Back to Frameworks
ISO 13485:2016
International
v2016
6 domains
83 controls
ISO 13485:2016 Medical Devices Quality Management Systems Requirements.
Verified
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (6)
Clause 0 – ISO 13485:2016
5 controls
| Code | Title |
|---|---|
| iso-13485-2016::0.1 | General |
| iso-13485-2016::0.2 | Clarification of concepts |
| iso-13485-2016::0.3 | Process approach |
| iso-13485-2016::0.4 | Relationship with ISO 9001 |
| iso-13485-2016::0.5 | Compatibility with other management systems |
Management responsibility – ISO 13485:2016
14 controls
| Code | Title |
|---|---|
| iso-13485-2016::5.1 | Management commitment |
| iso-13485-2016::5.2 | Customer focus |
| iso-13485-2016::5.3 | Quality policy |
| iso-13485-2016::5.4 | Planning |
| iso-13485-2016::5.4.1 | Quality objectives |
| iso-13485-2016::5.4.2 | Quality management system planning |
| iso-13485-2016::5.5 | Responsibility, authority and communication |
| iso-13485-2016::5.5.1 | Responsibility and authority |
| iso-13485-2016::5.5.2 | Management representative |
| iso-13485-2016::5.5.3 | Internal communication |
| iso-13485-2016::5.6 | Management review |
| iso-13485-2016::5.6.1 | General |
| iso-13485-2016::5.6.2 | Review input |
| iso-13485-2016::5.6.3 | Review output |
Measurement, analysis and improvement – ISO 13485:2016
18 controls
| Code | Title |
|---|---|
| iso-13485-2016::8.1 | General |
| iso-13485-2016::8.2 | Monitoring and measurement |
| iso-13485-2016::8.2.1 | Feedback |
| iso-13485-2016::8.2.2 | Complaint handling |
| iso-13485-2016::8.2.3 | Reporting to regulatory authorities |
| iso-13485-2016::8.2.4 | Internal audit |
| iso-13485-2016::8.2.5 | Monitoring and measurement of processes |
| iso-13485-2016::8.2.6 | Monitoring and measurement of product |
| iso-13485-2016::8.3 | Control of nonconforming product |
| iso-13485-2016::8.3.1 | General |
| iso-13485-2016::8.3.2 | Actions in response to nonconforming product detected before delivery |
| iso-13485-2016::8.3.3 | Actions in response to nonconforming product detected after delivery |
| iso-13485-2016::8.3.4 | Rework |
| iso-13485-2016::8.4 | Analysis of data |
| iso-13485-2016::8.5 | Improvement |
| iso-13485-2016::8.5.1 | General |
| iso-13485-2016::8.5.2 | Corrective action |
| iso-13485-2016::8.5.3 | Preventive action |
Product realization – ISO 13485:2016
33 controls
| Code | Title |
|---|---|
| iso-13485-2016::7.1 | Planning of product realization |
| iso-13485-2016::7.2 | Customer-related processes |
| iso-13485-2016::7.2.1 | Determination of requirements related to product |
| iso-13485-2016::7.2.2 | Review of requirements related to product |
| iso-13485-2016::7.2.3 | Communication |
| iso-13485-2016::7.3 | Design and development |
| iso-13485-2016::7.3.1 | General |
| iso-13485-2016::7.3.10 | Design and development files |
| iso-13485-2016::7.3.2 | Design and development planning |
| iso-13485-2016::7.3.3 | Design and development inputs |
| iso-13485-2016::7.3.4 | Design and development outputs |
| iso-13485-2016::7.3.5 | Design and development review |
| iso-13485-2016::7.3.6 | Design and development verification |
| iso-13485-2016::7.3.7 | Design and development validation |
| iso-13485-2016::7.3.8 | Design and development transfer |
| iso-13485-2016::7.3.9 | Control of design and development changes |
| iso-13485-2016::7.4 | Purchasing |
| iso-13485-2016::7.4.1 | Purchasing process |
| iso-13485-2016::7.4.2 | Purchasing information |
| iso-13485-2016::7.4.3 | Verification of purchased product |
| iso-13485-2016::7.5 | Production and service provision |
| iso-13485-2016::7.5.1 | Control of production and service provision |
| iso-13485-2016::7.5.10 | Customer property |
| iso-13485-2016::7.5.11 | Preservation of product |
| iso-13485-2016::7.5.2 | Cleanliness of product |
| iso-13485-2016::7.5.3 | Installation activities |
| iso-13485-2016::7.5.4 | Servicing activities |
