Understanding ISO 13485 Training and Competency Requirements (2023)

Understanding ISO 13485 Training and Competency Requirements (1)

Are the employees in your medical device company meeting the training and competency requirements of the ISO 13485 standard for quality management systems?

ISO 13485:2016 addresses training and competency requirements in Section 6.2 Human resources of the standard:

Personnel performing work affecting product quality shall be competent on the basis of appropriate education, training, skills and experience.

The organization shall document the process(es) for establishing competence, providing needed training, and ensuring awareness of personnel.

The organization shall:

a) determine the necessary competence for personnel performing work affecting product quality;
b) provide training or take other actions to achieve or maintain the necessary competence;
c) evaluate the effectiveness of the actions taken;
d) ensure that its personnel are aware of the relevance and importance of their activities and how they contribute to the achievement of the quality objectives;
e) maintain appropriate records of education, training, skills, and experience (see 4.2.5).

The requirements are relatively brief and non-prescriptive, so medical device companies are often left questioning exactly how they can meet the requirements.

This article will explain what the international standard for medical device quality management systems require when it comes to training and competency of personnel, and what you need to do to comply.

(Video) Personnel & Training 820.25 & ISO 13485 § 6.2 (Executive Series #8)

FREE DOWNLOAD: Get a copy of our customizable training matrix template by clicking here.

How to follow ISO 13485 training requirements

A training program that meets ISO 13485 requirements is something that often gets overlooked, especially in early stage medical device companies. It’s one of those things that can sneak up on you during an audit and result in a finding, so you’re much better to establish compliant training procedures early on.

Here are some key questions that companies ask when it comes to following ISO 13485 training and competency requirements:

What type of training is needed?

The ISO 13485 standard sidesteps giving any specific instruction as to what should be defined in a training procedure or how the training activities should be conducted. The short answer is that all personnel must be trained on the QMS policies and procedures respective to each person’s own job role and any specialized roles must have the appropriate training to perform it competently. This might include external training courses that are hosted by accredited third party firms.

You need to be able to show that appropriate training has been completed and have the records to prove it, so a robust training management system is a must-have. As part of this expectation, you need to document how you identify the skills, training, and/or experience needed by each person in each role.

Who needs to be trained?

Does everyone need to be trained on every part of your QMS? The short answer is no. But anyone who is responsible for following a set of processes and procedures must be trained on those same processes and procedures.

The key is that personnel must have the competency to adequately perform their own job function. If you have a quality inspector that is unaware of a change to your acceptance criteria because they haven’t received the necessary training, then noncompliance becomes a concern. More importantly, it could lead to serious safety ramifications for the patient.

ISO 13485 training requirements state how everyone involved in critical processes must be fully aware of the importance of their work and its impact on product quality or quality objectives. In short, everyone who is required to follow a process must be trained on it and any time there is an update to the process, follow-up training must be conducted.

How do we conduct training?

The “how” of training is left wide open for interpretation. It is up to your medical device company to determine this, placing an emphasis on the effectiveness of the training. The ISO standard requires that you must evaluate the effectiveness of your training - this could be as simple as requiring employees to take and pass a quiz on the subject.

Under ISO 13485, a risk-based approach is always highlighted. Therefore, the riskier the work, the more extensive training may be needed. The standard emphasizes “proportionate” training, conducting training whereas necessary and required without going overboard. The key here is that training must be sufficient enough to establish competency.

(Video) WEBINAR: ISO13485: 2016 – An Overview of General and Product Realisation Requirements

How to evaluate ISO 13485 training competency

Competency can be gained through education, certification, skills development, and experience. In accordance with ISO 13485, you need to ensure that your training methods are effective, in that it results in the competency of personnel to perform the necessary job functions specific to their roles.

Under Section 6.2 of the standard, the following statement is included with the Human resources requirements: “NOTE The methodology used to check effectiveness is proportionate to the risk associated with the work for which the training or other action is being provided.”

Establishing these checkpoints for evaluating effectiveness should be balanced against the risk of the policy, procedure, or task. It wouldn’t make sense to conduct a 2-day training seminar for a low-risk task, for example.

Training assessments and quizzes are common tools for evaluating competency. One great piece of advice is to keep your questions focused, avoiding any additional trivia that strays from the necessary information at hand while also ensuring that it’s rigorous enough to gauge the trainee’s comprehension of the material.

How else might you evaluate competency? Observations on-the-job (and as part of your internal auditing program) are also valid methods. For example, you might keep some sort of checklist for assessing the completion of an assignment.

