Tips & Resources

What it takes to become ISO-13485 design compliant

Kirstie Dyment
Kirstie Dyment March 15, 2015 • 0 min read

“It creates a discipline and an internal corporate culture that can help you grow. -Robert Kaul

Medical products are entering the consumer space at a growing rate, providing safer and more effective health outcomes for the public. For prospective device manufacturers, it’s important to understand the impact that quality certifications like ISO-13485 have on the design process.

Cortex provides design and manufacturing services to ISO-13485 certified medical product manufacturers, including Cloud DX, which is well-known for its cloud-connected patient monitoring system, Pulsewave. Cortex is developing Vitaliti™ for Cloud DX, one of 10 finalist entries in the $10 million Qualcomm Tricorder XPRIZE competition.

We sat down with Robert Kaul, CEO of Cloud DX to discuss the challenges and opportunities associated with ISO-13485.

What does having ISO-13485 allow you to do?

You can’t be a medical device manufacturer without having ISO-13485. Somewhere in the mix, between the company and the customer, there has to be an ISO-13485 certified manufacturer. Companies can hire a certified manufacturer to maintain all of their documentation and accept the regulatory burden for that for a fee: as long as somebody is documenting all of that from soup to nuts, it doesn’t have to be internal, it could be a partner. Likewise, if you wanted to build a medical device, you could have it built at a certified manufacturer, but you have to provide ISO-level documentation to that manufacturer up to the point of hand-off.

How does being certified change your process of development?

When you’re doing software development in an ISO compliant environment, you really aren’t able to fully use the agile development method where you break up products into pieces, develop them separately, bolt them together, test them, push them onto the market and see if they fail, do it again, iterate, iterate, iterate… you can’t do it that way.

That’s why so many companies in the technology sector shy away from medical. If you’re trying to develop a consumer product and all your competitors can use an agile methodology and you can’t, it’s like you’re driving a steam engine while everyone else is in a sports car.

Instead, you have to use a variation of the waterfall method. In an ISO environment, you have to say what you’re going to do first, and then do it. You have to employ sophisticated forethought and planning. With this approach, you come up with a business case, design the product to fit the business case, build the product, test it against the business case, release it, and then cycle through that process again.

What does maintaining ISO-13485 entail?

What ISO-13485 certification actually entails is documenting everything you do that might have any impact on risk. That includes your business plans, where and how you train your staff, documenting all your interactions with your customers, and the entire process of how you produce your product. The burden of maintaining ISO-13485 certification is in maintaining your documentation, because you can’t let it slide.

Do you employ full-time staff to maintain your certifications?

You need to have a regulatory affairs manager employed full time to ensure the documentation is maintained. The technical leads are responsible for maintaining the quality management documentation for all of our software and hardware products. Then we have an additional quality assurance specialist whose job is to put all of our software through a series of very strict and standardized tests that are checked by the compliance regulators.

When do you transition from relying on ISO-13485-certified vendors versus doing it yourself?

You have to have a high degree of confidence that once approved, your product will sell like hotcakes so you can justify the cost. ISO compliance is costly, which means you have to have substantial sales volume to justify the cost. The number of companies with revenues of less than $50 million that have ISO-13485 certification is probably very small.

From a business perspective, what does it mean to have ISO-13485 certification?

Being ISO certified proves to big customers that everything we’re doing is being done properly and that their risk management is abated or mitigated when they do business with us. It resolves a whole bunch of big problems for a customer. They see that we are disciplined, that we have our processes figured out, that we’re documenting everything, that we’re being audited by a third party every year to see that we are compliant. It creates a discipline and an internal corporate culture that can help you grow.

© 2022 Cortex Design Inc.