| iso-13485-2016::7.5.5 | Particular requirements for sterile medical devices |
| iso-13485-2016::7.5.6 | Validation of processes for production and service provision |
| iso-13485-2016::7.5.7 | Particular requirements for validation of processes for sterilization and |
| iso-13485-2016::7.5.8 | Identification |
| iso-13485-2016::7.5.9 | Traceability |
| iso-13485-2016::7.6 | Control of monitoring and measuring equipment |
Quality management system – ISO 13485:2016
7 controls
| Code | Title |
|---|---|
| iso-13485-2016::4.1 | General requirements |
| iso-13485-2016::4.2 | Documentation requirements |
| iso-13485-2016::4.2.1 | General |
| iso-13485-2016::4.2.2 | Quality manual |
| iso-13485-2016::4.2.3 | Medical device file |
| iso-13485-2016::4.2.4 | Control of documents |
| iso-13485-2016::4.2.5 | Control of records |
Resource management – ISO 13485:2016
6 controls
| Code | Title |
|---|---|
| iso-13485-2016::6.1 | Provision of resources |
| iso-13485-2016::6.2 | Human resources |
| iso-13485-2016::6.3 | Infrastructure |
| iso-13485-2016::6.4 | Work environment and contamination control |
| iso-13485-2016::6.4.1 | Work environment |
| iso-13485-2016::6.4.2 | Contamination control |
Your Compliance Coverage
If you comply with ISO 13485:2016, you already cover:
ISO 10005:2005
30%
25 controls mapped
Compare →ISO 19011:2018
24%
20 controls mapped
Compare →ISO 9001:2015
19%
16 controls mapped
Compare →+ 103 more: ISO 9001 (18%), ISO 50001:2018 - Energy Management Systems (17%)
See all 106 mapped frameworks ↓Maps to 106 other frameworks
83 total controls
ISO 10005:2005
25 source controls mapped|13 target controls covered
30%
ISO 19011:2018
20 source controls mapped|33 target controls covered
24%
ISO 9001:2015
16 source controls mapped|28 target controls covered
19%
ISO 9001
15 source controls mapped|8 target controls covered
18%
ISO 50001:2018 - Energy Management Systems
14 source controls mapped|13 target controls covered
17%
ISO 39001:2012 - Road Traffic Safety Management
13 source controls mapped|17 target controls covered
16%
ISO/IEC 38500:2024
13 source controls mapped|15 target controls covered
16%
ISO 41001:2018 - Facility Management Systems
12 source controls mapped|16 target controls covered
14%
ISO 22313:2020 - Guidance on Business Continuity Management Systems
12 source controls mapped|14 target controls covered
14%
ISO 14004:2016
12 source controls mapped|13 target controls covered
14%
ISO/IEC 23894:2023
11 source controls mapped|9 target controls covered
13%
ISO 31000:2018
11 source controls mapped|7 target controls covered
13%
ISO 22000:2018
11 source controls mapped|21 target controls covered
13%
ASIS SPC.1-2009 - Organizational Resilience Standard
11 source controls mapped|12 target controls covered
13%
AS9100D - Aerospace Quality Management System
8 source controls mapped|10 target controls covered
10%
ISO/IEC 27003:2017
7 source controls mapped|10 target controls covered
8%
AS9100D:2016 - Quality Management Systems for Aviation, Space, and Defence
6 source controls mapped|7 target controls covered
7%
ISO 27701:2019
6 source controls mapped|8 target controls covered
7%
ISO 22000
6 source controls mapped|6 target controls covered
7%
ISO 55001
5 source controls mapped|5 target controls covered
6%
ISO 37301
5 source controls mapped|5 target controls covered
6%
ISO/IEC 42001:2023
5 source controls mapped|6 target controls covered
6%
ISO 10006:2003
5 source controls mapped|5 target controls covered
6%
ISO 14001:2015
5 source controls mapped|11 target controls covered
6%
ISO 30401
4 source controls mapped|4 target controls covered
5%
ISO 37001
4 source controls mapped|4 target controls covered
5%
ISO 27005:2022
4 source controls mapped|9 target controls covered
5%
ISO 28001:2007 Supply Chain Security Management
4 source controls mapped|4 target controls covered
5%
ISO 22301:2019
4 source controls mapped|8 target controls covered