At the very least, you must ensure that you’re keeping up-to-date and accurate records that show how and when you assessed competency. This will be paramount to your ability to maintain compliance with the ISO 13485 training requirements.

How to formalize QMS procedures that comply with ISO 13485 training requirements

Your QMS plays a key role in your ability to achieve and maintain compliance with ISO 13485 training requirements. In a nutshell, here’s what you need:

  • Defined training needs for each role in your organization

  • Training records for every procedure in your QMS

  • Training records for all individual personnel.

    (Video) Training Procedure: "Mistakes to avoid and audit advice" [ISO 13485]

    • You need to maintain objective evidence to prove your training is happening as required

  • Documented processes for how you established competence

Note: job descriptions themselves are not required to be kept as controlled documents, but a definition of the training associated with each job position does. Some roles may be able to be consolidated, along with their respective training requirements, especially for smaller sized companies.

The ease with which you are able to manage training records tends to come down to your choice of QMS solution. With legacy quality system tools, there are several associated pitfalls to look out for.

For example, training records are often kept in paper format by different team leads. In this case, any auditor that comes in and requests to see all of your training records for “X task” will likely lead to a mad scramble to locate which filing cabinet the record has been relegated to.

Besides accessibility and transparency of records, ensuring these are kept up to date presents a huge challenge to managers who are relying on physical copies of the training record (and their ability to remember where it was last placed).

Consider the alternative solution of a modern quality system, such as Greenlight Guru Training Management software. The medical device specific platform has a dedicated training workflow that simplifies compliance with ISO 13485 training requirements and automates activities that help users ensure competency among all necessary personnel.

FREE DOWNLOAD: Get a copy of our customizable training matrix template by clicking here.

Comply with ISO 13485 training and competency requirements with the best QMS software

The best way you can assure compliance with ISO 13485 training and competency requirements is by keeping accurate records that are instantly accessible and automatically updated within a robust electronic QMS solution.

Greenlight Guru’s dedicated Training Management Software goes a step further by including features specifically designed for the ease of those responsible for overseeing training for the company.

(Video) ISO 9001 or ISO 13485, Which Standard Should You Work Towards As a Manufacturer or Distributor?

Training managers can easily trace any task or activity and provide records with objective evidence proving effectiveness and completion of employee training on processes, procedures, changes, and other QMS documentation - all within a single, closed-loop system.

Additional benefits offered through the Training Management workflow within Greenlight Guru include:

  • Automated training tasks and notifications on assigned training activities

  • Part 11 compliant sign-off, audit trails, and password requirements

  • Require a trainer sign-off to ensure training activities are effective

  • Personalized dashboard to view assigned and outstanding training activities

  • Easy to view tracking and status of assigned training tasks for Trainers by document level or by individual/group

  • Auto-generated training logs and records to provide objective evidence and traceability for training and compliance

  • Provide relevant attachments as supporting evidence of external training events.

Compliance with ISO 13485 training requirements has never been easier than now. Get your free demo of Greenlight Guru Training Management software →

(Video) Practical Applications of ISO 13485 and What It Means for HTM Professionals

Looking for a QMS solution to help you bring safer medical devices to market faster with less risk? Click here to take a quick tour of Greenlight Guru's Medical Device QMS software


What does ISO 13485 say about training? ›

Under ISO 13485, a risk-based approach is always highlighted. Therefore, the riskier the work, the more extensive training may be needed. The standard emphasizes “proportionate” training, conducting training whereas necessary and required without going overboard.

What are the requirements of ISO 13485? ›

Below are five key requirements from ISO 13485 that are critical for companies seeking certification.
  • Quality Management System (QMS) ...
  • Management responsibility. ...
  • Resource management. ...
  • Product realization. ...
  • Measurement, analysis, improvement.

What standard helps companies implement and better understand ISO 13485? ›

The ISO 13485 requirements were based on ISO 9001, the international gold standard for quality management systems. However, ISO 9001 offers a general set of requirements geared toward customer satisfaction and continual improvement that can be too subjective and/or difficult to measure for many medtech companies.

What are the 8 sections of ISO 13485? ›

ISO 13485 Clause 8: Measurement, Analysis, and Improvement
  • 8.1 General.
  • 8.2 Monitoring and Measurement.
  • 8.3 Control of nonconforming product.
  • 8.4 Analysis of data.
  • 8.5 Improvement.

What is the importance of training requirements? ›

Providing training and development to employees allows employers to pinpoint the knowledge and skills they want their employees to have. Training and development programs can educate employees about new skills or provide updates on existing skills to enhance productivity.

