A Comprehensive Guide to Achieving ISO Certification for Medical Device Quality and OHSAS 18001

iso18001 certification


The Importance of ISO Certification in the Medical Deice Industry In the highly regulated medical device industry, ISO certification plays a vital role in ensuring the quality, safety, and reliability of products. ISO (International Organization for Standardization) standards provide a globally recognized framework for organisations to establish robust quality management systems. Additionally, the OHSAS 18001 standard addresses occupational health and safety, promoting a safe working environment for employees.

Step 1: Understanding ISO Standards and OHSAS 18001

iso 18001 Certifcation

Overview of ISO 13485:2016 for Medical Device Quality Management

ISO 13485:2016 is the internationally recognized standard for quality management systems specific to the medical device industry. It outlines the requirements for organisations to demonstrate their ability to consistently design, manufacture, and distribute medical devices that meet regulatory and customer requirements.

Key Elements of ISO 13485:2016

  1. Quality management system documentation
  2. Management responsibility
  3. Resource management
  4. Product realisation
  5. Measurement, analysis, and improvement

Introduction to OHSAS 18001:2007 for Occupational Health and Safety Management

OHSAS 18001:2007 provides a systematic approach for managing occupational health and safety risks within an organisation. It assists in the identification and control of hazards, reduces accidents and incidents, and ensures legal compliance related to employee health and safety.

Core Components of OHSAS 18001:2007

  1. Occupational health and safety policy
  2. Planning for hazard identification, risk assessment, and risk control
  3. Implementation and operation
  4. Checking and corrective action
  5. Management review

Step 2: Establishing the Framework for ISO Certification

Defining the Scope of Certification

Before embarking on the certification process, it is crucial to define the scope of certification for both ISO 13485:2016 and OHSAS 18001:2007. This includes identifying the specific medical devices or product categories and the organisational departments or processes that will be covered under the certification.

Gap Analysis and Documentation Review

Conducting a thorough gap analysis allows organisations to identify areas where their current practices fall short of ISO requirements. This analysis involves reviewing existing processes, procedures, and documentation against the standards’ requirements. Any gaps identified should be addressed through the development or revision of documentation and implementation of necessary processes.

Establishing a Quality Management System (QMS)

ohsas 18001 certification Quality Management System

To achieve ISO 13485:2016 certification, organisations must establish a robust quality management system. This involves creating and implementing policies, procedures, and work instructions that align with the standard’s requirements. The Quality Management System QMS should cover all relevant processes, including design control, risk management, supplier management, and corrective and preventive actions.

Implementing an Occupational Health and Safety Management System (OHSMS)

For OHSAS 18001:2007 certification, organisations need to implement an effective occupational health and safety management system. This includes establishing policies, procedures, and protocols to prevent workplace accidents, reduce hazards, and ensure compliance with applicable regulations. Key elements include hazard identification, risk assessment, emergency preparedness, and employee involvement.

Step 3: Training and Awareness

Employee Training on ISO and OHSAS Standards

To foster a culture of quality and safety, organisations must provide comprehensive training to employees on ISO 13485:2016 and OHSAS 18001:2007 requirements. Training should cover topics such as document control, non-conformity management,  internal auditing, and continual improvement. By enhancing employees’ understanding of the standards, organisations can drive compliance and improve overall performance.

Raising Awareness of Quality and Safety

        Quality Management System (QMS)            

Apart from training, organisations should promote awareness of quality and safety throughout the workplace. This can be achieved through communication channels such as newsletters, posters, and regular meetings. Encouraging employees to report hazards or potential risks, and recognizing their contributions to improving quality and safety, fosters a proactive and engaged workforce.

Step 4: Documentation and Record Management

Document Control

Maintaining effective document control is essential for ISO and OHSAS compliance. Organisations must establish procedures to control document creation, review, approval, distribution, and obsolescence. Documentation should be easily accessible, searchable, and version-controlled to ensure employees have access to the most up-to-date information.

Record Management

Proper record management is crucial for demonstrating compliance and tracking performance. Organisations must establish procedures for creating, maintaining, and retaining records related to quality and safety. This includes records of training, audits, non-conformities, corrective actions, and management reviews. Implementing a digital record management system can streamline the process and ensure records are securely stored.

Step 5: Internal Audits and Corrective Actions

Conducting Internal Audits

Internal audits play a critical role in evaluating the effectiveness of the QMS and OHSMS. Trained internal auditors should conduct regular audits to identify non-conformities, assess the implementation of processes, and evaluate compliance with ISO and OHSAS requirements. Audits provide an opportunity to uncover areas for improvement and ensure ongoing compliance.

Corrective and Preventive Actions

Addressing non-conformities identified during audits is crucial to maintaining ISO certification. Organisations should establish a systematic approach for corrective and preventive actions, including root cause analysis, action planning, and implementation. Continual improvement is at the core of ISO and OHSAS standards, and organisations must actively seek opportunities to enhance their processes and mitigate risks.


Achieving ISO certification for medical device quality and OHSAS 18001 requires a commitment to excellence and a systematic approach to quality management and occupational health and safety. By following the outlined steps and ensuring compliance with ISO and OHSAS requirements, organisations can establish themselves as industry leaders, gain customer trust, and enhance their overall performance.


Q1: How long does it typically take to obtain ISO certification for medical device quality and OHSAS 18001?

A1: The timeline for certification can vary depending on various factors, such as the organisation’s size, complexity of processes, and existing quality and safety management systems. On average, it can take several months to over a year to complete the certification process.

Q2: Can a medical device manufacturer obtain ISO certification without OHSAS 18001 compliance?

A2: Yes, ISO certification for medical device quality (ISO 13485:2016) can be obtained independently of OHSAS 18001 compliance. However, implementing both standards demonstrates a comprehensive commitment to quality and safety throughout the organisation.

Q3: Are there any ongoing requirements after obtaining ISO certification and OHSAS 18001 compliance?

A3: Yes, maintaining ISO certification and OHSAS 18001 compliance requires ongoing efforts. This includes regular internal audits, management reviews, continual improvement initiatives, and reassessment audits by the certification body at specific intervals.




AV-Asian Verification (Private) Limited