All skills
Skillintermediate

ISO 13485:2016 Mandatory Documents and Records

This document provides a complete list of all mandatory documents and records required by ISO 13485:2016 for medical device Quality Management Systems.

Claude Code Knowledge Pack7/10/2026

Overview

ISO 13485:2016 Mandatory Documents and Records

This document provides a complete list of all mandatory documents and records required by ISO 13485:2016 for medical device Quality Management Systems.

Overview

ISO 13485:2016 requires organizations to establish and maintain 31 documented procedures along with a Quality Manual and Medical Device Files. Additionally, numerous records must be maintained to provide evidence of conformity.

Important Notes:

  • The 31 documented procedures do not need to be 31 separate documents
  • Multiple procedures can be combined into one document
  • One procedure can be split across multiple documents
  • Not all procedures may be applicable to every organization (exclusions must be justified)
  • Additional documentation may be required by applicable regulatory requirements

1. Quality Manual (Required by 4.2.2)

Description: Foundational QMS document

Must Include:

  • Scope of QMS with justified exclusions
  • Documented procedures or references to them
  • Description of interaction between QMS processes
  • Structure of documentation used in QMS

Applicable To: All organizations


2. Medical Device File (Required by 4.2.3)

Description: File for each medical device type or family

Must Include:

  • General description and intended use
  • Label and instructions for use specifications
  • Product and/or manufacturing specifications
  • Procedures for purchasing, manufacturing, servicing
  • Measuring and monitoring procedures
  • Installation requirements (if applicable)
  • Risk management file(s)
  • Verification and validation information
  • Design and development file(s) when applicable

Applicable To: All organizations for each device type/family


3. The 31 Documented Procedures

Clause 4: Quality Management System

1. Risk Management Procedures (4.1.5)

Description: Requirements for risk management throughout product realization Must Address:

  • Risk management methodology
  • Risk analysis and evaluation
  • Risk control measures
  • Risk acceptability criteria
  • Risk management review Referenced Standard: ISO 14971

2. Software Validation Procedure (4.1.6)

Description: Validation of computer software applications used in QMS Must Address:

  • Risk assessment of software
  • Validation approach and activities
  • Acceptance criteria
  • User responsibilities
  • Validation before initial use and after changes
  • Revalidation criteria

3. Control of Documents Procedure (4.2.4)

Description: Control of all QMS documents Must Address:

  • Document approval before issue
  • Document review and update
  • Identification of changes and revision status
  • Availability of relevant document versions
  • Document legibility and identification
  • Control of external documents
  • Prevention of obsolete document use
  • Identification of retained obsolete documents

4. Control of Records Procedure (4.2.5)

Description: Control of all QMS records Must Address:

  • Record identification
  • Storage and security
  • Integrity protection
  • Retrieval procedures
  • Retention time determination
  • Record disposition
  • Legibility requirements
  • Change identification

Clause 5: Management Responsibility

5. Management Review Procedure (5.6.1)

Description: Systematic review of QMS by top management Must Address:

  • Review frequency (at least annually)
  • Review agenda and inputs
  • Review outputs and actions
  • Attendee requirements
  • Record-keeping requirements

6. Internal Communication Procedure (5.5.3)

Description: Communication regarding QMS effectiveness Must Address:

  • Communication channels
  • Communication frequency
  • Responsible parties
  • Topics to be communicated
  • Documentation of communications

Clause 6: Resource Management

7. Human Resources/Competence Procedure (6.2)

Description: Ensuring personnel competence Must Address:

  • Competence requirements determination
  • Training needs identification
  • Training provision and evaluation
  • Education, training, skills, and experience requirements
  • Competence records maintenance
  • Awareness of personnel contributions

8. Infrastructure Maintenance Procedure (6.3)

Description: Maintenance of facilities and equipment (when affecting quality) Must Address:

  • Maintenance activities definition
  • Maintenance scheduling
  • Maintenance records
  • Impact on product quality
  • Verification after maintenance

9. Contamination Control Procedure (6.4.2)

Description: Control of contaminated or potentially contaminated product (when applicable) Must Address:

  • Contamination identification
  • Contaminated product handling
  • Segregation requirements
  • Decontamination procedures
  • Special arrangements for control

Clause 7: Product Realization

10. Customer Communication Procedure (7.2.3)

Description: Communication with customers Must Address:

  • Product information provision
  • Inquiry, contract, order handling
  • Customer feedback including complaints
  • Advisory notices
  • Communication channels and responsibilities

11. Design and Development Procedures (7.3.1 - 7.3.10)

Description: Control of design and development process Must Address:

  • Design and development planning
  • Input determination and review
  • Output provision and approval
  • Design reviews at suitable stages
  • Verification against inputs
  • Validation for intended use
  • Transfer to manufacturing
  • Change control
  • Design file maintenance

12. Purchasing Procedures (7.4.1)

Description: Control of purchasing process Must Address:

  • Supplier evaluation and selection criteria
  • Supplier monitoring and re-evaluation
  • Supplier performance tracking
  • Purchasing controls
  • Supplier notification of changes
  • Communication to sub-tier suppliers

13. Verification of Purchased Product Procedure (7.4.3)

Description: Verification that purchased product meets requirements Must Address:

  • Verification activities
  • Extent of verification
  • Method of product release
  • Verification at supplier's premises (if applicable)
  • Customer verification arrangements (if applicable)

14. Production and Service Provision Control Procedures (7.5.1)

Description: Control of production and service activities Must Address:

  • Work instructions and documented procedures
  • Use of suitable equipment
  • Monitoring and measuring activities
  • Release, delivery, and post-delivery activities
  • Labelling and packaging operations
  • Servicing procedures (if applicable)

15. Product Cleanliness Procedures (7.5.2)

Description: Control of product cleanliness (when applicable) Must Address:

  • Cleaning requirements and specifications
  • Cleaning before sterilization
  • Uncleanable product handling
  • Hygiene requirements in manufacturing
  • Cleaning verification

16. Installation and Verification Procedures (7.5.3)

Description: Installation activities (when applicable) Must Address:

  • Installation requirements
  • Installation instructions
  • Verification of installation
  • Installation records
  • Responsible parties

17. Servicing Procedures (7.5.4)

Description: Servicing activities (when applicable) Must Address:

  • Servicing requirements
  • Reference materials and measurements
  • Feedback analysis from servicing
  • Servicing records
  • Servicing notification to regulatory authorities

18. Process Validation Procedure (7.5.6)

Description: Validation of processes where output cannot be verified Must Address:

  • Process validation for manufacturing
  • Computer software validation for production
  • Sterilization process validation
  • Aseptic processing validation
  • Clean room validation (if applicable)
  • Criteria for review and approval
  • Equipment approval and personnel qualification
  • Revalidation criteria and triggers

19. Sterilization and Sterile Barrier System Validation (7.5.7)

Description: Validation of sterilization processes (when applicable) Must Address:

  • Sterilization method validation
  • Sterile barrier system validation
  • Process parameters for each batch
  • Validation of changes to sterilization
  • Maintenance of validation records

20. Product Identification and Traceability Procedures (7.5.8, 7.5.9)

Description: Identification and traceability throughout realization Must Address:

  • Identification methods throughout realization
  • Traceability extent definition
  • Distribution and location tracking
  • Consignee identification
  • Quantity shipped identification
  • Retention period requirements
  • Applicable regulatory traceability requirements

21. Customer Property Procedure (7.5.10)

Description: Control of customer-provided property Must Address:

  • Customer property identification
  • Verification of customer property
  • Protection and safeguarding
  • Loss, damage, or unsuitability reporting
  • Records of customer property

22. Preservation of Product Procedure (7.5.11)

Description: Product preservation during processing and delivery Must Address:

  • Identification requirements
  • Handling requirements
  • Packaging requirements
  • Storage requirements
  • Protection requirements
  • Special handling (if applicable)
  • Application to constituent parts

23. Control of Monitoring and Measuring Equipment Procedure (7.6)

Description: Calibration and control of measuring equipment Must Address:

  • Equipment identification
  • Calibration or verification intervals
  • Calibration methods and standards
  • Adjustment procedures
  • Identification of calibration status
  • Protection from invalid adjustments
  • Protection from damage
  • Assessment when found non-conforming
  • Computer software confirmation

Clause 8: Measurement, Analysis and Improvement

24. Feedback Procedure (8.2.1)

Description: Post-production information system Must Address:

  • Early warning system for quality issues
  • Post-production information collection
  • Complaint handling linkage
  • Reporting to regulatory authorities
  • Input to risk management
  • Input to corrective and preventive action
  • Feedback sources and channels

