What does an ISO 13485 consultant actually do?

An ISO 13485 consultant performs gap analysis against the standard, designs and documents your quality management system, builds your internal audit program, prepares your team for certification audits, and provides ongoing support through surveillance audits. The goal is to ensure your organization passes its Stage 2 certification audit on the first attempt.

How long does ISO 13485 certification take with a consultant?

With an experienced consultant, most medical device companies achieve ISO 13485 certification in 6–9 months from a standing start, or 4–6 months if a legacy QMS or ISO 9001 foundation is already in place. The timeline depends on company size, device classification, and regulatory markets in scope.

How much does ISO 13485 consulting cost?

ISO 13485 consulting engagements vary based on scope, company size, and the number of regulatory markets targeted. Small manufacturers typically invest $15,000–$40,000 in consultant fees for a full QMS build-out and certification support. This cost is offset by the market access and revenue opportunities unlocked by certification across multiple global jurisdictions.

Do I need ISO 13485 if I already comply with FDA 21 CFR Part 820?

Yes, if you sell or plan to sell in international markets. ISO 13485 is required for CE marking in the EU, Health Canada licensing for Class II–IV devices, and market entry in dozens of other jurisdictions. Additionally, FDA's new QMSR (effective February 2026) aligns 21 CFR Part 820 with ISO 13485, making a single ISO 13485 QMS the most efficient compliance strategy for U.S.-based global manufacturers.

What is the difference between ISO 13485:2016 and EU MDR compliance?

ISO 13485:2016 is a quality management system standard; EU MDR (Regulation 2017/745) is a market access regulation. ISO 13485 certification is a component of — but not a substitute for — full EU MDR compliance. Notified Bodies conducting conformity assessments under EU MDR will audit your ISO 13485 QMS as part of a broader review that also includes clinical evaluation, post-market surveillance, and technical documentation.

ISO 13485 Consultant for Medical Devices: Complete Guide

Last updated: 2026-04-13

If you've landed on this page, you're likely facing one of three situations: you're building a quality management system (QMS) from scratch, you've failed an ISO 13485 audit and need expert intervention, or you're scaling your medical device business and need certification to enter a new market. In every one of those scenarios, the decision of which ISO 13485 consultant you hire is the most consequential call you'll make in your compliance journey.

I'm Jared Clark — JD, MBA, PMP, CMQ-OE, CQA, CPGP, RAC — Principal Consultant at Certify Consulting. Over the past eight-plus years, I've guided more than 200 medical device companies through ISO 13485 certification, with a 100% first-time audit pass rate. This guide distills what I've learned about what separates a successful certification program from an expensive, time-consuming failure.

What Is ISO 13485 and Why Does Your Medical Device Company Need It?

ISO 13485:2016 is the internationally recognized quality management system standard for organizations involved in the design, production, installation, and servicing of medical devices. Unlike ISO 9001, which applies across industries, ISO 13485 is specifically engineered for the regulatory demands of the medical device sector — including traceability, risk management under ISO 14971, and post-market surveillance.

Why it matters right now: The global medical device market is projected to exceed $800 billion by 2030, and regulatory gatekeepers in every major market — the EU's MDR/IVDR framework, the U.S. FDA's 21 CFR Part 820 Quality System Regulation, Health Canada, and the TGA in Australia — either require or strongly incentivize ISO 13485 certification as a condition of market access. As of 2024, the EU MDR explicitly recognizes ISO 13485:2016 certification as a key element of a Notified Body's conformity assessment process.

Citation hook: ISO 13485:2016 is the globally harmonized quality management system standard for medical devices, referenced by regulators in over 100 countries and a prerequisite for CE marking under the EU Medical Device Regulation.

The 5 Critical Roles an ISO 13485 Consultant Plays

Many companies underestimate the scope of what a qualified consultant does. Here's the full picture:

1. Gap Analysis and Readiness Assessment

Before a single document is written, an experienced consultant performs a systematic comparison of your current operations against every clause of ISO 13485:2016. This identifies the delta between where you are and where you need to be — and it prevents you from spending money building systems that don't address your actual nonconformities.

2. QMS Design and Documentation

ISO 13485 requires a documented quality manual, quality policy, and a controlled suite of SOPs, work instructions, and forms. A consultant doesn't just hand you a template library — they design a QMS architecture that reflects your specific device classification, regulatory markets, and operational reality. Cookie-cutter documentation is one of the top reasons first-time audits fail.

