For medical device customers and regulators, that flexibility isn’t a feature.

Where ISO 13485 Goes Further Than ISO 9001

As mentioned before, the gap between the two standards is most visible in a handful of specific areas. Design controls under 13485 require formal planning, review, verification, and validation stages that ISO 9001 doesn’t mandate. Process validation requirements apply to any process where the output can’t be fully verified through inspection alone. Traceability obligations are tied directly to product safety and regulatory submissions rather than general quality practice.

Post-market surveillance is another area ISO 9001 doesn’t touch at all. Under 13485, organizations are expected to have active processes for monitoring product performance after it reaches the market. For manufacturers new to medical devices, that’s often the most unfamiliar addition.

Here are the areas where 13485 raises the bar most significantly:

  • Design controls with formal verification and validation requirements
  • Process validation for outputs that can’t be inspected after the fact
  • Traceability requirements tied to regulatory submissions
  • Post-market surveillance obligations
  • Documented management representative and regulatory awareness requirements

Holding Both Certifications: When It Makes Sense

Most manufacturers don’t need both certifications maintained as separate systems. If you’re moving into medical devices, ISO 13485 covers the ground ISO 9001 covers and then some. An integrated system built to satisfy 13485 requirements will satisfy most ISO 9001 requirements as well.

Where holding both makes sense is when you’re serving a broad customer base that spans medical devices and other regulated industries. Some customers outside medical devices require ISO 9001 by name. In those cases, maintaining both gives you the widest market coverage without having to qualify your QMS differently for different customers.

How APEX Helps and What to do Now

With the enforcement date of QMSR behind us, now is the perfect time to get back in the classroom. Instructors all over the country are now able to make practical inferences about what medical device auditors are looking for. Getting classroom experience with the new regulations can make the difference in a clean audit and a few nonconformances.

APEX QA offers several classes in both hemispheres of manufacturing. ISO 9001 and ISO 13485Lead and Internal auditor courses see the most traffic, allowing interaction not only from the instructor, but fellow attendees.

Outside of the classroom, APEX QA has an expansive rolodex of qualified auditors ready to help you shore up your systems or prepare them for an upcoming transition. Whatever your case may be, we have the resources to get you across the finish line.

ISO 13485 vs ISO 9001: Common Questions Answered

  1. What is the main difference between ISO 13485 and ISO 9001?

ISO 9001 is a general quality management standard applicable to any industry. ISO 13485 is built specifically for medical devices, with stricter requirements around regulatory compliance, documentation, design controls, and patient safety.

  1. Does ISO 9001 satisfy ISO 13485 requirements?

No. ISO 9001 certification doesn’t meet the regulatory or documentation requirements of ISO 13485. Medical device customers and regulators treat them as distinct standards.

  1. Do I need ISO 13485 if I already have ISO 9001?

If you’re supplying into the medical device industry, yes. ISO 9001 may be accepted for lower-risk components by some customers, but ISO 13485 is becoming the baseline expectation for medical device supply chain work.

  1. Can a QMS be certified to both ISO 9001 and ISO 13485?

Yes. Many manufacturers run an integrated QMS that satisfies both standards rather than maintaining two separate systems. It’s the most practical approach for organizations serving multiple industries.

  1. Is ISO 13485 required by the FDA?

ISO 13485 isn’t required by name, but the FDA’s QMSR, which took effect February 2, 2026, incorporates ISO 13485:2016 as its legal baseline. In practice, compliance with QMSR means compliance with ISO 13485 requirements.