ISO13485:2016 – The Story of Narcissus

Reflections on strategy and implementation of a Management System which had to include ISO13485:2016

The medical Device Companies – and especially a lot of their Quality/Regulatory Affairs departments – hoped, right until the end, that the updated 13485:2016 standard would be merged with the new 9001:2015 approach and structure. A common approach supporting the entire company and all its processes – internally as well as externally.


ISO9001:2015 – Business focused framework

As a phoenix rising from the ashes to its full glory – not to be burnt to ashes for a long time.


The new 9001:2015 standard has evolved into a contemporary standard focusing, not only on products and production but on the entire company.


What a change from the outdated and inefficient (and not well-implemented) narrow sighted quality approach for this basic standard that has been the guide for too many years making it almost impossible to have a system that is deeply embedded in the organization and which makes sense to the people having to use it. (Quality resources excluded).


A change for the Quality people from nourishing and maintaining “their” system – always making it fit for notified body audit, but not usable for anything else….to a system where quality is a part of/support to the business but not controlling the business. Succeeding in building a structure of flexibility and value adding approach for all processes (not only) quality/safety impacts, directly or indirectly.

The new 9001 standard makes it possible to design the system to match all kinds of organizations (large, small, production, design, distributors etc.). What wonderful days it was when standard after standard followed the 9001 approach and merged into the 9001 evolving into standards that organizations can tailor-make and which support the entire business.


I am so fortunate to work with the AS9100 (Aviation & Defense) new revision D and it is one (1) document following the 9001 structures and any 9100 requirements are added where applicable.

And that is exactly what I expected from 13485:2016 edition.


Then the day of the ISO13485:2016 release came… And what a major disappointment that was!


ISO13485:2016 – “I am in love with myself”

“Narcissus saw his reflection in the water, became entranced by it, and killed himself because he could not have his object of desire.”


In the end, the totally outdated, not constructive attitude, was implemented again. The somewhat posh and narcissistic approach: “We who work within medical device are something quite special”, and “we know best”, not supporting the business but just keeping the quality people and the organization in a state of status quo: “this is the Quality department’s system and it is somewhere beside/behind all the other (read: relevant and value-adding) Business system(s).”


The consequence has been that many companies that were able to do so, have removed ISO9001 from their certificate scope (including my own company: Technolution), due to the almost unbridgeable task of merging the two standards into something usable. Here the costs were greater than the benefits.


Our notified bodies have had vast discussions on how to audit these two standards together. Hopefully, they have found a common approach for the companies that, unfortunately for them, require having certificates for both standards.

If we want real awareness and commitment from top managements as well as all employees (engineers, cleaning people, kitchen staff, human resources finance etc.) the framework of supporting legislation needs to fulfil – at least – these requirements:

  • It has to make sense for all employees (“We have written how to do this, read and understood it, and can see why we have to do it”)
  • It must be considered as the entire Company’s system – not solely the quality department’s system (using the risk-based process approach for all the processes in the Company)
  • Delegate process/part-process responsibility to the employees that actual perform/shall perform the tasks
  • And finally, ensure that it supports (provocatively prioritized):
    1. Relevant Business requirements and processes
    2. Relevant Customer requirements
    3. Relevant Supplier and Co-operator requirements
    4. Relevant requirements to comply with other standards
    5. Relevant ISO13485 requirements

Phenix ISO9001:2015


THE FUTURE: 13485 becomes contemporary …

It will be a great day when the Medical Device authorities and various lobbyists within the Medical Device business around the world becomes just a little more humble and respectful towards all of us working with Management Systems – regardless of area, and finally acknowledge that it is equally important that:

  • The Medical Device users are safe
  • The system really works (meaning allowing total awareness in the organization, not just in connection with notified body audits!)

My wish for the future: Let us combine Business, Medical Device regulations and other standards to add value to patients, customers and companies.

And finally, satisfaction and motivation of working with systems that makes sense to all employees and managers.




About the author

Marianne Lind

Marianne Lind, Quality Manager, Technolution A/S

Marianne is an expert in quality systems – ISO9001, AS9100, the Medical Device Standard ISO13485, including the Special Design Control Process in Medical Device Development and has worked with quality systems in the last 15 years. Most recently for 10 years at Coloplast. In addition to the quality competencies, Marianne holds a bachelor’s degree in Organizational Psychology and is certified in Saville Wave’s vocationally oriented personality test. She is especially good at facilitating the collaboration between different groups in an organisation.


You may also like