ISO 9001 is a cross-industry quality management standard focused on consistent processes and customer satisfaction; ISO 13485 is a medical-device quality-management standard that prescribes controls tied to regulatory and patient-safety requirements.
If you search for “ISO 9001 vs ISO 13485,” the practical question procurement and engineering teams ask is simple: which standard will customers or auditors expect from my suppliers, and what documentation and controls will they demand?
For sewn soft goods and sewn assemblies that sit inside regulated device systems, that choice changes supplier qualification, traceability, and change-control obligations – and we support both program types from our U.S. facility when customers require it.
What you’ll learn
- How ISO 9001 and ISO 13485 differ in scope, risk approach, and documentation depth.
- Which standard is typically required for medical-device manufacturers and their suppliers.
- Practical supplier controls and a checklist to use when qualifying sewn-soft-goods suppliers.
What ISO 9001 Covers
ISO 9001:2015 defines requirements for a quality management system (QMS) that any organization can use to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements.
The standard emphasizes a process approach, management commitment, continual improvement, and risk-based thinking. See ISO’s summary for the core intent of ISO 9001 for more detail: ISO 9001 overview.
Who ISO 9001 Is For
Organizations of any size or sector adopt ISO 9001 to formalize consistent processes, improve supplier relationships, and provide a baseline for customer assurance. For sewn goods suppliers, ISO 9001 certifies that you manage core processes – purchasing, production control, inspection, training, and corrective actions – in a structured way.
What ISO 9001 Requires at a High Level
- Defined processes with documented information where necessary (procedures, work instructions, records).
- Internal audits and management review to confirm system effectiveness.
- Corrective action (CAR) processes to address nonconformities.
- Risk-based thinking applied to processes, but with flexibility in how risks are identified and controlled.
What ISO 13485 Covers
ISO 13485:2016 specifies requirements for a QMS where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet regulatory and customer requirements. It is tailored to the medical-device lifecycle and places stronger emphasis on documentation, traceability, and risk management tied to product safety and performance.
For the standard text and scope, see ISO’s ISO 13485 listing: ISO 13485:2016.
Who ISO 13485 Is For
Organizations that design, produce, or service medical devices – or that supply critical components or services incorporated into medical devices – are the primary audience. This includes contract manufacturers of soft goods that are part of a medical device’s finished assembly or that affect the device’s safety and performance.
Why ISO 13485 Is More Prescriptive
- Stricter documentation expectations: defined device files (or product files), technical records, and production records for each product or lot.
- Explicit supplier controls and purchasing documentation tied to regulatory requirements.
- Detailed CAPA and complaint handling with traceable records that can be produced during regulatory audits.
- Risk management integrated across the device lifecycle rather than only at the process level; this aligns with regulators’ expectations and post-market surveillance practices.
ISO 9001 vs ISO 13485: Main Differences
| Topic | ISO 9001 | ISO 13485 |
|---|---|---|
| Scope | Cross-industry QMS for consistent processes and customer satisfaction. | Medical-device QMS focused on regulatory alignment and device safety. |
| Regulatory focus | Business improvement and customer requirements; not device-specific. | Supports regulatory expectations and device-related compliance. |
| Risk approach | Risk-based thinking applied to processes. | Formal risk management across the product lifecycle (design to post-market). |
| Documentation | Flexible: document what’s needed for control and improvement. | Prescriptive: device files, lot records, complaint/CAPA traceability. |
| Traceability | Required where necessary for conformity. | Expected for devices and critical components when mandated. |
| Continual improvement | Central requirement; emphasis on improving processes and satisfaction. | Important but balanced with maintaining compliance and preventing safety risks. |
Industry Scope and Regulatory Expectations
ISO 9001’s broad applicability makes it a common baseline across supply chains. ISO 13485 responds to regulators’ expectations for medical device systems; auditors expect documented evidence that design controls (where applicable), risk management, and post-market processes exist and function.