What is the primary objective of ISO 13485? ›

The primary objective of ISO 13485:2003 is to facilitate harmonized medical device regulatory requirements for quality management systems. As a result, it includes some particular requirements for medical devices and excludes some of the requirements of ISO 9001 that are not appropriate as regulatory requirements.

Is ISO 13485 mandatory for medical devices? ›

So, depending on the service you are providing to the legal manufacturer an ISO 9001 might be sufficient. Whereas the service is specific to the medical device industry, ISO 13485 might be more appropriate to be implemented, but certainly not required.

What is the ISO 13485 standard? ›

ISO 13485 was written to support medical device manufacturers in designing a QMS that establishes and maintains the effectiveness of their processes. It ensures the consistent design, development, production, installation and delivery through to disposal of medical devices that are safe for their intended purpose.

What are the main three ISO standards used in companies? ›

But out of these, the three main types of ISO are:
  • ISO 9001:2015, a standard for general organizational quality management systems (QMS), including vendor management. ...
  • ISO 27001:2013, a standard for Information Security Management Systems (ISMS)
  • ISO 14001:2015, a standard for Environmental Management Systems.
Oct 26, 2021

How many main clauses does ISO 13485 contain? ›

The ISO 13485 requirements encompass 8 clauses with supporting subclauses. The requirements to be applied to your quality management system (QMS) are covered in clauses 4-8.

How to comply with ISO 13485? ›

ISO 13485 calls for:
  1. Implementing a quality management system.
  2. Taking a risk management approach to product development.
  3. Validating processes.
  4. Complying with regulatory and statutory requirements.
  5. Establishing effective methods for product traceability and recall.
May 8, 2020

What are the 2 main elements to a QMS? ›

Elements and requirements of a QMS

The organization's quality policy and quality objectives. Quality manual. Procedures, instructions, and records.

What are 4 different elements of quality standards? ›

When broken down, quality control management can be segmented into four key components to be effective: quality planning, quality control, quality assurance, and quality improvement.

What is the difference between ISO 13485 and MDR? ›

The EU MDR regulation includes certain processes for medical devices that need to be in place, but the ISO 13485 standard is intended to be an all-encompassing set of inter-related requirements that form the internationally recognized best practices for a company that creates medical devices.

What are the 4 main objectives of training? ›

From the point of view of the individual employee, there are three main aims of training: Improve the individual's level of awareness. Increase an individual's skill in one or more areas of expertise. Increase an individual's motivation to perform their job well.

How do you define training requirements? ›

Where To Start From And How To Identify Training Needs Of Employees
  1. Decide What You Are Trying To Achieve. ...
  2. Identify The Knowledge, Skills, And Abilities Needed To Meet Your Objectives. ...
  3. Figure Out What Employees Know. ...
  4. Talk To Employees. ...
  5. Talk To Managers. ...
  6. Decide On The Data Points That Are Valuable To Your Team.
Jun 12, 2019

What are the 5 principles of training program? ›

Five Fundamental Training Principles
  • Overload Principle. Improvements are driven by stress. ...
  • FITT Principle. ...
  • Specificity Principle. ...
  • Reversibility Principle. ...
  • Rest, Recovery & Periodisation.
Mar 15, 2022

What are the four 4 steps of preparing a training plan? ›

4 Steps to Build an Effective Training and Development Program
  • Skills Gap Analysis. Before getting started, it's crucial to identify key areas that need attention. ...
  • Set Objectives & Define Your Strategy. ...
  • Invest in the Right Resources. ...
  • Test, Measure, and Repeat.
Jun 14, 2022

What are the four 4 areas to consider in evaluating a training? ›

4 Steps for Evaluating Your Training Programs
  • Identifying What Participants Need for Their Job. ...
  • Matching Session Learning Objectives with Job Requirements. ...
  • Assessing Performance During and Upon Completing the Training. ...
  • Evaluating the Training Effort After a Period of Time.
May 22, 2019

What are the benefits of ISO 13485 certification? ›

The ISO 13485 certification supports medical device manufacturers in plotting a QMS that creates and maintains the efficacy of their processes. It ensures the consistent design, development, production, installation, and delivery through to the disposal of medical devices that are safe for their intended purpose.

What are management responsibilities ISO 13485? ›

Management has key responsibilities such as meeting on a regular basis, communicating to the organization, establishing QMS policies, making sure that objectives are established, conducting reviews, and also determining that resources needed to meet the QMS are available.

Why do you need ISO 13485 certification? ›

ISO 13485 was written to support medical device manufacturers in designing a QMS that establishes and maintains the effectiveness of their processes. It ensures the consistent design, development, production, installation and delivery through to disposal of medical devices that are safe for their intended purpose.

