BS EN ISO 13485 2016+A11 2021 Medical devices Quality management systems Requirements for regulatory purposes

BS EN ISO 13485:2016+A11:2021 Incorporating corrigenda March 2016 and December 2016 Medical devices - Quality management systems - Requirements for regulatory purposes bsi.

BS EN ISO 13485:2016+All:2021 BRITISH STANDARD National foreword This British Standard is the UK implementation of EN ISO 13485:2016+A11:2021, incorporating corrigenda March 2016 and December 2016. It is derived from ISO 13485:2016. It supersedes BS EN ISO 13485:2016, which is withdrawn. The UK participation in its preparation was entrusted to Technical Committee CH/210, Quality management and corresponding general aspects for medical devices. A list of organizations represented on this committee can be obtained on request to its committee manager. This publication has been prepared under a mandate given to the European Standards Organizations by the European Commission and the European Free Trade Association. It is intended to support requirements of the EU legislation detailed in the European Foreword. A European Annex, usually Annex ZA or ZZ, describes how this publication relates to that EU legislation. For the Great Britain market (England, Scotland and Wales), if UK Government has designated this publication for conformity wit h UKCA marking (or similar) legislation, it may contain an additional National Annex. Where such a National Annex exists, it shows the correlation between this publication and the relevant UK legislation. If there is no National Annex of this kind, the relevant Annex ZA or ZZ in the body of the European text will indicate the relationship to UK regulation applicable in Great Britain. References to EU legislation may need to be read in accordance with the UK designation and the applicable UK law. Further information on designated standards can be found at w ww bs j group. com/standard sa n~gu !ation. For the Northern Ireland market, UK law will continue to implement relevant EU law subject to periodic confirmation. Therefore Annex ZA/ZZ in the European text, and references to EU legislation, are still valid for this market. UK Government is responsible for legislation. For information on legislation and policies relating to that legislation, consult the relevant pages ofwww gov.uk. Contractual and legal considerations This publication has been prepared in good faith, however no representation, warranty, assurance or undertaking (express or implied) is or will be made, and no responsibility or liability is or will be accepted by BSI in relation to the adequacy, accuracy, completeness or reasonableness of this publication. All and any such responsibility and liability is expressly disclaimed to the full extent permitted by the law. This publication is provided as is, and is to be used at the recipient's own risk. The recipient is advised to consider seeking professional guidance with respect to its use of this publication. This publication is not intended to constitute a contract. Users are responsible for its correct application. © The British Standards Institution 2021 Published by BSI Standards Limited 2021

BRITISH STANDARD BS EN ISO 13485:2016+A11:2021 ISBN 978 0 539 06073 7 JCS 03.100.70; 03.120.10; 11.040.01 Compliance with a British Standard cannot confer immunity from legal obligations. This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 March 2016. Amendments/corrigenda issued since publication Date Text affected 31 March 2016 Implementation ofCEN/CENELEC correction no- tice March 2016: Annexes ZA, ZB and ZC updated 31 January 2017 Implementation of CEN/CENELEC corrigendum December 2016: European foreword and Annexes ZA, ZB and ZC corrected 30 September 2021 Implementation ofCEN/CENELEC amendment All:2021: European foreword and Annexes ZA and ZB revised, and Annex ZC removed. National Annex NZ added, and Amendments/corrigenda issued since publication table corrected

