MEDICAL DEVICES

Focus is ISO 13485 Certified: What This Means For Our Clients

July 7, 2026

by

Malena Costa Rauschert

Focus Is ISO 13485 Certified: What This Means For Our Clients

ISO 13485 is the international standard for quality management systems in medical device development. Where ISO 9001 sets general requirements for how any company manages quality, 13485 is written specifically for medical devices: which processes must be documented, how design controls are structured, and what records are required to support regulatory submission. In Europe, it has long been the foundation regulators build on for market entry, with additional requirements layered on top. And as of February 2026, it is also the foundation of the FDA's updated Quality Management System Regulation.

This article explains what that certification covers, how we built our quality system, and what it concretely means for medical companies working with us.

Why The Certification Matters

Certification is not just a badge. It changes what you can actually do with the work a partner delivers.

When you work with a certified partner, you know exactly which standard governs their design and development practices. And you have an independent third party that periodically audits those practices, not only at initial certification, but on an ongoing basis. That second layer of verification is significant. It means the system has to keep working, not just pass a point-in-time review.

For some MedTech companies, this becomes a practical obligation. Not because the standard explicitly requires suppliers to be certified, but because the criticality of the work demands it. In practice, working with a development partner who has no quality framework in place is rarely viable. That constraint shapes vendor selection before a single line of code is written.

There are also practical differences in how work gets handed off. When a partner operates under the same standard, the documentation they produce, the medical device file artifacts, the traceability records, can go directly into your regulatory submission package. You are not spending time reformatting outputs to fit your own QMS, or integrating contractor work that was never documented with submission in mind. The deliverable arrives ready to use.

Rigorous by Standard, Agile by Design

ISO 13485 was written primarily for companies that manufacture and bring products to market. Focus is a design and development partner, so applying the standard to our actual scope required careful work upfront: defining precisely what the certification covers.

The most deliberate choice was how we built the system itself. Quality management systems often become bureaucratic weight. You can build a system that technically complies but makes development slower, generates paperwork that serves no one, and creates a gap between what the system says and how work actually gets done. We built ours from scratch specifically to avoid that.

The goal was a system that made us more efficient, not less. We use agile development practices, which is unusual in medical device development. The industry defaults toward waterfall-style processes, and there is a general assumption that agile and regulated development do not fit together. We disagree. Our system was designed to preserve agile practices while meeting every requirement the standard imposes. The result is a quality management system that the team actually uses, because it reflects how we work rather than how someone thought regulated companies should work.

Beyond ISO 13485

The 13485 is the certification anchor, but a medical device quality system that only covers 13485 is incomplete. The standard governs the quality management system itself. The technical standards that govern what you actually build are separate and equally important.

Our system incorporates IEC 62304 for medical device software development. This standard defines the software lifecycle processes, classification by risk level, and the documentation requirements that correspond to each class. You cannot certify as a company to IEC 62304, but you can build your processes so that software developed inside your system already complies with it. That is what we did. A client whose software goes through our QMS receives software artifacts that meet IEC 62304 requirements, classified at the right level, with the documentation structure the standard requires.

Risk management follows ISO 14971 throughout the development process, not as a separate exercise at the end. We build risk management iteratively: identifying hazards, assessing their probability and severity, defining and implementing risk control measures, and verifying that those controls are effective. For active medical devices, that discipline is not optional, and treating it as a late-stage checklist is a common failure mode.

Cybersecurity follows IEC 81001-5-1. Both are embedded in our procedures and templates. When a project enters the QMS, it enters a system that already accounts for all of these standards. The project team does not have to manage compliance as a separate track.

What This Looks Like for a Client in Practice

One current project illustrates this clearly. The client came in with their quality system still developing: the intent to meet regulatory standards was there, but the structure was not. As the project progressed, they found our documentation to be a reference, not just a deliverable. The traceability records, the way requirements link to verification evidence, the structure of the medical device file artifacts, were clear enough that they began using our outputs as a model for improving their own system.

For a company without any quality system yet, the starting point is different. We can begin a project and build the documentation foundation at the same time. The outputs that come out of our process are structured to support regulatory submission, which means a client that starts with us has a real head start on what they will eventually need to present to the FDA or European authorities.

For a company that is FDA-focused and now adjusting to the post-February landscape, the situation is also clear. We already operate under the framework that the FDA has now adopted. A US company that is early in that transition does not need to explain that transition to us. We started there.

Staying Current as the Standards Evolve

A certification is not static. The standards themselves move, the regulatory environment shifts, and the technology being developed changes faster than any published standard can track.

Cybersecurity is where we see the most urgent gap right now between what standards require and what current devices need. The IEC 81001-5-1 covers this and is part of our QMS. It does not make the problem disappear, but it gives us a structured framework for addressing it consistently.

The improvement cycle inside the QMS itself is also a mechanism for staying current. When practices need to change, the system provides a structured way to update procedures, communicate changes to the team, and verify that the change has been adopted. Continuous improvement is not a principle in our marketing materials. It is a required element of the standard and a tracked activity in our QMS.

About Focus Medical Studio

Focus is an ISO 13485-certified engineering firm based in Uruguay, specializing in electronics, firmware, and software development for active implantable and wearable medical devices. We work with medtech startups, research institutions, and established companies across the US and globally.

Our quality system is not a credential we point to from a distance. It is the structure behind every deliverable we produce, every risk we track, and every artifact that goes into a medical device file. If you need a partner who asks the right questions from day one and delivers documentation that is submission-ready by design, we are that team.

Reach out and let's talk about your device.