5%
ISO 14064 - Greenhouse Gas Accounting and Verification (Parts 1-3)
4 source controls mapped|2 target controls covered
5%
ISO 45001:2018
4 source controls mapped|5 target controls covered
5%
ISO 37301:2021
4 source controls mapped|11 target controls covered
5%
ISO/IEC 17025:2017 - General Requirements for Testing and Calibration Laboratories
4 source controls mapped|8 target controls covered
5%
Australia NHMRC National Statement on Ethical Conduct in Human Research
4 source controls mapped|2 target controls covered
5%
ISO 19011
3 source controls mapped|3 target controls covered
4%
ISO 26262:2018 - Functional Safety for Road Vehicles
3 source controls mapped|4 target controls covered
4%
ISO/IEC 27031:2011
3 source controls mapped|3 target controls covered
4%
ISO/IEC TR 24028:2020
3 source controls mapped|7 target controls covered
4%
ISO 27001:2022
3 source controls mapped|6 target controls covered
4%
ISO 37001:2016
3 source controls mapped|4 target controls covered
4%
ISO 55001:2014
3 source controls mapped|3 target controls covered
4%
ISO 56002
3 source controls mapped|15 target controls covered
4%
ISO 37002:2021 - Whistleblowing Management Systems
3 source controls mapped|15 target controls covered
4%
ISO 45001
3 source controls mapped|3 target controls covered
4%
ISO/IEC 17025:2017 - General Requirements for Testing and Calibration
3 source controls mapped|5 target controls covered
4%
ISO 15189:2022 - Medical Laboratories Requirements for Quality and Competence
3 source controls mapped|6 target controls covered
4%
BS 65000:2014 - Guidance on Organizational Resilience
3 source controls mapped|1 target controls covered
4%
ISO 22318
2 source controls mapped|3 target controls covered
2%
ISO 26000:2010
2 source controls mapped|4 target controls covered
2%
ISO/IEC 27004:2016
2 source controls mapped|2 target controls covered
2%
ISO 22320:2018
2 source controls mapped|3 target controls covered
2%
ISO 22316
2 source controls mapped|2 target controls covered
2%
ISO 22317
2 source controls mapped|2 target controls covered
2%
ISAE 3402 - Assurance Reports on Controls at a Service Organisation
2 source controls mapped|2 target controls covered
2%
Canada's Anti-Spam Legislation (CASL)
2 source controls mapped|2 target controls covered
2%
NIST SP 800-160
2 source controls mapped|2 target controls covered
2%
Cloud Security Alliance Cloud Controls Matrix (CCM) v4.0.1
2 source controls mapped|2 target controls covered
2%
BCBS 239
2 source controls mapped|1 target controls covered
2%
ISO/IEC 27006:2024
2 source controls mapped|4 target controls covered
2%
ISO/SAE 21434
1 source controls mapped|1 target controls covered
1%
ISO 31000
1 source controls mapped|1 target controls covered
1%
APRA CPS 230 Operational Risk Management
1 source controls mapped|1 target controls covered
1%
ISO/IEC 29147:2018
1 source controls mapped|2 target controls covered
1%
PCI PIN Security
1 source controls mapped|1 target controls covered
1%
NIST SP 800-183
1 source controls mapped|2 target controls covered
1%
NSA Guidance for Transition to Quantum-Resistant Cryptography
1 source controls mapped|1 target controls covered
1%
ISO/IEC 27701:2019
1 source controls mapped|1 target controls covered
1%
UK Bribery Act 2010
1 source controls mapped|1 target controls covered
1%
Brazil AI Framework
1 source controls mapped|1 target controls covered
1%
ISO/IEC 30111:2019
1 source controls mapped|1 target controls covered
1%
ISO/IEC 27557:2022 - Organisational Privacy Risk Management
1 source controls mapped|1 target controls covered
1%
NIST SP 1800-32
1 source controls mapped|1 target controls covered
1%
PCI P2PE
1 source controls mapped|1 target controls covered
1%
FFIEC IT Examination Handbook
1 source controls mapped|1 target controls covered
1%
OWASP ASVS
1 source controls mapped|1 target controls covered
1%
PCI SSF
1 source controls mapped|1 target controls covered
1%
