Transitioning to ISO 13485:2016 from EN ISO 13485:2012


Ron Greco

Hello All,
I have inherited a QMS system that was created and released in September 2014 to 13485 at that time. I am in the process of conforming to 2016 and I have been told that my old system which was acceptable during the last audit has to be completely revised. My source is saying that document numbers and everything has to be revised. However I do not see anything in the regulations that states the old system must be rewritten. Does anyone have any advice?
Thank you for your assistance...




I am also transitioning to the 2016 standard. I suggest that you start with a gap analysis. Also the 2016 version is risk-based throughout the QMS processes, in addition to product realization. I don't think you need to rewrite all procedures; but you do need to make updates.

Sidney Vianna

Post Responsibly
My source is saying that document numbers and everything has to be revised.
Is your source, by any chance, a consultant that would benefit financially from revising everything for you? :notme:

In principle, your system should not need any major changes, if it reflects your operational quality system. The key to make quality systems future-proof and standard-revision-proof is to make it seamlessly embedded in your business processes. Organizations don't change how they operate (for the most part) when a management system standard they comply with gets revised. If your quality system is a functional, well thought out subset of your business management system, you should not be required to make any drastic changes to it. Maybe some minor tuning.

Good luck.

PS. Please note there was no ISO 13485:2012. The previous version of ISO 13485 was 2003. The 2012 date is for an European Norm, not the actual ISO 13485 document.


Super Moderator
Sidney is spot-on with his response. The document re-numbering is just ludicrous.

One thing to bear in mind is the MDD. You may want to see how that might influence your QMS. But just for certification purposes, do as snoopy suggested and start with a gap analysis. There are a few new things that bring it closer to the US regulation (21 CFR 820) and such but nothing earthshaking.


Trusted Information Resource
There are some minor changes in the sections of 2016 version (some additions and some moved around), so if you use the section numbers of the standard to number your procedures, then you may have to make some changes; but, a requirement to re-number or rewrite procedures is totally ridiculous.


Involved In Discussions
Hi Ron,

There is no requirement for a numbering structure. Select a structure that meets the business needs. The size of the business will impact the transition to 13485:2016. After a gap analysis is performed, a small company with a healthy QMS could update in a few months. When I made the move to 2016, at a small medical device company, some processes needed to be revised mostly referencing/updating different terminology. For example, the QMS I was using did not address “As far as possible” in the QMS. We updated the risk analysis procedure to accommodate this, so now the business accounts for “As far as possible.”


Gert Andersen

Same here. I'm performing the GAP analysis as we speak. I agree that the major difference seems to be that the new standard is taking a more global view on what a Risk based approach means, ie look at training and control and monitoring of suppliers.

I have a spreadsheet you can use, if you want it.

Gert Andersen

Template and white paper for initial guidance.
It's a bit of work but doable.


  • Gap Analysis ISO 13485 2016 - ISO 9001 2015 template.xlsx
    98 KB · Views: 1,153
  • WW_ISO13485_Impact_whitepaper.pdf
    1.1 MB · Views: 564
Top Bottom