The Differences and Similarities between ISO 9001:2015 and ISO 13485:2016 [Part 2]

In the last blog, we discussed the differences between ISO 9001:2015 and ISO 13485:2016. In part 2 of the series, we're focussing on the similarities between the two standards and summarising our main points.

While the two standards have some divergence in structure and some terminology, there are no conflicts in requirements and they have several similarities that allow them to work together. This should allow organizations who have or are looking to obtain certification to ISO 9001:2015 to also obtain or maintain a certification to ISO 13485:2016 if they so desire.

Reason for Using—Both standards continue to emphasize that the adoption of a quality management system is a strategic decision for an organization. Management of any organization that decides they want to use a quality management system should integrate the requirements of these standards into their strategic planning and ensure quality objectives are also aligned with the achievement of the organizational objectives.

Role of the Organization—Both revised standards have outlined the need for an organization to determine their role or purpose in the supply chain of delivering a product to the customer. This allows relevant people (interested parties) to understand the scope of the organization and determines the applicable requirements of the standardthat apply to the organization.

Customer Focus—Both revised standards start the product realization process with determining customer needs to drive the requirements for the organization’s product or service. While there is a small difference in how this is measured, as ISO 9001:2015 seeks customer satisfaction and ISO 13485:2016 asks organizations to demonstrate that customer requirements have been met, this minor difference is still the motivation for organizations to focus on the needs of the customer. In addition, the use of the phrase, “relevant interested parties” can help organizations realize that regulators are part of this customer group.

Methodology—Both revised standards have maintained the use of process approach with the Plan-Do-Check-Act (PDCA) cycle as the core methodology that follows from the quality principles outlined in ISO 9000.

Risk-based—Both revised standards advocate the use of risk assessments as the basis of making decisions along with the application of risk-based controls to the processes of the quality management system. The driver of this approach in both standards is to remove the arbitrary approach that doesn’t consider the actual application. ISO 9001:2015 does take this a step further by integrating risk-based thinking as a key concept within the process approach and eliminating the separate sub clause on preventive action, however this could be adopted to meet the requirements of ISO 13485:2016 for preventive action as well.

Competency—The updates to each of these standards has reflected a shift from the identification of training needs to ensuring the competency of employees. This will likely have the effect that organizations will have to determine the way to show that their employees are able to do the job they are assigned. Again, ISO 9001 takes this a bit further in the new clause (7.1.6) on organizational knowledge, but this also would be a good requirement for ISO 13485:2016 organizations to adopt as a best practice.

Infrastructure —Both revised standards have a renewed emphasis on the determination of the necessary buildings, equipment and other resources (including information technology) that are needed for processes and for ensuring product conformity. This is only further emphasized in ISO 13485:2016 with regard to cleanliness of environment and contamination control required in assembly or packaging of product.

Analysis of Data—Another key concept emphasized in both revised standards is the need to use the appropriate statistical techniques in the analysis of data to drive the actions of the organization.

Final Summary:

As organizations seek to make strategic decisions on the implementation of a quality management system, they need to understand how the similarities and differences between the two revised standards can affect those decisions. Over the last several years, we continue to see how these standards work together with no direct conflicts within their Quality Management System to achieve the goals and objectives of their organization. Both Technical Committees (TC 176 and TC 210) are keenly aware of the need to ensure these two critical standards will need to maintain this relationship and Top Management of organizations should seek to understand any changes in this context. The next editions of both standards will be undergoing revision in in 2024 or 2025 with key decisions on the structure and definitions in the hands of the ISO organization.