For MedTech and diagnostics companies, ISO 13485:2016 is the operating system for quality. It’s the globally recognized standard that regulators and notified bodies expect you to use to design, manufacture, and maintain safe, effective devices across the full lifecycle. Implement it well and you accelerate technical documentation, reduce rework, and shorten time-to-market. Implement it poorly and every audit, change, and submission becomes harder than it should be.

There’s an additional strategic reason to act now: the U.S. FDA’s Quality Management System Regulation (QMSR) formally converges 21 CFR 820 with ISO 13485:2016. The QMSR’s effective date is February 2, 2026, with a two-year transition from the legacy QS Reg—so a robust ISO 13485 QMS positions you for both EU and U.S. expectations. (QMSR overview PDF).

What ISO 13485 actually requires (and how to build it right)

At its core, ISO 13485 demands a documented, controlled set of interrelated processes that meet regulatory requirements for medical devices—from design and production to post-market activities. Success is not about templates; it’s about process architecture, risk-based decision-making, and evidence you can defend. (ISO 13485 handbook preview).

1) Map your process architecture

Start with a top-level map that shows how design & development, purchasing/supplier control, production & service provision, software validation (for QMS and process software), vigilance, and post-market processes interact. Keep ownership clear; keep inputs/outputs traceable.

2) Make risk management the backbone

ISO 13485 expects risk-based controls throughout realization and post-market feedback. Operationalize ISO 14971:2019 (and ISO/TR 24971 guidance) so hazards, risk controls, and residual risk tie directly into design inputs, verification/validation, and change control.

3) Design controls that satisfy NB and FDA reviewers

Build a single D&D framework that covers planning, inputs/outputs, reviews, verification, validation (including clinical/performance where applicable), transfer, and DHF/Design History File traceability. Link your design plans to intended purpose/indications so your technical documentation aligns with MDR/IVDR and (when applicable) FDA submissions.

4) Supplier & software rigor

Qualify and monitor critical suppliers with risk-based controls; embed incoming inspection and performance metrics. Validate QMS/production software proportional to risk and document configuration management so you can pass objective evidence reviews.

5) Document control that scales

Use a lean document hierarchy (policy → process → work instruction → form) and number it so auditors can navigate quickly. Automate change control and training effectiveness checks; link each controlled record to the process requirement it satisfies.

6) Post-market surveillance that drives improvement

Your PMS loop should systematically capture complaints, feedback, vigilance, field actions, and real-world performance. Close the loop with CAPA and management review using trend analysis and risk re-evaluation.

7) Internal audits and management review that add value

Audit for process performance (not just procedural conformance). Track effectiveness KPIs and feed them into management review alongside regulatory metrics (e.g., NB queries, submission outcomes, vigilance timelines).

EU alignment matters: harmonized EN ISO 13485 and MDR/IVDR

In Europe, EN ISO 13485:2016 (including A11:2021 and AC:2018) is recognized as a harmonized standard supporting MDR/IVDR requirements—useful for presumption of conformity where applicable. Aligning your QMS to the harmonized edition reduces friction in notified body assessments and surveillance.

Implementation roadmap (what works in the real world)

• Phase 1 — Gap Assessment & Plan: Benchmark current practices against ISO 13485 clauses, ISO 14971 integration points, and your market strategy (EU MDR/IVDR, FDA QMSR). Produce a prioritized remediation plan with owners and dates.
• Phase 2 — Process Build & Evidence: Draft/revise procedures; pilot them with one product line to generate real records (design plan, risk files, supplier files, software validation, training, internal audit).
• Phase 3 — System Activation: Roll out across programs; execute internal audit cycle and management review with measurable outcomes.
• Phase 4 — NB/FDA Readiness: Run a mock audit; fix systemic findings; align technical documentation index to QMS records; confirm personnel qualification and training effectiveness.

Avoid the top 5 pitfalls we see

• Building dozens of procedures without a process map (auditors get lost; so do teams).
• Treating risk management as a document, not a process that drives design and post-market decisions.
• Weak supplier controls for critical components and software.
• Software validation that stops at IQ/OQ and misses real-world configurations.
• “One-and-done” internal audits that don’t test effectiveness or feed CAPA.

How MDx CRO makes ISO 13485 implementation faster (and audit-proof)

MDx CRO designs right-sized 13485 systems for MedTech and diagnostics teams—from first-time implementations to remediation before NB or FDA inspections. We build the process architecture, author and train on lean SOPs, integrate ISO 14971 risk into day-to-day decision-making, and generate submission-ready evidence. Then we run mock audits that mirror NB/FDA styles so you walk into the real thing prepared.

Explore Regulatory & Quality Services and Clinical & Post-Market Support, or contact MDx CRO to scope your ISO 13485 program.

The usability of medical devices is not just a matter of convenience. It is a matter of safety, effectiveness, and regulatory compliance. Poor design that confuses or frustrates users can lead to use errors, adverse events, and even patient harm. To address this, the international standard IEC 62366-1:2015/Amd 1:2020 establishes a structured framework for usability engineering in medical device development.

For medical device manufacturers, understanding and applying IEC 62366 is essential. Compliance demonstrates that usability risks have been identified, reduced, and documented, which is essential for all medical devices including IVDs and Software as a Medical Device (SaMD).

What Is IEC 62366?

IEC 62366 is the internationally recognised standard that defines how to integrate usability into the design and development process.

