Quality Management System (QMS)
ISO 13485 as the Standard
ISO 13485:2016 — Medical devices — Quality management systems — Requirements for regulatory purposes — is the internationally recognised QMS standard for medical device manufacturers and is the primary standard accepted by MDA for Malaysian market access.
All manufacturers registering Class B, C, or D devices must provide evidence of ISO 13485 certification as part of their registration dossier.
What ISO 13485 Covers
ISO 13485 specifies requirements for a quality management system that encompasses:
- Design and development controls
- Risk management integration (linked to ISO 14971)
- Purchasing and supplier controls
- Production and service provision
- Validation of processes
- Traceability and identification
- Non-conforming product control
- Corrective and preventive actions (CAPA)
- Customer feedback and complaint handling
- Post-market activities
Scope of Certification
The scope statement on the ISO 13485 certificate must cover the activities relevant to the device(s) being registered in Malaysia. For example:
- If the manufacturer designs and manufactures the device, the scope must cover design and manufacture
- If only manufacturing (contract manufacturer), the scope must cover at minimum the manufacturing activities
- If a sterilisation step is outsourced, the scope should reference sterilisation or the outsourced process must be controlled under the QMS
MDA reviewers check that the ISO 13485 certificate scope matches the registered device type and manufacturing activities. A mismatch is a common deficiency. Verify scope before submission.
MDA-Recognised Certification Bodies
MDA accepts ISO 13485 certificates issued by certification bodies (CBs) recognised by MDA. Widely recognised CBs include:
- BSI Group
- TÜV SÜD
- TÜV Rheinland
- SGS
- Bureau Veritas
- Intertek
- DNV
- DEKRA
- National standards bodies (SIRIM QAS International for Malaysian manufacturers)
Check the current MDA website for the up-to-date list of recognised CBs, as recognition status can change.
Certificate Validity
ISO 13485 certificates are typically valid for 3 years, with annual surveillance audits. Ensure the certificate is current and not expired at the time of submission. MDA will not accept expired certificates.
If a certificate expires during the registration review, provide MDA with evidence of the renewed certificate promptly.
Malaysian Manufacturers — GMP Requirements
Malaysian manufacturers are subject to both ISO 13485 and MDA's GMP requirements. MDA conducts GMP audits of licensed Malaysian manufacturers. Key GMP expectations include:
- Documented manufacturing procedures
- Validated processes (sterilisation, cleaning, assembly)
- Environmental controls appropriate to device type
- Calibration of measuring and monitoring equipment
- Batch record documentation
- Qualified personnel
MDSAP — Alternative QMS Evidence
Holders of a current Medical Device Single Audit Programme (MDSAP) certificate may be able to use this as supporting QMS evidence, potentially reducing the need for separate Malaysian QMS assessments. See MDSAP Recognition.