How long does it take to get ISO 13485 certification? ›

Implementation usually takes 4-6 months for companies with fewer than 50 employees. Larger firms with more than 50 employees and/or multiple locations require more written procedures and involve more people, so implementation usually takes 6-12 months.

What can be excluded from ISO 13485? ›

As per clause 1 of the ISO 13485, only clause 7.3 Design and Development can be excluded from the scope of the quality management system if applicable regulatory requirements permit.

Are job descriptions required in ISO 13485? ›

To ensure that employees have defined and documented responsibilities and authorities, the organization needs an organization chart, and written and signed job descriptions.

Does ISO 13485 require a quality manual? ›

The quality manual for medical devices is a document required by ISO 13485, a quality management system designed for medical device manufacturers. If you are manufacturing medical devices for use in the U.S., your organization will need to prove compliance with FDA regulations.

What are the regulatory requirements for medical devices? ›

The device classification regulation defines the regulatory requirements for a general device type. Most Class I devices are exempt from Premarket Notification 510(k); most Class II devices require Premarket Notification 510(k); and most Class III devices require Premarket Approval.

What is the difference between 9001 and 13485? ›

ISO 9001 is the international standard which provides specifications for a quality management system which can be applied at any organization regardless of industry, product or service, or company size. ISO 13485 is a comprehensive management system specifically for the manufacture of medical devices.

What are the 4 types of standards? ›

Standards can also be classified according to their degree of formality, depending on who initiates the standardisation process.
  • Formal standards. ...
  • Informal standards. ...
  • Proprietary standards.

What are the top 3 most popular ISO standards? ›

The most popular certificates are ISO 9001 (quality management), ISO 14001 (environmental management), ISO 45001 (occupational health and safety), ISO/IEC 27001 (information security), ISO 22000 (food safety), and ISO 13485 (medical device quality management).

What are the 5 quality procedures? ›

Quality procedures include: quality manual, procedure for the control of documents, procedure for the control of records, procedure for the performance of internal audits, procedure for the control of nonconformity, and procedure for the for integrating and controlling corrective action and preventive action.

Which of the following documents are mandatory required by the ISO 13485 standard? ›

Documented Procedure and records of management review – clause 5.6. 1. Documented Procedure and records of training – clause 6.2. Documented Requirements for infrastructure and records of maintenance activities – clause 6.3.

How many quality management principles are identified in ISO 13485? ›

According to ISO, the seven quality management principles are, in no particular order: Customer focus.

What does clause 4 of ISO 13485 cover? ›

CLAUSE 4: QUALITY MANAGEMENT SYSTEM An organization shall establish and document their quality management system for medical devices, based on the requirements of ISO 13485. // There shall be focused attention on customers by expecting people and the organization to identify and meet these requirements.

How do you maintain knowledge of compliance requirements? ›

5 Tips to Ensure Workplace Compliance with Employment Laws and Regulations
  1. Audit all workplace policies and procedures. ...
  2. Understand your responsibilities and obligations as an employer. ...
  3. Invest in workplace safety management systems and accreditations. ...
  4. Go further than 'just ticking the box' for compliance.
Jul 14, 2022

What are examples of compliance requirements? ›

What are examples of compliance requirements?
  • An initial compliance audit.
  • Tracking of any previous violations and budget monitoring for compliance.
  • Creation of a dedicated compliance team.
  • Implementation of company policies and procedures.
  • Efficient Policy Management system.
  • Regular compliance training for all employees.

What are 4 types of quality control? ›

What are the four types of Quality Control? The four types of quality control are process control, control charts, acceptance sampling, and product quality control.

What are 4 points of quality assurance? ›

The 4 stages in the quality assurance process are: Plan, implement, check, and adjust.

What are the three pillars of QMS? ›

Each quality management system is made up of three pillars of technology: a document management system (DMS), a learning management system (LMS), and, once clinical trials begin, an electronic trial master file (eTMF).

What are the 7 key principles of quality? ›

The seven principles of quality management are:
  • Engagement of people.
  • Customer focus.
  • Leadership.
  • Process approach.
  • Improvement.
  • Evidence-based decision making.
  • Relationship management.

What are the 3 main objectives of quality control? ›

In such a system, there are 3 main objectives of quality control: enhance product quality and reduce risks, gain production efficiencies, and garner customer loyalty. These 3 objectives will be evident in any manufacturer with a robust and functional quality control program.

What are 5 pillars of Total quality system? ›

Product, process, organization, leadership, and commitment--those are the five pillars of TQM.