EUROPEAN STANDARD NORME EUROPEENNE EUROPAISCHE NORM ICS 03.100.70; 11.040.01 BS EN ISO 13485:2016+A11:2021 EN ISO 13485:2016+A11 September 2021 Supersedes CEN ISO/TR 14969:2005, EN ISO 13485:2012 English version Medical devices - Quality management systems - Requirements for regulatory purposes (ISO 13485:2016) Dispositifs medicaux - Systemes de management de la qualite - Exigences a des fins reglementaires (ISO 13485:2016) This European Standard was approved hy CEN on 30 January 2016. Medizinprodukte - Qualitatsmanagementsysteme - Anfordenmgen fur regulatorische Zwecke (ISO 13485:2016) CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status ofa national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be ubtained on application to the CEN-CENELEC Management Cantre or to any CEN and CEN ELEC member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CEN ELEC Management Centre has the same status as the official versions. CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium, Bulga1ia, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Gennany, Greece, Hungary, lc!!]and, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Nmway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. CE~ELEC CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels © 2016 CEN/CENELEC All rights of exploitation in any form and by any means reserved worldwide for CEN national Members and for CENBLBC Members. Ref. No. EN ISO 13485:2016 E

BS EN ISO 13485:2016+A11:2021 EN ISO 13485:2O16+A11:2021 European foreword This document (EN ISO 13485:2016) has been prepared by Technical Committee ISO/TC 210 "Quality management and corresponding general aspects for medical devices" in collaboration with Technical Committee CEN/CLC/TC 3 "Quality management and corresponding general aspects for medical devices" the secretariat of which is held by NEN. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by September 2016, and conflicting national standards shall be withdrawn at the latest by March 2019. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights. Im This document supersedes EN ISO 13485:2012 and CEN ISO/TR 14969:2005™ . This document has been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association, and supports essential requirements of EU Directives. For relationship with EU Directives, see informative Annex ZA, ZB and ZC, which are integral parts of this document. According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. The following referenced documents are indispensable for the application of this document For undated references, the latest edition of the referenced document (including any amendments) applies. For dated references, only the edition cited applies. However, for any use of this standard within the meaning of Annex ZA, ZB and ZC, the user should always check that any referenced document has not been superseded and that its relevant contents can still be considered the generally acknowledged state-of-art. When an !EC or ISO standard is referred to in the ISO standard text, this shall be understood as a normative reference to the corresponding EN standard, if available, and otherwise to the dated version of the ISO or IEC standard, as listed below. NOT'E The way in which these referenced documents are cited in normative requirements determines the extent (in whole orin part) to which they apply. This document includes the corrigendum EN ISO 13485:2016/AC:2018 which corrects the European foreword, Annex 'lA, Annex ZB and Annex ZC. ii

BS EN ISO 13485:2016+All:2021 EN ISO 13485:2016+A11:2O21 Table 1 - Correlation between normative references and dated EN and ISO standards Normative references Equivalent dated standard as listed in Clause 2 of the ISO EN ISO standard ISO 9000:2015 EN ISO 9000:2015 ISO 9000:2015 Endorsement notice The text of ISO 13485:2016 has been approved by CEN as EN ISO 13485:2016 without any modification. European foreword to amendment A11 This document (EN ISO 13485:2016/All:2021) has been prepared by Technical Committee CEN/CLC/TC 3 "Quality management and corresponding general aspects for medical devices" the secretariat of which is held by NEN. This document amends EN ISO 13485:2016, incorporating corrigenda March 2016, December 2016 and 2018, with a revised European Foreword and European Annexes l.A and ZB. This Amendment to the European Standard EN ISO 13485:2016 has been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association, and supports requirements of EU Regulation( s). For relationship with EU Regulation(s}, see informative Annex ZA, and ZB, which are an integral part of this document Any feedback and questions on this document should be directed to the users' national standards body/national committee. A complete listing of these bodies can be found on the CEN websites. The following referenced documents are indispensable for the application of this document. For undated references, the edition of the referenced document (including any amendments) listed below applies. For dated references, only the edition cited applies. However, for any use of this standard within the meaning of Annex ZA or ZB, the user should always check that any referenced document has not been superseded and that its relevant contents can still be considered the generally acknowledged state-of-art When an !EC or ISO standard is referred to in the ISO standard text, this should be understood as a normative reference to the corresponding EN standard, if available, and otherwise to the dated version of the ISO or IEC standard as listed below. NOTE The way in which these referenced documents are cited in normative requirements determines the extent {in whole or in part) to which they apply. Table - Correlation between normative references and dated EN and ISO standards Normative references Equivalent dated standard as listed in Clause 2 of the ISO EN ISO standard ISO 9000:2015 EN ISO 9000:2015 ISO 9000:2015 According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Jtaly, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. iii