Regulators often assess medical-device QMS elements against regional regulations in addition to ISO 13485, so suppliers should be prepared to show both standard-related records and device-specific regulatory evidence.
The U.S. Quality System Regulation (21 CFR Part 820) is an important regulatory reference for device manufacturers.
Risk Management: Risk-Based Thinking vs. Lifecycle Risk Management
ISO 9001 promotes risk-based thinking to help prioritize process controls.
ISO 13485 requires documented risk management processes applied to the device throughout its lifecycle (design, production, distribution, post-market).
For sewn components that affect device safety (for example, a sealing cuff or load-bearing strap), this means you must record how material choices, seam types, and suppliers mitigate identified hazards.
Documentation and Records: Flexible vs. Prescriptive
ISO 9001 allows organizations to determine the level of documented information needed.
ISO 13485 specifies a higher baseline: design and product files, production records by lot, traceability where required, and formal complaint/CAPA records.
Customers who tightly control their device supply chains will request inspection records, material certificates, and operator training logs from their sewn-goods suppliers.
CAPA and Feedback: Customer Satisfaction vs Device Performance Feedback
While ISO 9001 centers corrective actions around customer satisfaction, ISO 13485 treats complaints and field feedback as potential indicators of hazards with regulatory implications. That difference changes the expected timeliness, depth, and traceability of CAPA records for suppliers to medical-device OEMs.
Supplier Controls: What Changes When You Source Components for Medical Devices
When customers source sewn components for regulated devices, purchasing and supplier control expectations increase. Practical items buyers will request include:
- Supplier evaluation records and approved-supplier lists.
- Lot-level material certificates and incoming inspection records.
- Process validation evidence for critical sewing operations (e.g., seam-strength validation, cycle verification).
- Change-control records covering any material, tooling, or process change.
- Operator training records and competency evidence for roles performing critical tasks.
What to ask a supplier — supplier-qualification checklist:
- Do you provide lot-level material certificates and incoming-inspection reports?
- Can you supply production records tied to product lots for at least the last X months? (define retention period.)
- Do you maintain formal change-control and nonconforming-material processes with CAPA tracking?
- Have you validated critical sewing processes (seam strength, stitch density, sealing), and can you share validation records?
- Are operator training records available for staff performing critical tasks?
- Do you support traceability back to raw-material lots when requested?
- Can you provide documented responses to customer audits and supply audit evidence on an agreed timetable?
Can You Be Certified to Both ISO 9001 and ISO 13485?
Yes. Organizations can hold both certifications. Many firms keep ISO 9001 as an enterprise QMS while scoping ISO 13485 to specific product lines, facilities, or processes that affect medical devices.
Dual certification helps companies that mix medical and non-medical product lines maintain enterprise consistency while meeting medical-device regulatory expectations where required.
When Dual Certification Makes Sense
- When you manufacture both medical and non-medical products and want a single enterprise QMS for business functions while keeping medical-device controls where they matter.
- When separate customers explicitly require ISO 13485 for certain products but accept ISO 9001 for others.
- When supply-chain demands ask suppliers to demonstrate both continual-improvement capability and strict medical-device traceability/controls.
Which Standard Do You Need?
Deciding depends on what you produce and who your customers are. Use the following operational decision flow:
Are you selling a medical device or a critical component used in a device? —> ISO 13485 is typically expected.
Are you a supplier to medical-device manufacturers, but your part is non-critical? —> The customer may accept ISO 9001 plus documented supplier controls; expect to support ISO 13485-aligned evidence on request.
Are you not involved in medical devices? —> ISO 9001 often suffices unless a customer requires otherwise.
If You Manufacture Medical Devices
ISO 13485 is the standard most frequently used as the QMS baseline for device-market access because it aligns with regulatory expectations for design controls, production records, and post-market processes. Consult the ISO 13485 standard and regional regulatory guidance when planning certification.