3. Internal Audit Program Development

Clause 8.2.4 of ISO 13485:2016 mandates a planned internal audit program. A consultant builds this program, trains your internal auditors, and runs the first cycles — ensuring that by the time the certification body walks in, your team has already stress-tested the system.

4. Regulatory Interface and Notified Body Liaison

If you're pursuing CE marking under EU MDR/IVDR or working with a U.S. Accredited Certification Body (ACB), the audit process involves technical reviewers who know exactly where to probe. A consultant with regulatory credentials — particularly Regulatory Affairs Certification (RAC) — provides a critical translation layer between your operations team and the auditors.

5. CAPA System Implementation

Corrective and preventive action (CAPA) under ISO 13485 clause 8.5 is consistently the most-cited area of nonconformity in medical device audits. A consultant structures a CAPA workflow that is both audit-defensible and operationally sustainable — not just a form that gets filled out after the fact.

How to Evaluate an ISO 13485 Consultant: A Comparison Framework

Not all consultants are equal. Use this framework to evaluate your options objectively.

Evaluation Criterion	What to Look For	Red Flag
Credentials	RAC, CMQ-OE, CQA, or equivalent; JD/regulatory legal background is a plus	Relying solely on "industry experience" without formal credentials
First-Time Pass Rate	Documented 100% or near-100% first-time certification pass rate	Vague claims like "high success rate" with no data
Client Volume	100+ engagements across device classes	Fewer than 20 clients; single industry vertical
Scope of Services	Gap analysis → QMS build → internal audit → certification support	Consultants who only provide documentation templates
Regulatory Markets Covered	FDA 21 CFR Part 820, EU MDR/IVDR, Health Canada, TGA	Single-market expertise only
Post-Certification Support	Surveillance audit prep, CAPA management, management review facilitation	Engagement ends at certification
Independence from Certification Bodies	Strictly advisory; no conflicts of interest	Affiliated with or referring exclusively to one CB

Citation hook: When selecting an ISO 13485 consultant for medical devices, the single most predictive indicator of audit success is a documented first-time certification pass rate across a large, diverse client base — not years in industry alone.

The ISO 13485 Certification Timeline: What to Realistically Expect

One of the most common mistakes medical device companies make is underestimating the timeline. Here's a realistic roadmap:

Phase 1: Gap Analysis (Weeks 1–3)

A thorough gap analysis examines your existing documentation, processes, personnel training records, and supplier controls against all applicable clauses of ISO 13485:2016. Output: a prioritized remediation roadmap.

Phase 2: QMS Development (Weeks 4–16)

This is the heaviest lift. Depending on your company's size and the number of processes in scope, building a compliant QMS typically takes 8–12 weeks for small-to-mid-size manufacturers. This includes the quality manual, all tier-1 through tier-3 documentation, risk management files, and supplier qualification records.

Phase 3: QMS Implementation and Training (Weeks 12–20)

Documentation alone doesn't create a compliant QMS. Your team must be trained, processes must be run under the new system, and records must accumulate. Most certification bodies require evidence of at least one full operating cycle before Stage 2 audit.

Phase 4: Internal Audit and Management Review (Weeks 18–22)

Clause 8.2.4 internal audits and clause 5.6 management reviews must be completed and documented before your Stage 2 certification audit. These aren't formalities — they're the evidence that your QMS is operational, not just documented.

Phase 5: Stage 1 (Document Review) Audit (Week 22–24)

The certification body reviews your documentation. Most findings at this stage are opportunities for improvement, not major nonconformities — if your consultant has done their job.

Phase 6: Stage 2 (On-Site) Audit (Week 26–30)

The full certification audit. Auditors will interview staff, review records, and trace processes end-to-end. With proper preparation, this is a confirmation exercise, not a discovery process.

Typical total timeline: 6–9 months for organizations starting from scratch. Companies with a legacy QMS or ISO 9001 foundation can often compress this to 4–6 months.

The Most Common ISO 13485 Audit Failures — and How to Prevent Them

According to BSI Group's published audit data, the five most frequently cited clauses in ISO 13485 nonconformities are:

Clause 8.5.2 – Corrective Action: Inadequate root cause analysis; CAPAs closed without objective evidence of effectiveness
Clause 7.5 – Production and Service Provision: Incomplete or uncontrolled device history records
Clause 4.2.4 – Control of Documents: Outdated documents in use; no formal review/approval cycle
Clause 6.2 – Human Resources: Training records don't demonstrate competency; no link between training and job function
Clause 7.4 – Purchasing: Supplier qualification records incomplete; no re-evaluation of critical suppliers

Citation hook: The five most commonly cited clauses in ISO 13485 nonconformity reports are 8.5.2 (corrective action), 7.5 (production controls), 4.2.4 (document control), 6.2 (human resources), and 7.4 (purchasing) — all addressable through structured consultant-led QMS implementation.