BS EN ISO 13485:2016+A11:2021 EN ISO 13485:2016+A11:2021 AnnexZA (informative) Relationship between this European standard and the requirements of Regulation (EU) 2017/745 aimed to be covered This European standard has been prepared under a Commission's standardisation request M/575 of 14.4.2021 to provide one voluntary means of conforming to the requirements of Regulation (EU) 2017/7 45 of 5 April 2017 concerning medical devices [OJ L 117]. Once this standard is cited in the Official Journal of the European Union under that Regulation, compliance with the normative clauses of this standard given in Tables ZA.1, ZA.2 or ZA.3 confers, within the limits of the scope of this standard, a presumption of conformity with the corresponding requirements of that Regulation, and associated EFTA regulations. This Annex covers the relationship of this European standard with: • the general obligations of the manufacturer in Article 10 (Table ZA.1); and, • the quality management system requirements in the conformity assessment annexes (Annexes IX and XI) (Table ZA.2 and ZA.3 respectively). EN ISO 13485:2016 is an adoption of an international standard, ISO 13485:2016, which is intended to be applicable in jurisdictions all over the world. Therefore, it is not the primary goal of ISO 13485:2016 to cover exactly the European quality management system requirements. Consequently, for all of the quality management system requirements, conformity is not entirely achieved by complying only with the requirements specified in EN ISO 13485. Manufacturers and conformity assessment bodies will need to integrate the quality management system requirements in the applicable European Regulation into the processes provided by EN ISO 13485. In addition, the European Regulations require the incorporation of cert.ain processes in the quality management system, such as clinical evaluation, risk management, post- market surveillance, and assignment of unique device identification. EN ISO 13485 requires the integration of these processes into the quality management system in accordance with regulatory requirements but does not explicitly include the details of the particular European Union regulatory requirements within the standard. Furthermore, the definitions in applicable regulatory requirements differ from nation to nation and region to region. As a result, the definitions in this document can differ in wording from those in European Regulations. For use in support of European requirements, definitions in the European regulations for medical devices take precedence. In addition to requirements on the manufacturer's quality management system, Article 10 and Annexes IX and XI of the European Regulations include a description of the regulatory processes and activities undertaken by the notified body, competent authority and European Commission, which are outside of the scope of EN ISO 13485 and therefore not covered by the standard. NOTE 1 Where a reference from a clause of this standard to the risk management process is made, the risk management process needs to be in compliance with Regulation (EU) 2017/745. This means that risks have to be 'reduced as far as possible', 'reduced to the lowest possible level', 'reduced as far as possible and appropriate', 'removed or reduced as far as possible', 'eliminated or reduced as far as possible', 'removed or minimized as far as possible', or 'minimized', according to the wording of the corresponding General Safety and Perlormance Requirement. NOTE 2 The manufacturer's policy for determining acceptable risk must be in compliance with General Safety and Performance Requirements 1. 2, 3, 4, 5, 8, 9, 10, 11, 14, 16, 17, 18, 19, 20, 21 and 22 of the Regulation. iv

