The ISO 13485 is an ISO norm containing the requirements for a comprehensive management system of the creation of medicinal products. The most recent edition of the norm has been published in the year 2016, thus giving the ISO 13485:2016 its name. The ISO 13485 contains all requirements existing with reference to the issuing of medicinal products.
The fundamental changes in version 2016 compared to its predecessors are in the product security of medical IT. In this context, the norm specifies security measures when storing patient-related data and thus also deals with aspects of data protection. It is part of the legislation and serves to comply with the European Medical Device Directive, 93/42/EWG. Chapter 4 of the ISO 13485:2016 is of special significance. Chapter 4 states that the organization must have a quality management system and has to maintain its effectiveness. This always applies a risk-based approach for the monitoring of the quality of the processes. If software is used as part of the quality management, this must be validated before the introduction. The activities related to the validation and revalidation must be proportionate to the risk associated with the use of the software. The activities must be documented accordingly and the quality management requires to check the created document, as well.