The ISO 13485 is an ISO norm con­tai­ning the re­qui­re­ments for a com­pre­hen­si­ve ma­nage­ment sys­tem of the crea­ti­on of me­di­ci­nal pro­ducts. The most re­cent edi­ti­on of the norm has been pu­blis­hed in the year 2016, thus gi­ving the ISO 13485:2016 its name. The ISO 13485 con­tains all re­qui­re­ments exis­ting with re­fe­rence to the is­suing of me­di­ci­nal products.

The fun­da­men­tal chan­ges in ver­si­on 2016 com­pa­red to its pre­de­ces­sors are in the pro­duct se­cu­ri­ty of me­di­cal IT. In this con­text, the norm spe­ci­fies se­cu­ri­ty mea­su­res when sto­ring pa­ti­ent-re­la­ted data and thus also deals with aspects of data pro­tec­tion. It is part of the le­gis­la­ti­on and ser­ves to com­ply with the Eu­ro­pean Me­di­cal De­vice Di­rec­ti­ve, 93/42/EWG.

Chap­ter 4 of the ISO 13485:2016 is of spe­cial si­gni­fi­can­ce. Chap­ter 4 sta­tes that the or­ga­niz­a­ti­on must have a qua­li­ty ma­nage­ment sys­tem and has to main­tain its ef­fec­ti­ve­ness. This al­ways ap­p­lies a risk-ba­sed ap­proach for the mo­ni­to­ring of the qua­li­ty of the pro­ces­ses. If soft­ware is used as part of the qua­li­ty ma­nage­ment, this must be va­li­da­ted be­fo­re the in­tro­duc­tion. The ac­ti­vi­ties re­la­ted to the va­li­da­ti­on and re­va­li­da­ti­on must be pro­por­tio­na­te to the risk as­so­cia­ted with the use of the soft­ware. The ac­ti­vi­ties must be do­cu­men­ted ac­cord­in­gly and the qua­li­ty ma­nage­ment re­qui­res to check the crea­ted do­cu­ment, as well.