BS EN ISO 13485:2016+A11:2021 EN ISO 13485:2016+A11:2021 NOTE 3 This Annex ZA is based on normative references according to the table of references in the European Foreword, replacing the references in the core text NOTE 4 When a requirement does not appear in Tables ZA.1, ZA.2 or ZA.3 it means that it is not addressed by this European Standard. Table ZA.1- Correspondence between this European standard and the requirements of Article 10 of Regulation (EU} 2017/745 [OJ L 117] Requirements of Article 10 Clause(s) / suh-clause(s) of Remarks / Notes of Regulation (EU) 2017/745 this EN 1 4.1, 7.1, 7.2.1 c), 7.2.2 c), 7.3, 7.5 Partially covered. EN ISO 13485 includes requirements for the QMS, design and development and manufacturing that require incorporation of the regulatory requirements into the quality management system. 2 7.1 Partially covered. EN ISO 13485 includes requirements to risk management in product realization. The detail of the specific requirements of Annex 1. Chapter 1 of the Regulation is not stated explicitly. 3 Not covered. 7.3. 7 of EN ISO 13485 requires clinical evaluation in accordance with applicable regulatory requirements. The details contained in Article 61 or Annex XIV are not provided. 4, 1st paragraph 4.2.3 Partially covered. EN ISO 13485 requires that the quality management system includes one or more files either containing or referencing documents generated to demonstrate compliance with applicable regulatory requirements. A summary of the types of documents is provided. All the detail in Annexes II and III is not provided explicitly. 4, 2nd paragraph Not covered. Refers to action by the European Commission outside the scope of the standard. 5 4.2.3 Partially covered. EN ISO 13485 requires that the quality management system includes one or more files either containing or referencing documents generated to demonstrate compliance with applicable regulatory requirements. A summary of the types of documents is provided. All the detail in Annex XI 11 is not provided explicitly. 6 Not covered. Preparation of the EU declaration of conformity is not covered in EN ISO 13485 7 Not covered. 7.5.8 of EN ISO 13485 includes a reauirement to control the V

BS EN ISO 13485:2016+A11:2021 EN ISO 13485:2016+A11:2021 Requirements of Article 10 Clause(s) / sub-clause(s) of of Regulation (EU) 2017 /745 this EN 8, 1,t paragraph 4.2.4, 4.2.5, 7.2.3 8, 2nd paragraph 7.2.3 8, 3rd paragraph 9, 1st paragraph, 1st sentence 4,5,6, 7,8 9, 1st paragraph, 2nd sentence 4.1.4, 4.2.4, 5.6,2, 5.6.3, 7.3.3, 7.3.9 9, 1st paragraph, 3rd sentence 4.1 vi Remarks/ Notes UDI under the quality management system. The detail of the system prescribed in Article 27, and with the registration obligations referred to in Articles 29 and 31, are not provided. Partially covered. EN ISO 13485 requires the retention of documents, including records, for at least the period specified by applicable regulatory requirements. The retention time defined in the Regulations is not provided explicitly. Partially covered. EN ISO 13485 requires communication with regulatory authorities in accordance with applicable regulatory requirements. The term 'regulatory authorities' is used in a general context and the term competent authority, as used in the Regulation, is not explicitly mentioned. The provision of specific information as detailed in the Regulation is not stated explicitly. Not covered. Covered. EN ISO 13485 requires the quality management system to comply with applicable regulatory requirements and that production is planned, carried out, monitored and controlled to ensure that product conforms to specification and regulatory requirements. Partially covered. EN ISO 13485 includes general reference to regulatory requirements and standards as design and development inputs. Identification of new or revised regulatory requirements is identified as an input into Management Review) and changes needed as a result of such changes required as outputs of Management Review). Change to the medical device is covered through control of design and development changes. Common specifications are not explicitly mentioned. Partially covered. EN ISO 13485 requires that the effectiveness of the quality management system is maintained and provides requirements for improvement processes, including corrective action and preventive action. There is no explicit requirement for the quality management system to be continually improved.

