Help understanding what it takes to implement a QMS that is ISO 13485 compliant

Hi all. I work for a very small medical device startup in the nonprofit space. As funding is incredibly small, I was tasked with implementing a QMS system. We can hire a consultant for a small amount of time, but I am tasked with beginning to carve this out and the planning process. I fully understood I have been tasked with a very large body of work.

For context, we have 2 devices (class II). We have finished designing them, multiple clinical studies in many countries, and are currently going through USFDA. We do not manufacture the devices in house, and our manufacturers are ISO 13485 certified.

I am looking for any and all advice on building the QMS. Thank you in advance!


Super Moderator
Just to be clear, even though you contract out for manufacturing, you're going to be considered the legal manufacturer in the context of all the regulations (assuming your name is going on the device labeling).

Have you read 21 CFR 820 (freely available online) and do you have a copy of 13485 (purchase for peanuts at the Estonian standards site)? Risk Management is something you'll need to bake in so you should get a copy of ISO 14971 (also available from Estonia).

It's a bit difficult to say "go do these things" in a forum like this. There's a lot to consider. Certainly, getting a qualified consultant to kick-start the process will get things moving in the right direction.

Elisa Voros

I'm in the same position implementing a QMS from scratch. We've opted to implement QMS software built specifically for the med dev space. Although I appreciate that there may be a cost associated with this, it will save you enormous amounts of time and headaches in the long run. The cost of being non-compliant when it comes to making your FDA submissions could be more. I've found Greenlight Guru to be a great resource for free templates and advice on setting up a QMS from scratch.


"You can observe a lot by just watching."
Hello asantcom,

You've come to the right place, but I can tell you the Cove will be much more helpful when you have specific questions to ask instead of more general ones. Right now, you've kind of asked "How do I make a car?" We can tell you it should probably have four wheels, an engine, a steering wheel, brakes, etc. Once you know your question is "What type of material should the windshields be made out of?", it'll get easier to answer.

Some basics:

-You're going to need a Notified Body to work with.
-You're going to need technical documentation showing why your product is safe and effective.
-You're going to need post-market surveillance of how your product performs in the field.
-You're going to need a system to control your important documentation (those relevant to implementing everything defined here). This includes retaining documents, keeping only the most recent versions reading available where they're needed, etc. I'd recommend reading up on data integrity.
-You're going to need an internal audit system.
-You're going to need a system for nonconformance investigations, corrective and preventative actions, and verification of those actions.

Ed Panek

QA RA Small Med Dev Company
Super Moderator
I suggest you request a budget from a certifying body as the start. Whatever their annual cost for audit is the starting line. The actual implementation of a good QMS to withstand an ISO 13485 audit is best done with a consultant if you are starting with no understanding. Its going to need an investment.
Top Bottom