I would also recommend buying ISO/TR 14969 as well, because the auditors sometimes refer to it as well. ISO 13485:2003 does not say that quality policy has to state that regulatory requirements shall be met. ISO/TR 14969 in section 5.3 does ask for meeting the regulatory requirements. Our auditor insisted that this requirement has to be met and our quality policy has to include regulatory requirements.