Requirements of Article 10 Clause(s) / sub-clause(s) of of Regulation (EU) 2017/745 this EN 9, zn~ paragraph 4, 5, 6, 7, 8 9, 3rd paragraph (a) 4.1.1, 7.3.9 9, 3,~ paragraph (b) 4.2.3, 7.2.lc), 7.3.3b), 7.3.4a), 7.3.5 9, 3ro paragraph (c) 5 9, 3rd paragraph (d) 4.1.5, 6, 7.4.1 9, 3rd paragraph (e) 4.1.2, 7.1 9,3 rd paragraph (t) 9, 3r~ paragraph (g) 7.1, 7.3.2, 7.3.8, 7.5.1, 7.5.4 9, 3rd paragraph (h) 9, 3r<1 paragraph (i) 8.2.1, 8.5.1 BS EN ISO 13485:2016+A11:2021 EN ISO 13485:2016+A11:2O21 Remarks / Notes Covered. Partially covered. EN ISO 13485 requires that the organization identifies applicable regulatory requirements and incorporates them in its quality management system. An explicit requirement for a documented regulatory strategy is not included. Control of design and development changes is explicitly specified. Partially covered. EN ISO 13485 includes a general reference to inclusion of applicable regulatory requirements and standards as a design input. The general safety and performance requirements, harmonized standards or common specifications are not mentioned explicitly. Covered. EN ISO 13485 defines responsibilities of top management. Covered. EN ISO 13485 includes specific requirements for provision of human resources including competence, infrastructure, work environment and contamination control. Partially covered. EN ISO 13485 includes requirements to apply a risk-based approach to the quality management system and apply risk management in product realization. The detail of the specific requirements of Annex 1 of the Regulation are not det.ailed specifically. Not covered. EN ISO 13485 requires clinical evaluation in accordance with applicable regulatory requirements. The specific details in Article 61 and Annex XIV and reference to post market clinical follow-up (PMCF) are not included explicitly. Covered. EN ISO 13485 requires planning of product realization, planning of design and development and planning of production and service provision. Not covered. EN ISO 13485 includes a requirement to control the UDI under the quality management system. The detail of the system prescribed in the Regulation is not specified explicitly. Partially covered. EN ISO 13485 requires a svstem of Post market surveillance vii

BS EN ISO 13485:2016+A11:2021 EN ISO 13485:2016+A11:2021 Requirements of Article 10 Clause(s) / sub-clause(s) of ofRegulation (EU) 2017 /745 this EN 9 3n1 paragraph U) 7.2.3 9, 3 rd paragraph (k) 8.2.2, 8.2.3, 8.3.3 9, 3rd paragraph (I) 8.5.2, 8.5.3 9, 3 rd paragraph (m) 8.2.5, 8,2.6, 8.4, 8.5 10 8.2.1, 8.5.1 11 4.2.3a), 7.3.3, 7.5.le) 12 7.2.3, 8.2.2d), 8.2.3, 8.3.3 viii Remarks/ Notes within the quality management system. The detail in Article 83 is not specified explicitly. Partially covered. EN ISO 13485 specifies requirements for communication with customers and regulatory authorities. The term 'regulatory authorities' is used in a general context and the terms competent authority and notified body, as used in the Regulation, are not explicitly mentioned. Other economic operators and other stakeholders are not exp] icitly mentioned. Partially covered. EN ISO 13485 requires processes for reporting events in accordance with applicable regulatory requirements. The details of the vigilance system and the timescales for reporting are not specified explicitly. Covered. EN ISO 13485 specifies requirements for management of corrective actions and preventive actions, including verification of their effectiveness. Covered. EN ISO 13485 includes requirements on monitoring and measurement of processes, analysis of data and improvement of product. Partially covered. EN ISO 13485 requires a system of post market surveillance in accordance with regulatory requirements within the quality management system. The detail in Article 83 is not covered explicitly. Partially covered. EN ISO 13485 includes a general requirement for design inputs to include applicable regulatory requirements and for the medical device file to include the labelling, including instructions for use. Specific requirements of Chapter III of Annex I are not explicitly included nor is the language in which the information is to be provided. The physical characteristics of the information on the label are not covered explicitly. Partially covered. EN ISO 13485 uses the definitions in ISO 9000 where this situation would be within the definition of a correction rather than a corrective action. Communication with customers and re1m\atorv authorities is reauired.

