How to combine an MDR 2017/745 and an ISO 13485 Supplier Audit

Contact Us

MDR (EU) 2017/745 is a set of regulations that govern the European medical device market. It was created to ensure the safety and efficacy of medical devices, as well as to improve patient care and treatment options. The regulation includes strict rules for manufacturers of medical devices and in vitro diagnostic medical devices, such as having a Quality Management System (QMS) that complies with ISO 13485:2016. In this blog post, we will explore the requirements for a quality management system under the new EU MDR, and how EU MDR 2017/745 and ISO 13485 can be combined in a single supplier audit.

What are the Quality Management System requirements for the EU MDR 2017/745?

The Quality Management System requirements for the EU MDR 2017/745 are based on the ISO 13485 standard. Companies that want to sell their products in the EU must have a QMS that meets these requirements. The main requirements are that a QMS must be:

  • Established and maintained in order to control the design and manufacture of medical devices.
  • Designed to reduce or eliminate risks to patients, users, and third parties.
  • Periodically reviewed and updated as needed in response to changes in technology, markets, etc.

In addition to these general requirements, there are specific requirements for each type of medical device. For example, Class III medical devices must go through a rigorous clinical evaluation before they can be placed on the market.

Is ISO 13485 mandatory for EU MDR?

The European Union’s Medical Device Regulation (EU MDR) requires all medical device manufacturers to have a QMS in place that complies with the requirements of the regulation. The regulation does not specifically mention ISO 13485, but it does require that manufacturers use an “appropriate” QMS. To be considered “appropriate”, a QMS must meet all of the requirements of the regulation, which are based on international standards including ISO 13485.

Many manufacturers choose to implement ISO 13485 as their QMS because it is a well-recognized standard that meets all of the requirements of the EU MDR. By doing so, manufacturers can demonstrate to regulators and customers that their products are designed and manufactured in accordance with best practices for quality and safety. Certification to ISO 13485 can show compliance with this requirement.

How EU MDR 2017/745 incorporates an ISO 13485 audit?

As the European Union (EU) gears up for the full implementation of its Medical Device Regulation (MDR), many companies that manufacture and/or supply medical devices are wondering how to best combine MDR requirements with those of ISO 13485.

One key requirement of both MDR and ISO 13485 is the need for regular audits of suppliers. A common way to verify supplier compliance with both standards is to integrate EU MDR requirements into an ISO 13485 audit. These audits help to ensure that suppliers are meeting all applicable regulatory requirements and that they have systems and processes in place to consistently produce safe and effective medical devices.

So, what should be considered when planning and conducting a supplier audit under EU MDR and ISO 13485?

When auditing a supplier’s QMS against ISO 13485, there are a few key areas that need to be addressed in order to ensure compliance with EU MDR:

  1. Clinical Evaluation and Clinical Trials: Under the EU MDR, clinical evaluation and clinical trials are required for all Class III and some Class II devices. Manufacturers must have documented processes in place for conducting these activities. The auditor should review these processes to ensure they are adequate and meet all applicable requirements.
  2. Post-market Surveillance: Manufacturers must have post-market surveillance systems in place for all medical devices they sell in the EU market. The auditor should review the supplier’s post-market surveillance system to ensure it meets all applicable requirements.
  3. Vigilance and Market Surveillance: Manufacturers are required to report any adverse events or incidents involving their medical devices to competent authorities. They must also have vigilance systems in place.

The audit should also cover all aspects of the manufacturing process, from raw material procurement to final product release. It should assess whether the manufacturing process is in line with the requirements of ISO 13485. In particular, the auditor should check that the quality management system is adequate and implemented effectively, that the appropriate controls are in place at all stages of the manufacturing process, and that the risk management process is fit for purpose and applied effectively.

Here are a few examples of how to verify compliance with EU MDR in an audit and the relevant ISO 13485 references.

EU MDR 2017/745 ISO 13485 Reference
EUMDR:  Documentation exists for describing links and relationships between outsourced processes, how these are controlled by supplier management and economic operators such as distributors and importers.  Descriptive, graphical, or flowchart type of process is detailed for outsourced processes.
Article 5, 10, 25; Annex IX
4.1, 7.1, 7.4
EUMDR: Outsourced processes are defined, identified, and the level of control is established concerning those processes applicable to MDR within the scope of product families.  Clear identification should be made for what activities are done external to the organization.
Article 5, 10, 25; Annex IX
4.1, 7.1, 7.4
EUMDR: The manufacturer as the legal entity is registered in the EUDAMED system for the organization with all pertinent and accurate information.  Confirm that the EUDAMED electronic system contents match the organization’s administrative information.
Article 1, 5, 10, 16, 30, 31, 33
4.1, 4.2, 7.1, 7.2


Our tips for organizing the audit:

  1. Review the supply chain and identify which suppliers need to be audited for EU MDR compliance.
  2. Make sure the auditor is familiar with both EU MDR and ISO 13485 requirements.
  3. During the audit, a focus must be made on assessing whether the supplier has implemented adequate processes and controls for design and development, clinical evaluation, post-market surveillance, etc., as required by EU MDR.
  4. Make sure the audit report includes a detailed assessment of the supplier’s compliance with EU MDR requirements.

While integrating EU MDR into an ISO 13485 audit may sound like a daunting task, most medical device manufacturers will hire a third-party audit company like Pro QC International to conduct a gap analysis, identify noncompliance, and perform follow-up audits to ensure full compliance before entering the certification process.

About Us

Pro QC is a Global Quality Assurance company with over 40 years of experience in the Medical Devices industry. We provide ISO 13485 audits, prepare suppliers for ISO certifications, conduct supplier management, perform quality inspections, and offer many more solutions. Contact us at for more information.

You May Also Like

Learn more about our services


Back to top

Want to Get in Touch with Pro QC ?

Contact us

Pro QC

Contact Your Local Office

North America

+1 206 865 0595

United Kingdom

+44 330 094 5589

India & South Asia

+91 120 4291971

Asia & Asia Pacific

+886 2 2832 2990


+57 601 9190355

Global Coverage experiencia local Local Expertise

© 2024 Pro QC International | Privacy | Terms of use | Terms of service Protection Status