ISO 13485 & ISO 14971

Two standards. One quality system.

ISO 13485 is the quality system your medical device runs on. ISO 14971 is the risk management engine inside it. Built as one, they carry you to certification and through every audit. Built as two, they generate findings.

The Integration

Most companies write a quality manual, then bolt on a risk file that never touches it. We build one system, where risk drives the quality decisions.

ISO 13485 Clause 7.1 is explicit: your quality system must run a risk management process that meets ISO 14971. That is not a filing requirement, it is a design principle. When risk analysis actually feeds your design controls, your CAPA, your supplier decisions, and your post-market surveillance, the system holds together and the auditor sees it immediately. We build that connective tissue, right-sized to your device and your stage, without the bureaucracy that slows teams down.

Two Standards, One System

What each standard does.

13485

The Quality System

How you build, control, and improve.

The internationally recognized quality management system for medical devices. It governs design controls, production, supplier management, CAPA, and post-market activities across the entire product lifecycle.

14971

The Risk Engine

How you keep it safe.

The standard for applying risk management to medical devices. It runs from hazard identification through risk control, residual risk, and benefit-risk, feeding evidence back from production and the field.

ISO 13485, Clause 7.1 The quality system must operate a risk management process that meets ISO 14971. The two standards are not optional companions. One requires the other.

Where They Meet

Risk runs through the whole lifecycle.

ISO 14971 is not a phase. It threads through the quality system at every stage, and inspectors check that the thread is unbroken.

Stage 01

Design & Development

ISO 13485
Design inputs, verification, and validation under Clause 7.3.
ISO 14971
Hazard analysis drives the design inputs and control measures.
Stage 02

Production & Process

ISO 13485
Process validation and controls for critical steps.
ISO 14971
Risk identifies which processes are critical to control.
Stage 03

CAPA

ISO 13485
Corrective and preventive action on quality issues.
ISO 14971
Risk informs whether, and how urgently, to act.
Stage 04

Post-Market

ISO 13485
Complaint handling and vigilance under Clause 8.2.
ISO 14971
Field data feeds back into the risk management file.

Capabilities

From gap to certificate, and beyond.

Gap Assessment

A clear-eyed audit of your current state against ISO 13485:2016 and ISO 14971:2019, with a prioritized roadmap to close it.

QMS Build & Documentation

Quality manual, procedures, and records right-sized to your device and organization. Lean by design, not by omission.

Risk Management File

A complete, traceable ISO 14971 risk file, from plan and analysis through risk control and benefit-risk.

Design Controls Integration

Risk woven into design inputs, verification, and validation, so your design history file and risk file tell one story.

Audits & Certification Readiness

Internal audits, mock assessments, and Stage 1 and Stage 2 preparation that make the certification body a formality.

Remediation & Maintenance

Remediation of failing systems, plus the internal audit and management review rhythm that keeps you certified.

One System, Global Reach

Certification that opens every market.

5 regulators

Through MDSAP, one ISO 13485-based audit satisfies the US, Canada, Brazil, Japan, and Australia at once.

QMSR ready

The FDA has aligned 21 CFR Part 820 with ISO 13485, so one quality system now serves both.

Work With Us

Build one system that passes every audit.

Tell us where your quality system stands and which markets you are targeting. We will pair you with a senior quality lead and respond within one business day.

Start the Conversation