ISO 13485 & ISO 14971
Two standards. One quality system.
ISO 13485 is the quality system your medical device runs on. ISO 14971 is the risk management engine inside it. Built as one, they carry you to certification and through every audit. Built as two, they generate findings.
The Integration
Most companies write a quality manual, then bolt on a risk file that never touches it. We build one system, where risk drives the quality decisions.
ISO 13485 Clause 7.1 is explicit: your quality system must run a risk management process that meets ISO 14971. That is not a filing requirement, it is a design principle. When risk analysis actually feeds your design controls, your CAPA, your supplier decisions, and your post-market surveillance, the system holds together and the auditor sees it immediately. We build that connective tissue, right-sized to your device and your stage, without the bureaucracy that slows teams down.
Two Standards, One System
What each standard does.
The Quality System
How you build, control, and improve.
The internationally recognized quality management system for medical devices. It governs design controls, production, supplier management, CAPA, and post-market activities across the entire product lifecycle.
The Risk Engine
How you keep it safe.
The standard for applying risk management to medical devices. It runs from hazard identification through risk control, residual risk, and benefit-risk, feeding evidence back from production and the field.
Where They Meet
Risk runs through the whole lifecycle.
ISO 14971 is not a phase. It threads through the quality system at every stage, and inspectors check that the thread is unbroken.
Design & Development
- ISO 13485
- Design inputs, verification, and validation under Clause 7.3.
- ISO 14971
- Hazard analysis drives the design inputs and control measures.
Production & Process
- ISO 13485
- Process validation and controls for critical steps.
- ISO 14971
- Risk identifies which processes are critical to control.
CAPA
- ISO 13485
- Corrective and preventive action on quality issues.
- ISO 14971
- Risk informs whether, and how urgently, to act.
Post-Market
- ISO 13485
- Complaint handling and vigilance under Clause 8.2.
- ISO 14971
- Field data feeds back into the risk management file.
Capabilities
From gap to certificate, and beyond.
Gap Assessment
A clear-eyed audit of your current state against ISO 13485:2016 and ISO 14971:2019, with a prioritized roadmap to close it.
QMS Build & Documentation
Quality manual, procedures, and records right-sized to your device and organization. Lean by design, not by omission.
Risk Management File
A complete, traceable ISO 14971 risk file, from plan and analysis through risk control and benefit-risk.
Design Controls Integration
Risk woven into design inputs, verification, and validation, so your design history file and risk file tell one story.
Audits & Certification Readiness
Internal audits, mock assessments, and Stage 1 and Stage 2 preparation that make the certification body a formality.
Remediation & Maintenance
Remediation of failing systems, plus the internal audit and management review rhythm that keeps you certified.
One System, Global Reach
Certification that opens every market.
5 regulators
Through MDSAP, one ISO 13485-based audit satisfies the US, Canada, Brazil, Japan, and Australia at once.
QMSR ready
The FDA has aligned 21 CFR Part 820 with ISO 13485, so one quality system now serves both.
Work With Us
Build one system that passes every audit.
Tell us where your quality system stands and which markets you are targeting. We will pair you with a senior quality lead and respond within one business day.
Start the Conversation