Requirements of Article 10 Clause(s) / sub-dause(s) of of Regulation (EU) 2017/745 this EN 13 8.2.3 14, tst paragraph 7.2.3 14, znd, 3n1 and 4m paragraphs 15 4.1, 4.2.3, 7.2.3, 7.4 16 BS EN ISO 13485:2016+A11:2021 EN ISO 13485:2016+A11:2021 Remarks / Notes The term 'regulatory authorities' is used in a general context and the terms competent authority and notified body, as used in the Regulation, are not explicitly mentioned. Distributors as a specific category of customer, and importers and authorized representative are not explicitly mentioned. Partially covered. EN ISO 13485 includes the requirements on adverse event reporting and mentions actions in the field to be reported. The detailed requirements in Articles 87 and 88 are not specified explicitly. Partially covered. EN ISO 13485 requires communication with regulatory authorities in accordance with applicable regulatory requirements. The term 'regulatory authorities' is used in a general context and the term competent authority, as used in the Regulation, is not explicitly mentioned. The provision of information as in the Regulation, the language in which it is to be provided, the provision of samples of the device free of charge or granting access to the device are not covered explicitly. Not covered. Refers to actions of the competent authority outside the scope of the standard. Partially covered. EN ISO 13485 requires communication with regulatory authorities in accordance with applicable regulatory requirements. The provision of information on the identity of a third party that designed or manufactured the medical device as in the Regulation are not covered explicitly. Not covered. ix

BS EN ISO 13485:2016+A11:2021 EN ISO 13485:2016+A11:2021 Table ZA.2 - Correspondence between this European standard and the requirements of Annex IX of Regulation (EU) 2017/745 [OJ L 117] Requirements of Annex IX of Clause(s) / sub-dause(s) of Remarks/ Notes Regulation (EU) 2017 /745 this EN 1 4.1 Partially covered. EN ISO 13485 requires the quality management system to comply with applicable regulatory requirements. EN ISO 13485 is applicable to all sizes of organization and all types and class of medical device. EN ISO 13485 does not have requirements for the quality management system to be subject to third party assessment or certification. 2.1, 1st sentence Not covered. 2.1, bullet 1 Not covered. 2.1, bullet 2 4.2 Covered. EN ISO 13485 requires that the quality management system documentation includes information on the device(s) within its scope. 2.1, bullet 3 Not covered. 2.1, bullet 4 Not covered. 2.1, bullet 5 4.2 Covered. EN ISO 13485 specifies the quality management system documentation and how it is controlled. 2.1, bullet 6 4.2, 5.1 Partially covered. EN ISO 13485 requires evidence of top management commitment to implementing the quality management system. EN ISO 13485 does not explicitly require a documented undertaking. 2.1, bullet 7 4.1.4, 4.2, 5.1, 5.4.2, 5.6, 6.1, 8 Covered. EN ISO 13485 requires that the quality management system is applied and maintained. 2 .1, bullet 8 8.2.1, 8.5.1 Partially covered. EN ISO 13485 references inclusion of applicable regulatory requirements on post market surveillance into the quality management system. The detailed requirements in the Regulation and to post-market clinical follow-up are not referenced explicitly. 2.1, bullet 9 8.2.1, 8.5.1 Partially covered. EN ISO 13485 references incl us ion of applicable regulatory requirements on post market surveillance into the quality management system. The detailed requirements in the regulation and post- market clinical follow-up are not referenced explicitly. X

