Hi,
ISO 13485:2003 doesn't relate to device effectiveness at all. It relates to device safety, but only indirectly, by requiring that device safety requirements are included in the design input (which is later expected to be addressed in the design output, which should be verified... and so on). I think asking the auditor what is the basis of this requirement (assuming this is a strict-ISO-13485 audit) would not be inappropriate.
In the USA, a cleared 510(k) or PMA could serve as evidence that the device's safety and effectiveness are adequate, by FDA's standards, given of course that the device is not exempt. In the EC (and other similar systems) it might come down to a compliant clinical evaluation, as prescribed by the MDD and elaborated in guidance documents.
Cheers,
Ronen.