25. Complaint Handling Procedure (8.2.2)

Description: Timely handling of complaints Must Address:

  • Complaint receipt and recording
  • Complaint evaluation and investigation
  • Determination of need for reporting to authorities
  • Determination of need for advisory notices
  • Information to customer about actions taken
  • Transfer of complaint information not directly handled
  • Complaint trending and analysis

26. Reporting to Regulatory Authorities Procedure (8.2.3)

Description: Notification to regulatory authorities Must Address:

  • Determination of reportable events
  • Notification timeframes
  • Notification content requirements
  • Advisory notice requirements
  • Applicable regulatory requirements by region
  • Responsible parties for reporting

27. Internal Audit Procedure (8.2.4)

Description: Conduct of internal audits Must Address:

  • Audit program planning
  • Audit criteria, scope, frequency, methods
  • Auditor selection and impartiality
  • Audit responsibilities and requirements
  • Audit reporting
  • Records of audits
  • Follow-up activities

28. Process Monitoring and Measurement Procedures (8.2.5)

Description: Monitoring and measurement of QMS processes Must Address:

  • Process monitoring methods
  • Process measurement methods
  • Demonstration of achieving planned results
  • Implementation of corrections when needed
  • Corrective actions when processes fail

29. Product Monitoring and Measurement Procedures (8.2.6)

Description: Monitoring and measurement of product Must Address:

  • Product acceptance criteria
  • Measurement at appropriate stages
  • Release authority identification
  • Release procedures
  • Records of conformity to criteria
  • Traceability to measuring authority

30. Control of Nonconforming Product Procedure (8.3)

Description: Identification and control of nonconforming product Must Address:

  • Identification of nonconformity
  • Documentation requirements
  • Evaluation of nonconformity
  • Segregation of nonconforming product
  • Disposition of nonconforming product
  • Notification to external parties
  • Concession process (if applicable)
  • Rework procedures
  • Actions for nonconformity detected before delivery
  • Actions for nonconformity detected after delivery
  • Reporting requirements

31A. Corrective Action Procedure (8.5.2)

Description: Elimination of causes of nonconformities Must Address:

  • Review of nonconformities including complaints
  • Cause determination methodology
  • Evaluation of need for action
  • Planning and documentation of actions
  • Implementation of actions
  • Effectiveness review of actions
  • Records of investigation and follow-up

31B. Preventive Action Procedure (8.5.3)

Description: Elimination of causes of potential nonconformities Must Address:

  • Determination of potential nonconformities
  • Evaluation of need for action
  • Planning and documentation of actions
  • Implementation of actions
  • Effectiveness review of actions
  • Sources of information for preventive action
  • Records of investigation and follow-up

Additional Required Documentation

Analysis of Data Procedure (8.4)

While not explicitly called out as requiring a "documented procedure," organizations must establish processes for:

  • Data determination, collection, and analysis
  • Evaluation of continual improvement opportunities
  • Statistical techniques (if applicable)
  • Analysis of:
    • Customer satisfaction
    • Conformity to product requirements
    • Process and product characteristics and trends
    • Suppliers
    • Other relevant data including feedback and risk management outputs

Required Records by Clause

Clause 4 Records

  • Software validation records (4.1.6)
  • Risk management records (4.1.5)
  • All records specified in documented procedures and work instructions
  • All records required by applicable regulatory requirements

Clause 5 Records

  • Management review records (5.6.1)
  • Evidence of personnel competence (6.2)

Clause 6 Records

  • Infrastructure maintenance records (6.3)
  • Personnel training and competence records (6.2)

Clause 7 Records

  • Product requirements review and follow-up actions (7.2.2)
  • Design and development files (7.3.10) including:
    • Design and development plans
    • Design inputs
    • Design outputs
    • Design review records
    • Design verification records
    • Design validation records
    • Design change records
    • Risk management file
  • Design and development transfer records (7.3.8)
  • Supplier evaluation, selection, and monitoring (7.4.1)
  • Verification of purchased product (7.4.3)
  • Cleanliness of product records (7.5.2)
  • Installation and verification records (7.5.3)
  • Servicing activity records (7.5.4)
  • Sterilization process parameter records for each batch (7.5.5, 7.5.7)
  • Process validation records (7.5.6)
  • Product identification and traceability recor