Requirements of Annex IX of Clause(s) / sub-clause(s) of Regulation (EU) 2017/745 this EN 2.1, bullet 10 2.1, bullet 11 2.2, l st paragraph 4.1, 4.2, 5, 6, 8 2.2, 2n~ paragraph (a) 4.2.la). S.lc), 5.3c), 5.4.1, 7.la) 2.2, zn~ paragraph (b) indent 1 5.5.1 2.2, 2nd paragraph (b) indent 2 5.6, 7.3.5, 8.1, 8.2.1, 8.2.4, 8.2.5, 8.2.6, 8.3, 8.4, 2.2 2nd paragraph (b) indent 3 4.1.5, 7.4.1 2.2 2nd paragraph (b) indent 4 2.2, znd paragraph (c) 4.2.5, 7.3, 2.2, znd paragraph (c) indent 1 4.1.1, 7.3.9 BS EN ISO 13485:2016+A11 :2021 EN ISO 13485:2016+A11:2021 Remarks / Notes Not covered. EN ISO 13485 requires clinical evaluation in accordance with planned and documented arrangements and applicable regulatory requirements. A clinical evaluation plan is not referenced explicitly. Not covered. Partially covered. EN ISO 13485 requires that the quality management system is implemented systematically in accordance with the requirements of the standard and applicable regulatory requirements. EN ISO 13485 requires a quality manual, written policies and procedures, quality planning and quality records. Covered. EN ISO 13485 requires that quality objectives are defined and documented. Covered. EN ISO 13485 requires that organizational structures, roles and responsibilities, and interrelationships are defined and documented. Covered. EN ISO 13485 includes requirements on monitoring the operation of the quality management system and the control of non- conforming product. Covered. EN ISO 13485 has requirements for cases when an organization outsources an activity, and these requirements link with the requirements for evaluation and selection of suppliers, their monitoring and their re-evaluation. Not covered. Covered. EN ISO 13485 covers design and development controls as well as the control of document.ation, including records. Partially covered. EN ISO 13485 requires that the organization identifies applicable regulatory requirements and incorporates them in its quality management system. An explicit requirement for a documented regulatory strategy is not included. Control of design and development changes is explicitly specified. xi

BS EN ISO 13485:2016+A11:2021 EN ISO 13485:2016+A11:2021 Requirements of Annex IX of Clause(s) / sub-clause(s) of Regulation (EU) 2017/745 this EN 2.2, 2nd paragraph (c) indent 2 7.2.lc), 7.3.3 2.2, 2°d paragraph (c) indent 3 4.1.2, 7.1 2.2, 2nd paragraph (c) indent4 2.2, 2°d paragraph (c) indent 5 7.3 2.2, 2nd paragraph (c) indent 6 4.2.3a), 7.3.3b). 7.5.le) 2.2, 2nd paragraph (c) indent 7 7.5.8, 7.5.9 2.2, 2nd paragraph (c) indent 8 4.1.4, 4.2.4, 5.6.2, 5.6.3, 7.3.3, 7.3.9 xii Remarks/ Notes Partially covered. EN ISO 13485 includes a general reference to inclusion of applicable regulatory requirements and standards as a design input The general safety and performance requirements, harmonized standards or common specifications are not mentioned explicitly. Partially covered. EN ISO 13485 includes requirements to apply a risk-based approach to the quality management system and apply risk management in product realization. The detail of the specific requirements of Annex 1 of the Regulation are not detailed specifically. Not covered. EN ISO 13485 requires clinical evaluation in accordance with applicable regulatory requirements. The specific details in Article 61 and Annex XIV and reference to post market clinical follow-up (PMCF) are not included explicitly. Partially covered. EN ISO 13485 details requirements for design and development verification and validation. Preclinical evaluation as an aspect of design verification is not mentioned explicitly. Partially covered. EN ISO 13485 includes a general requirement for design inputs to include applicable regulatory requirements and for the medical device file to include the labelling, including instructions for use. Specific requirements of Chapter lll of Annex I are not included explicitly. Covered. EN ISO 13485 specifies requirements for identification and traceability. Partially covered. EN ISO 13485 includes general reference to regulatory requirements and standards as design and development inputs. Identification of new or revised regulatory requirements is identified as an input into Management Review and changes needed as a result of such inputs are required as outputs of Management Review. Change to the medical device is covered through control of design and development changes.

