ISO 13485 Registrar Resource Center
Free Registrar Quotations
Looking for the right registrar to audit your company can be confusing. That is why the 13485store.com has partnered with many different registrars to make it easy for you to find, choose, and hire to complete your company’s needs.
- Click the red ‘Get Started’ Button
- Complete Form
- Choose acceptable travel distance, or Virtual
- The certification form is automatically sent to our team, and we get to work finding the best three options for you.
- You will receive a copy of your submittal, and we retain one for our records.
- You will receive your quotation options within 72 hours so you may select the registrar that will best fit your unique requirements.
Generally, when you sign a contract with a Registrar, it will include the Registration Audit and Surveillance Audits. The Registration Audit is the initial audit that will be done to see if you will achieve ISO 13485 certification. Once you are approved, your certificate will be valid for three years (See typical Registration Process below).
After you have your certification, the registrar will come back every 6 months or year for a Surveillance Audit to see if you are maintaining your system and continuing to meet the requirements of the standard. ISO 13485 registrars vary in their approach, so you will want to find out details from each registrar you are interested in.
Your certificate will be valid for 3 years. After that period, your registrar will be required to do another Registration Audit to renew your certification.
Most registrars are now offering virtual audits, provided you meet certain criteria. A remote audit can save time and reduce travel costs of the registrar, so be sure to ask if your organization meets the criteria for a virtual audit.
When to Select a Registrar
Organizations often wait until they feel their QMS is running smoothly before they select a registrar. However, we recommend choosing them earlier in the process. Why?
- This assures that you can find one who is able to meet your timeframe.
- The advantage of interviewing them early is that they will ultimately be the ones who will evaluate your QMS. A registrar CANNOT consult for a company who they audit, but they can explain (based on their experience) how they intend to audit your organization. So, if you choose them earlier in the process you can ask them questions along the way. It’s like asking the teacher what you’re going to be tested on. This can be important because much is up to the individual’s discretion (like a referee in a sporting event) and you’d be wise to consider it.
ISO 13485 requires each organization to complete internal audits for its ISO 13485-based quality system to confirm the processes are being managed correctly, in other words, to confirm the organization is fully in control of its activities.
To achieve certification, an organization must hire an independent certification body, known as a registrar, to obtain an ISO 13485 certificate of conformity.
Click each part for more details on the Registration process!
We’ve provided a free Registrar Questionnaire Checklist to help you interview your registrars.
- Technical Requirements – Do they understand your business?
- Commercial Requirements – Can the registrar meet your timing?
Confirm Application and Schedule
You will enter into a three (3) year contract with the registrar which outlines the obligations, liability, confidentiality and access rights. The schedule is as follows:
- Year 1 – Complete Registration Audit
- Year 2 & 3 – Surveillance Audits – usually does not include documentation review
You will start over with a complete Audit in year 4 with this, or another, Registrar.
1st Stage Assessment
After your quality system has been implemented, the registrar conducts a stage 1 audit to assess your documentation and verify key practices are in place, This includes internal audits, management reviews, and tracking performance. If you successfully pass this audit without any major issues, the registrar will confirm your readiness for the full audit.
The Initial Certification Audit
The assessment process for achieving certification consists of a two stage Initial Certification Audit:
Stage 1 – The purpose of this visit is to confirm the readiness of the organization for a full assessment. The auditor will:
- Check that the documented Information conforms to the requirements of ISO 13485:2016
- Confirm its implementation status
- Confirm the scope of certification
- Review legislative compliance
- Generate a report that identifies any non-compliance or possibilities for non-compliance and agree to a corrective action plan if required.
- Generate an assessment plan and confirm a date for stage 2 audit in your company
During the Stage 1 audit, only a few employees will be interviewed. If there are no significant problems, the stage two audit will normally proceed in one or two months.
Certification Assessment (Stage 2 Audit)
One or two months after an effective stage 1 audit, the certification body (CB) will return to audit the entire system. They will look for conformity to customer, legal, and executive requirements, as well as, to the requirements of the ISO 13485:2016 standard.
The audit duration will depend on the size of the organization, the number of sites, and the complexity of the processes included in the system. The number of days for the audit is based on ISO 17021. For example, a small company with 10 or fewer employees might get an audit of only two days. For a company of 20 employees, the duration would rise to three days.
If the organization receives no major nonconformities during the stage two audit, the audit team will recommend certification based on your compliance with an acceptable corrective action plan for any stated minor nonconformities.
If one or more major nonconformities are found, the certification body (CB) either conducts a special visit in a month or two to confirm the major issues have been resolved by use of the PDCA method, or they conduct another full certification audit when the organization says the major nonconformities have been corrected.
Stage 2 – The purpose of this visit is to confirm that the quality management system fully conforms to the requirements of ISO 13485:2016 in practice. The auditor will:
- Complete sample audits of the processes and activities defined in the scope of assessment
- Record how the system complies with the standard
- Record how the system complies with the organizations’ documented information
- Report any non-conformances or potential for non-conformance
- Produce a surveillance plan and confirm a date for the first surveillance visit
During the Stage 2 audit, several employees will be interviewed. If the auditor identifies any major non-conformance, the organization cannot be certified until corrective action is taken and verified. This means the auditor has to come back out for an on-site verification visit.
If there are no major non-conformances, then the certificate is typically sent out within 30-45 days after the Stage 2 audit.
Continually analyze, document, and correct non-conformances for as long as you have a QMS.
Every three years, the entire system will be assessed again. The recertification audit duration will be about two-thirds as long as the stage 2 audit. Assuming the assessment doesn’t find any major non-conformances, the audit team can recommend the organization for continued certification. And, after receipt of an acceptable corrective plan for any minor non-conformances, the certification body will reissue the ISO 13485 certificate.
The costs for the audits and registration will be dependent on the size of your company, the number of locations, the accreditations that you need, and the distance between you and the auditor assigned by your Registrar.
The costs are typically dependent on the number of audit days required for the registration audit and the surveillance audits, the travel costs for the auditors, and the administration fees and accreditation fees for the registration.
Choosing a Registrar
When choosing a certification body for ISO 13485 certification, these are the aspects the organization needs to take into account.
- An independent QMS audit to confirm ISO 13485 certification is a business decision:
- Does a customer or agency require it?
- Does it help with risk mitigation?
- Would it improve public relations?
- Cost is not the only consideration. Criteria to consider include:
- Evaluate several certification bodies using a registrar checklist.
- Has the certification body been accredited? Accreditation, in simple terms, means that a certification body has been approved to certify organizations.
- Is their accreditation internationally recognized/accepted? There are some organizations who are not internationally recognized.
- Does the Certification Body follow ISO/IEC 17021:2006? ISO 17021 Conformity assessment – Requirements for bodies providing audit and certification of management systems?
- Do the auditors have experience in your industry?
- Is the CB approved for certifications you may consider in the future?
The most important factor in choosing a Registrar is how well they can work with you. This includes how well they know your industry, how much experience they have with similar companies, and how well they communicate with you and your employees. There are many rules that a registrar must follow, issued by organizations like the ANAB. See ANAB Rules…
Interview 3 or more Registrars to get a good idea of the options available and differences between Registrars. Look locally if you have good choices, it will save on costs, but if you do not find a good fit look farther. The benefits of your relationship with your Registrar will pay off. Remember that these are experienced professionals that spend day after day evaluating how companies do business. The feedback you get from them is one of the best ISO 13485 certification benchmarking tools available.