What’s The Difference Between ISO 9001 & 13485?

Kate Onissiphorou

by Kate Onissiphorou

11th October 2022

ISO 9001 and ISO 13485 are two different ISO quality standards. The main difference between ISO 9001 and ISO 13485 is that the former focuses on generic quality management systems (QMS), while the latter specifically relates to quality standards for medical devices.

ISO 9001 has a much wider scope than ISO 13485; any organisation can apply for a QMS certification regardless of the type of industry, size, or products/services being offered. ISO 13485, however, only applies to companies that are manufacturing or handling medical devices.

As there’s a lot of overlap between the two ISO standards, an organisation doesn’t have to apply for certifications. This is especially true if a company is a medical device manufacturer or involved in handling medical devices for commercial purposes. 

ISO 9001 and ISO 13485 standards explained

Although ISO 13485 has a narrower focus than ISO 9001, both standards relate to quality management systems. As a result, there are several similarities between them:

  • Both standards help organisations to reach a high level of quality management system
  • Mitigating and assessing various risks is an important issue for both sets of standards 
  • ISO 9001 and ISO 13485 both help organisations to improve the quality of their products and services by gaining a detailed understanding of their customers or clients
  • Both standards are implemented using Deming cycles, also called ‘Plan, Do, Check, Act’
  • They both consider the competency of employees, along with the quality of the organisation’s infrastructure International Organization for Standardization (ISO) website homepage with enlarged ISO logo

These similarities are not surprising or coincidental, given that the ISO 13485 standard is based on ISO 9001. However, the former exceeds the latter in some areas such as the following:

  • The regulatory documents are now included with the documentation of the QMS
  • It must also include documents that identify the products and their specifications
  • The master record for the device being manufactured must include a well-defined set of QMS requirements
  • An expert must review and approve any changes in the QMS
  • There should be data retention standards that are based on the lifetime of the product and the associated legal or regulatory requirements

As you might expect, the ISO 13485 standards are more rigorous because the products involved can have serious consequences if they’re not manufactured to the correct standard or specification. This is especially true for devices that are used in the operating room and as part of life-support systems.

Principles of ISO 9001

Documents and a blue folder labelled with ISO 9001

The international set of standards for quality management systems is outlined in the ISO 9001 document, which was first published in 1987. The standards are agreed upon by various standardisation bodies from different member countries. 

The ISO 9001 standards are usually reviewed every five years, with an additional three years allowed for development. They were last updated in 2015 but due to a series of postponements, the deadline for the next review has been extended. The earliest year for publishing another update is now around 2030. 

The following seven ISO principles form the general basis and outline of the ISO 9001 standards:

  1. Engagement of people – this means involving not only the top management but also other staff members. The rank and file must be committed to improving the quality management system of the organisation
  2. Customer focus – organisations should gather customer feedback through online surveys and face-to-face interviews, including focus groups, to improve the quality of their products or services
  3. Leadership – everyone must have a shared vision and the same sense of purpose and commitment when it comes to achieving the organisation’s goals. It takes strong leadership to accomplish this
  4. Process approach – following the Plan, Do, Check, Act (PDCA) cycle helps organisations to grow and improve in various aspects. Organisations should develop a process-driven culture that’s geared towards continuous improvement
  5. Improvement – once an organisation has adopted a process approach, it’s much easier to check and identify any inefficiencies and bad practices. This insight can help organisations to continually improve
  6. Evidence-based decision-making – rational and correct decisions are only possible if they’re based on facts. An organisation must have the necessary information to respond in the right way
  7. Relationship management – organisations must build a high level of trust among their stakeholders to give themselves a competitive advantage. You can read more about the other benefits of ISO accreditation on our website.

Standards of ISO 13485

ISO 13485:2016 is a set of standards that covers quality management systems for organisations that manufacture or handle medical devices.

Medical device equipment It outlines the necessary documentation and other related evidence that’s required to prove an organisation is meeting its regulatory requirements and customers’ expectations.

The standard applies to any organisation that’s involved in the lifecycle of medical devices. The cycle includes:

  • Design and development
  • Production
  • Storage and distribution
  • Installation
  • Servicing of a medical device
  • Design and development of associated activities

There are specific standards that correspond with each of the above lifecycle stages or aspects.

ISO 9001 vs 13485 matrix 

Despite their similarities, there are also some key differences between the ISO 9001 and ISO 13485 standards, as shown in the table below.

A table showing the differences between the ISO 9001 and ISO 13485 standards

Summary: the main difference between ISO 9001 and ISO 13485

Although both ISO 9001 and ISO 13485 relate to quality management systems, the latter specifically focuses on medical devices. 

ISO 9001 standards are much more generic and can apply to any type of organisation. In contrast, ISO 13485 is very detailed and includes specifications for each of the various lifecycle stages of medical devices.

ReAgent’s ISO certifications

At ReAgent, we hold both the ISO 9001 and ISO 13485 certifications, as well as the ISO 14001 accreditation for environmental management and ISO 45001 for occupational health and safety.

If you’d like any more information about our ISO certifications, please get in touch.


All content published on the ReAgent.ie blog is for information only. The blog, its authors, and affiliates cannot be held responsible for any accident, injury or damage caused in part or directly from using the information provided. Additionally, we do not recommend using any chemical without reading the Material Safety Data Sheet (MSDS), which can be obtained from the manufacturer. You should also follow any safety advice and precautions listed on the product label. If you have health and safety related questions, visit HSE.gov.uk.