It has two main parts:

• IEC 62366-1:2015/Amd 1:2020 Medical devices – Application of usability engineering to medical devices: The core standard describing the usability engineering process.

• IEC/TR 62366-2:2016 Medical devices – Guidance on the application of usability engineering to medical devices: A technical report providing guidance and examples to support implementation.

The goal is to ensure that usability engineering is applied consistently so that devices can be used safely and effectively by intended users, in intended use environments, while ensuring that use errors that could lead to harm are identified, reduced, and controlled through structured usability activities.

Why Usability Engineering Matters

Use-related errors are a leading cause of device-related adverse events. By embedding usability engineering into product development, manufacturers can:

• Reduce use errors that could lead to harm
• Improve patient safety and treatment outcomes
• Satisfy regulatory requirements from the MDR, IVDR, and FDA
• Increase user acceptance and market success
• Lower long-term costs by avoiding redesigns or recalls

In short, usability is both a compliance requirement and a competitive advantage.

Step-by-Step Guide to Applying IEC 62366

The usability engineering process defined in IEC 62366 is systematic and iterative. It integrates into the overall product development lifecycle and risk management process in line with ISO 14971. Below is a step-by-step breakdown.

1. Establish the Usability Engineering File (UEF)

The UEF is the central documentation repository for all usability activities. It includes intended use, user profiles, use scenarios, hazard analysis, test results, and risk control measures. In practice, the records and other documents that form the UEF may also form part of the product design file (ISO 13485) or the risk management file (ISO 14971).

Think of the UEF as both a project management tool and evidence for regulators.

2. User Research

Prepare the Use Specification. This is where you define:

• The intended medical purpose of the device
• The user groups (e.g. clinicians, patients, laypersons, caregivers)
• The use environments (hospitals, homes, ambulances, clinics)
• Any training or expertise required

This forms the foundation of all subsequent usability activities.

3. Analysis

Once you know who will use your device and where, the next step is to analyse how things could go wrong.

Activities include:

• Identifying safety-related user interface characteristics (e.g. readability of displays, button layout, alarm visibility).
• Reviewing post-production data and public databases for known usability issues with similar devices.
• Identifying hazards and hazardous situations.
• Identifying and describing hazard-related use scenarios, which describe exactly how use errors might occur and what consequences they could have.
• Selecting hazard-related use scenarios for Summative Evaluation.

These scenarios are then prioritised to decide which will be evaluated in summative testing.

4. Design and Formative Evaluation

This is where design and usability testing happen in iterative cycles.

Key steps:

1. Establish the User Interface Specification – the blueprint of all UI elements.
2. Develop the User Interface Evaluation Plan – define how formative and summative testing will be performed.
3. Iterative cycles of concept, prototype, and testing

The point of formative evaluation is to find usability issues early, before final validation, so changes are cheaper and less disruptive.

5. Summative Evaluation

The final stage is a summative usability validation. This is a formal test that demonstrates to regulators that the device can be used safely and effectively by the intended users.

• Test the hazard-related use scenarios identified earlier.
• Use representative users in realistic environments.
• Collect both objective performance data (task completion, error rates) and subjective feedback (ease of use, confidence).
• Confirm that residual risks are acceptable in line with ISO 14971.

This stage provides the objective evidence regulators require to ensure compliance.

6. Maintain Usability Post-Market

Usability engineering does not end at product launch. Post-market surveillance should collect feedback on usability issues, adverse events, and complaints. Updates or design changes may be required if new risks emerge.

Common Challenges in Applying IEC 62366

Many manufacturers encounter difficulties such as:

• Underestimating resources needed for usability testing
• Recruiting representative users for formative and validation studies
• Defining realistic use scenarios that reflect actual clinical environments
• Integrating usability with development timelines
• Documenting evidence properly in the UEF

Failing to address these challenges can result in regulatory rejection, delays, or costly redesigns.

Best Practices for Success

1. Start usability engineering early in the design process
2. Involve multidisciplinary teams including engineers, clinicians, and usability experts
3. Use a mix of qualitative and quantitative methods in evaluations
4. Prioritise hazard-related use scenarios in validation testing
5. Document everything thoroughly in the Usability Engineering File
6. Where possible involve regulators early for alignment
7. Leverage specialist expertise such as a Medical Device and IVD Consultancy with usability engineering experience

How MDx CRO Can Help

Implementing IEC 62366 in-house can strain resources. At MDx CRO we can provide:

• Protocol development and study design for usability testing
• Recruitment of representative users across geographies
• Moderation of formative and validation studies
• Integration of usability engineering with regulatory strategy
• Preparation of all usability documentation required for submissions including FDA submissions

As a trusted Medical Device and IVD consultancy, we support manufacturers in implementing IEC 62366, running usability studies, and preparing documentation that satisfies both EU and US regulators. Whether you are starting a new project or updating an existing device, our team helps you achieve compliance and deliver safer devices to market.

FAQs

Does the FDA also recognise IEC 62366?

Yes. The latest versions of the IEC 62366 standards are recognised by the FDA as consensus standards. However, the FDA has also published specific human factors engineering guidances with minor differences to IEC 62366 so it is recommended that these are also considered for FDA submissions.

When should usability testing be performed?

Throughout development. Formative evaluations identify and correct issues early, while summative validation confirms safe and effective use before market approval.

Can simulated environments be accepted in usability validation?

Yes, provided they are representative of real-world conditions and cover all critical tasks and hazard-related use scenarios.