If You Are a Supplier to Medical Device Companies
Full-facility ISO 13485 certification is not always mandatory for every supplier. However, medical-device OEMs will expect suppliers to support device-file needs: traceability, incoming inspection, validated processes, and CAPA records. Customers may require supplier audits, documented evidence, or contract clauses placing ISO 13485-aligned obligations on the supplier.
If You Are Not in Medical Devices
ISO 9001 usually meets broader commercial requirements and supports procurement processes. If buyer requirements change, you can implement ISO 13485-aligned processes for relevant product lines without converting the entire enterprise immediately.
How Fieldtex Supports ISO 13485 Programs
Fieldtex produces sewn soft goods and assemblies for medical device manufacturers from our ISO 13485-certified, FDA-registered facility in Rochester, NY. With decades of medical sewing experience, we understand the traceability, calibration, and process control that regulated programs require.
With 125+ operators and a 48-hour quote turnaround, we support both small runs and scalable production with full documented control.
ISO 13485-Compliant Sewing Services and Documentation Support
When customers require ISO 13485-aligned output, we provide:
- Lot-level incoming inspection and material certificates tied to production records.
- Production records and operator logs for traceability and audit purposes.
- Process validation evidence for seams and critical sewing operations where required by the device file.
- Formal change-control and CAPA workflows that integrate with customer-supplied requirements.
Learn more details about our medical sewing capabilities.
What Buyers Receive When They Source Soft Goods From Us
- Documented processes and traceability support when required by the customer or device file.
- Consistent incoming inspection, in-process inspection records, and corrective-action documentation.
- Change-control rigor for materials, tooling, and subcontracted steps.
- Audit-ready responsiveness for supplier audits and regulatory inquiries.
If you want us to review drawings, specs, and your quality requirements, request a production review via our quote form.
Common Misconceptions About ISO 9001 and ISO 13485
- “ISO 13485 is just ISO 9001 with a medical label.” Historically related, the two standards have diverged. ISO 13485 contains prescriptive requirements for device files, traceability, and lifecycle risk management that go beyond ISO 9001’s flexibility.
- “If a supplier is ISO 9001 certified, they automatically meet ISO 13485 expectations.” Not necessarily. ISO 9001 demonstrates process control; ISO 13485 demonstrates compliance with medical-device-specific documentation, traceability, and regulatory-aligned controls.
- “You must hold ISO 13485 certification to supply any sewn component.” Some suppliers provide evidence and controls consistent with ISO 13485 without full certification, but many OEMs will prefer or require certification for critical components.
FAQ: ISO 9001 vs. ISO 13485
Is ISO 13485 required to sell medical devices?
ISO 13485 is not a legal requirement in every market, but many regulatory frameworks and OEM procurement processes expect ISO 13485-aligned QMS controls or equivalent regulatory compliance. Medical-device manufacturers use ISO 13485 to demonstrate consistent compliance with applicable regulations; consult regional regulatory guidance (for the U.S., see the FDA QSR guidance) for precise obligations: FDA QSR.
Can a supplier be “ISO 13485 compliant” without being certified?
Yes – suppliers can implement ISO 13485-aligned processes and provide evidence to customers without third-party certification. However, many OEMs and contract requirements prefer or require certification from a recognized registrar because it provides an external assessment of the QMS.
Do I need both certifications?
Dual certification can be useful when you have mixed product lines or enterprise-level customers who ask for ISO 9001 while medical customers demand ISO 13485. Many organizations maintain enterprise ISO 9001 and scope ISO 13485 to specific facilities or product lines. The right choice depends on your product portfolio and customer requirements.
What will a medical-device customer audit look for in a soft goods supplier?
Expect auditors to check documented processes for incoming inspection, lot traceability, operator training records, evidence of process validation for critical sewing operations, CAPA records, and change-control documentation. They will also review the supplier’s response times and ability to produce production records tied to specific lots or shipments.
Ready To Discuss Your Quality Requirements?
Share your drawings, specs, and supplier checklist, and we will review how our ISO 13485-capable sewing services and documentation practices can meet your program needs.