Does ISO 13485 require risk management? ›

ISO 13485 requires risk-based thinking regarding QMS processes (sub-clause 4.1. 2) and risk management with regard to patient/end-user safety in using the medical device (clause 7.1).

Is ISO 13485 mandatory in us? ›

The short answer is no, ISO 13485 is not mandatory.

What does ISO say about training? ›

The ISO training requirements are designed to improve the organization's quality. The standard needs employees to be trained with the knowledge and skill important to do their jobs with quality. Additionally, ISO training is required to verify that the training provided was effective.

Which ISO standard is for training? ›

ISO - ISO 10015:1999 - Quality management — Guidelines for training.

What are the ISO regulations required to evaluate training effectiveness? ›

Training effectiveness is one of the key requirements associated to Quality Management System according to ISO 13485. Having adequate methodologies for delivery of training and evaluate effectiveness of this training is a must for an organization that wants to claim compliance with ISO 13485 requirements.

How to train employees in ISO 13485? ›

ISO 13485 Training Requirements
  1. Define the knowledge and skill needed for each employee to conduct their job.
  2. Deliver training or other learning activities to develop the required knowledge and skill.
  3. Provide a way to prove whether the training was effective (test for understanding)

What are the 3 C's of ISO? ›

The customer-supplier core must be surrounded by the 3 C's, commitment to quality, communication of the quality message, and recognition of the need to change the culture of the organisation to create total quality.

What are the four 4 key principles applied by the ISO when setting standards? ›

Key principles in ISO standard development
  • Respond to a need in the market. ISO does not decide when to develop a new standard, but responds to a request from industry or other stakeholders such as consumer groups. ...
  • Based on global expert opinion. ...
  • Developed through a multi-stakeholder process. ...
  • Based on a consensus.

What is the importance of ISO training? ›

Achieving an ISO quality management certification can pay huge dividends for your business in improved efficiency, productivity and customer satisfaction. But the benefits of ISO go far beyond your operations to every aspect of the business, including sales and marketing, strategic planning and employee engagement.

What are the 8 principles of ISO? ›

At the center of the ISO 9001 are eight fundamental principles of quality management.
  • Customer Focus. ...
  • Leadership. ...
  • Involvement of People. ...
  • Process Approach. ...
  • System Approach to Management. ...
  • Continual Improvement. ...
  • Factual Approach to Decision-Making. ...
  • Relationship Management.
Mar 21, 2022

What are training standards? ›

The Training and Learning Standards are statements that define the generally accepted practice to ensure the quality of training and learning activities.

How many hours of company training are required by the ISO annually? ›

60 hour training/year for New Driver/Operator.

What are the 4 measuring training effectiveness? ›

Evaluating Training Effectiveness

Post-training quizzes, one-to-one discussions, employee surveys, participant case studies, and official certification exams are some ways to measure training effectiveness.

How do you determine training requirements? ›

How to Determine Training Needs
  1. Set Goals. Before evaluating and assessing your employees' baseline knowledge, it's essential to set up some goals. ...
  2. Identify the Skills or Knowledge Needed to Meet Goals. ...
  3. Evaluate Employee Competencies. ...
  4. Track Valuable Data Points. ...
  5. Assess Current Training Resources. ...
  6. Custom Training.
May 3, 2021

What are the 5 steps in a good employee training program? ›

Explore five stages of the training process:
  • Assess.
  • Motivate.
  • Design.
  • Deliver.
  • Evaluate.


2. QUICK TIPS for ISO13485 by MedicalRegs.com
3. What is ISO 13485?
(Medical Device Academy)
4. Executive Webinar: How to Comply with ISO 9001 and ISO 13485 Digitally in Medical
(Bimser International)
5. Customer Process ISO 13485 § 7.2 (Executive Series #60)
(Quality Systems Explained)
6. Do you want to learn about ISO 13485:2016? A standard for medical devices
(Monthly Biltehqeeq)
Top Articles
Latest Posts
Article information

Author: Roderick King

Last Updated: 12/10/2022

Views: 6306

Rating: 4 / 5 (71 voted)

Reviews: 94% of readers found this page helpful

Author information

Name: Roderick King

Birthday: 1997-10-09

Address: 3782 Madge Knoll, East Dudley, MA 63913

Phone: +2521695290067

Job: Customer Sales Coordinator

Hobby: Gunsmithing, Embroidery, Parkour, Kitesurfing, Rock climbing, Sand art, Beekeeping

Introduction: My name is Roderick King, I am a cute, splendid, excited, perfect, gentle, funny, vivacious person who loves writing and wants to share my knowledge and understanding with you.