ISO 13485 &
EU MDR Certification
Medical Device Quality Management System & European Market Access
Our services cover ISO 13485 Quality Management System (QMS) certification and EU MDR (EU) 2017/745 regulatory certification. ISO 13485 is the internationally recognized standard for managing the full medical device lifecycle — from design and production to sales and servicing — helping manufacturers improve process quality, optimize risk management, and ensure ongoing compliance. MDR certification is the mandatory gateway for placing medical devices on the European market and obtaining the CE marking. Together, these certifications form the quality and regulatory foundation that enables medical device manufacturers to access international markets with confidence.
Quality Management System For Medical Devices | ISO 13485
ISO 13485 is the internationally recognized and harmonized industry-specific quality management system standard designed for organizations involved in design and development, production, installation, servicing, and sales of medical devices. A certified organization proves its commitment to process approach in terms of the design, safety and quality of medical devices and its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements.
Unlike the general-purpose ISO 9001 standard, ISO 13485 places greater emphasis on regulatory compliance, risk management, and product traceability — making it a prerequisite for market access under EU MDR, US FDA, and most international regulatory frameworks.
Benefits of Obtaining ISO 13485 Certification
- Improves your process quality
- Enables the documentation of compliance according to the relevant regulations
- Avoid costly product recalls by delivering consistent quality and safety
- Creates more trustworthy image to clients
- Create a culture of continual improvement
- Demonstrate commitment to safety and quality
- Helps with more effective risk management
- Serves as a basis for other regulatory frameworks and provides compliance with other regulatory systems
Medical Devices Regulation | MDR (EU) 2017/745
Medical Device Regulation (MDR) Certification ensures that medical devices meet the rigorous safety, quality, and performance requirements set by the European Union (EU) under Regulation (EU) 2017/745. Achieving MDR certification demonstrates that a manufacturer's products have undergone thorough assessment by a Notified Body and are compliant with the highest standards for patient safety and clinical effectiveness. This certification is essential for placing medical devices on the EU market, providing trust and confidence to healthcare professionals, patients, and regulatory authorities.
MDR Transition Timeline
MDR became applicable, replacing the former MDD (93/42/EEC)
Class III and implantable Class IIb devices — legacy MDD certificates expire
Non-implantable Class IIb, Class IIa, Is, and Im devices — all remaining legacy certificates expire
There are currently approximately 50 MDR-designated Notified Bodies worldwide. Industry-wide queue times at major NBs are commonly reported at 12 to 18 months. Manufacturers that have not yet initiated their MDD-to-MDR transition face significant time pressure.
MDR Technical Documentation Requirements
Annex IIDevice description and specifications, design and manufacturing informationGSPRGeneral Safety and Performance Requirements checklist (Annex I)ISO 14971Risk management fileCERClinical Evaluation Report (per Article 61 and Annex XIV)Annex IIILabeling, instructions for use, and UDI informationPMS / PMCFPost-Market Surveillance and Post-Market Clinical Follow-up plans
Connected Medical Devices: Cybersecurity Compliance
When a medical device incorporates Wi-Fi, Bluetooth Low Energy (BLE), or cloud connectivity, the regulatory requirements extend well beyond standard MDR and FDA safety assessments. The following additional cybersecurity standards apply:
IEC 81001-5-1Health software and health IT systems safety, effectiveness and security — the core standard referenced by MDR Annex I Section 17MDCG 2019-16EU guidance on cybersecurity for medical devices — the framework used by Notified Bodies during conformity assessmentEN 18031Harmonised standard for RED Article 3.3 — mandatory for devices with radio functionality, covering network security, privacy protection, and fraud preventionSBOMSoftware Bill of Materials — both the EU and US FDA require machine-readable format with ongoing maintenance throughout the product lifecycleFDA Section 524BThe FDA may refuse to accept 510(k) submissions with insufficient cybersecurity documentation — common deficiencies include incomplete SBOMs, missing penetration test reports, and poorly defined threat model boundaries
Why SVS × Applus+ Laboratories
- Local cybersecurity testing — ISO/IEC 17025 accredited cybersecurity lab in Taiwan for EN 18031 and IEC 81001-5-1 testing, eliminating the need to ship devices to Europe
- Shorter NB queue times — Applus+ dual Notified Bodies (NB 2764 / NB 3121) offer an alternative to the 12–18 month queues at major NBs. Service commitment: quotation within 7 business days, technical documentation review cycles of 1–2 months
- Single local point of contact — Secure Vectors Surveillance (SVS) serves as the exclusive strategic partner and authorized lab of Applus+ in Taiwan, handling all cross-border coordination in your language and time zone
- MDR + RED + cybersecurity in one engagement — connected devices require MDR conformity assessment, RED Article 3.3 wireless cybersecurity, and IEC 81001-5-1 compliance simultaneously, without engaging three separate organizations
- EU/US dual-track submission — a single set of cybersecurity evidence (SBOM, penetration test, threat model) formatted to satisfy both EU MDR and US FDA review requirements
Schedule a Free Consultation
Speak with our certification and cybersecurity testing specialists to map out the most efficient path to market for your device
Book a Consultation →