Critical Infrastructure Risk Management Program (CIRMP) Rules 2023
1 source controls mapped|1 target controls covered
1%
NIST SP 800-161 Rev 1
1 source controls mapped|1 target controls covered
1%
FBI CJIS Security Policy
1 source controls mapped|1 target controls covered
1%
NIST SP 800-53 Rev 5
1 source controls mapped|1 target controls covered
1%
ISO 27043
1 source controls mapped|1 target controls covered
1%
ISO/IEC 27050 - Electronic Discovery (Parts 1-4)
1 source controls mapped|1 target controls covered
1%
SANS Incident Handler's Handbook and PICERL Methodology
1 source controls mapped|1 target controls covered
1%
Canada ITSG-33 - IT Security Risk Management
1 source controls mapped|1 target controls covered
1%
NIST SP 800-171
1 source controls mapped|1 target controls covered
1%
NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements
1 source controls mapped|1 target controls covered
1%
ISO 20400:2017 - Sustainable Procurement
1 source controls mapped|1 target controls covered
1%
SQF Code Edition 9 - Safe Quality Food
1 source controls mapped|1 target controls covered
1%
Digital Services Act (DSA) - Regulation (EU) 2022/2065
1 source controls mapped|1 target controls covered
1%
ASEAN Guide on AI Governance and Ethics
1 source controls mapped|1 target controls covered
1%
FDA Quality Management System Regulation (QMSR)
1 source controls mapped|1 target controls covered
1%
IEC 62304:2015 Medical Device Software Lifecycle Processes
1 source controls mapped|1 target controls covered
1%
IEC 60601-1 - Medical Electrical Equipment Safety
1 source controls mapped|1 target controls covered
1%
ISO 10007:2017
1 source controls mapped|3 target controls covered
1%
COPPA
1 source controls mapped|1 target controls covered
1%
ITIL 4
1 source controls mapped|1 target controls covered
1%
SOC 1 (SSAE 18 / ISAE 3402)
1 source controls mapped|1 target controls covered
1%
Aged Care Quality Standards (Australia)
1 source controls mapped|1 target controls covered
1%
APEC Cross-Border Privacy Rules (CBPR) System
1 source controls mapped|1 target controls covered
1%
Cambodia Sub-Decree on Personal Data Protection (Sub-Decree No. 134)
1 source controls mapped|1 target controls covered
1%
AICPA Privacy Management Framework (PMF)
1 source controls mapped|1 target controls covered
1%
APPI
1 source controls mapped|1 target controls covered
1%
Code of Conduct on Data Protection for Research (GDPR Article 40)
1 source controls mapped|1 target controls covered
1%
APRA CPS 220 Risk Management
1 source controls mapped|1 target controls covered
1%
NFPA 1600 - Standard on Continuity, Emergency, and Crisis Management
1 source controls mapped|1 target controls covered
1%
EBA Guidelines on ICT and Security Risk Management (EBA/GL/2024/07)
1 source controls mapped|1 target controls covered
1%
Frequently Asked Questions
What is ISO 13485:2016?
ISO 13485:2016 is a compliance framework from International with 6 domains and 83 controls. ISO 13485:2016 Medical Devices Quality Management Systems Requirements. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does ISO 13485:2016 have?
ISO 13485:2016 has 83 controls organised across 6 domains. The largest domains are Product realization – ISO 13485:2016 (33 controls), Measurement, analysis and improvement – ISO 13485:2016 (18 controls), Management responsibility – ISO 13485:2016 (14 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does ISO 13485:2016 map to?
ISO 13485:2016 maps to 106 other compliance frameworks. The top mapping partners are ISO 10005:2005 (30% coverage), ISO 19011:2018 (24% coverage), ISO 9001:2015 (19% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with ISO 13485:2016 compliance?
Start your ISO 13485:2016 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about ISO 13485:2016 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 83 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required