An experienced ISO 13485 consultant closes every one of these gaps before the certification body arrives. This is precisely why first-time pass rates diverge so sharply between consultant-supported engagements and DIY attempts.

ISO 13485 vs. FDA 21 CFR Part 820: Understanding the Overlap

A question I hear constantly from U.S.-based medical device manufacturers: Do I need both ISO 13485 and FDA QSR compliance?

The short answer: yes, if you're selling in the U.S. and internationally. Here's how they relate:

Feature	ISO 13485:2016	FDA 21 CFR Part 820 (QSR)
Jurisdiction	Global (100+ countries)	United States
Focus	QMS requirements for medical devices	QMS regulations for U.S. device manufacturers
Risk Management	References ISO 14971 explicitly	Risk management implicit in design controls
Design Controls	Clause 7.3	Subpart C (§820.30)
CAPA	Clause 8.5	§820.100
FDA Alignment Update	N/A	FDA's QMSR (effective Feb 2026) aligns 21 CFR Part 820 with ISO 13485
Certification	Third-party audited; certificate issued	Self-declared; FDA inspections

Timely development: FDA's Quality Management System Regulation (QMSR), effective February 2, 2026, substantially aligns 21 CFR Part 820 with ISO 13485:2016. For the first time, U.S. manufacturers who achieve ISO 13485 certification will have a direct, documented pathway to demonstrating QMSR compliance. This makes investing in ISO 13485 now a dual-compliance strategy, not just an international market play.

Why Certify Consulting Is the Right ISO 13485 Partner

At Certify Consulting, we've built our practice on one principle: every client who walks into a certification audit should already know they're going to pass.

That's not confidence — it's the result of a systematic, evidence-based process that we've refined across 200+ engagements in eight-plus years.

Here's what makes our approach different:

Credential depth no other boutique firm matches. My credentials span quality (CMQ-OE, CQA), project management (PMP), regulatory affairs (RAC), pharmaceutical good practices (CPGP), and regulatory law (JD). That breadth means I see your compliance posture the same way your auditors, your Notified Body, and — if it ever comes to it — your regulators will.
100% first-time audit pass rate. Not 90%. Not "most clients." Every single client we've taken through a certification audit has passed on the first attempt. That's the only metric that matters.
We build systems, not documents. Any consultant can hand you a folder of SOPs. We build living quality systems — ones your team actually uses, that survive surveillance audits, that scale with your product line.
Full lifecycle support. We don't disappear after certification day. Surveillance audits, recertification, CAPA management, management review facilitation, supplier audits — we're the ongoing compliance infrastructure for companies who don't want to build an in-house quality department from day one.

How ISO 13485 Certification Unlocks Market Access

Certification isn't just a compliance checkbox. It's a commercial accelerant. Here's what ISO 13485 certification directly enables:

CE Marking (EU): ISO 13485 certification is a foundational requirement for Notified Body audits under EU MDR (Regulation 2017/745) and EU IVDR (Regulation 2017/746).
Health Canada: Canada requires ISO 13485 certification for Class II, III, and IV medical device licenses under the Medical Devices Regulations (SOR/98-282).
Brazil ANVISA: ISO 13485 certification is recognized under Brazil's resolution RDC 16/2013 for Good Manufacturing Practices.
Japan PMDA: Japan's QMS Ordinance is harmonized with ISO 13485, and certification substantially simplifies market entry.
Australia TGA: ISO 13485 certification supports conformity assessment procedures under the Therapeutic Goods Act.

In practical terms: a single ISO 13485 certification, properly scoped, can unlock simultaneous market access across five or more regulatory jurisdictions. The ROI on consultant fees becomes obvious when framed as market access investment.

Frequently Asked Questions About ISO 13485 Consultants

See the FAQ section below for structured answers to the most common questions I receive from medical device companies evaluating ISO 13485 consultation.

Take the Next Step

If you're reading this page, you're already doing the right kind of research. The next step is a conversation — not a sales call, but a genuine assessment of where your organization stands and what it will take to get certified.

Explore our ISO 13485 certification services or visit certify.consulting to schedule a free initial consultation with Jared Clark.

Last updated: 2026-04-13