Requirements of Annex IX of Clause(s) / sub-clause(s) of Regulation (EU) 2017/745 this EN 2.2, 2 nd paragraph (d). 7.5.1, 7.5.5, 7.5.6, 7.5.7 2.2, 2nd paragraph ( e). 7.4.3, 7.5.1, 7.5.9, 7.6, 8.2.5, 8.2.6 2.2 3rd paragraph 7.2.3, 2.4 4.1.4, 7.2.3 3.2 7.2.3 BS EN ISO 13485:2016+A11:2021 EN ISO 13485:2016+A11:2021 Remarks / Notes Covered. EN ISO 13485 covers controls in product realization including sterilization. Covered. EN ISO 13485 covers monitoring and measurement of product and the calibration oftest equipment. Partially covered. EN ISO 13485 requires communication with regulatory authorities in accordance with applicable regulatory requirements. The term 'regulatory authorities' is used in a general context and tbe term notified body, as used in the Regulation, is not explicitly mentioned. The provision of specific infonnation as detailed in the Regulation is not detailed explicitly. Partially covered. EN ISO 13485 requires incorporation of regulatory requirements into the QMS and communication with regulatory authorities in accordance with regulatory requirements. The term 'regulatory authorities' is used in a general context and the term notified body, as used in the Regulation, is not explicitly mentioned. Communication in relation to changes in the QMS or range of medical devices is not referred to specifically. Partially covered. EN ISO 13485 requires communication with regulatory authorities in accordance with applicable regulatory requirements. The term 'regulatory authorities' is used in a general context and the term notified body, as used in the Regulation, is not explicitly mentioned. The provision of specific information as detailed in the Regulation is not detailed explicitly. xiii

BS EN ISO 13485:2016+Al 1:2021 EN ISO 13485:2016+A11:2021 Table ZA.3 -Correspondence between this European standard and the requirements of Annex XI of Regulation (EU) 2017 /745 [OJ L 117] Requirements of Annex XI of Clause{s) / sub•clause(s) Remarks / NotesRegulation (EU) 2017/745 of this EN 4 4.1, 5.1, 8.2.6 Partially covered. EN ISO 13485 has requirements for the implementation of the quality management system and final verification. EN ISO 13485 does not have requirements for the quality management system to be subject to third party assessment or certification. 5 Not covered. 6.1, l st sentence Not covered. 6.1, bullet 1 See Table ZA.2, 2.1. 6.1, bullet 2 4.2.3 Partially covered. EN ISO 13485 requires that the quality management system includes one or more files either containing or referencing documents generated to demonstrate compliance with applicable regulatory requirements. A summary of the types of documents is provided. All the detail in Annexes JI and III is not provided explicitly. 6.1, bullet 3. Not covered. 6.2, 1st paragraph 4.1 Partially covered. EN ISO 13485 requires that the quality management system is implemented systematically in accordance with the requirements of the standard and applicable regulatory requirements. EN ISO 13485 requires a quality manual, written policies and procedures, quality planning and quality records. EN 150 13485 does not explicitly reference conformance to an approved type- examination certificate. 6.2, 2nd paragraph, reference to 4.2.la), 5.lc), 5.3c), 5.4.1, Covered. EN ISO 13485 requires that Annex IX, 2.2 (a) 7.la) quality objectives are defined and documented. 6.2, 2nd paragraph, reference to 5.5.1 Covered. EN ISO 13485 requires that Annex IX, 2.2 (b), indent 1 organizational structures, roles and responsibilities, and interrelationships are defined and documented. 6.2, 2nd paragraph, reference to 5.6, 7.3.5, 8.1, 8.2.1, 8.2.4, Covered. EN ISO 13485 includes Annex IX, 2.2 (b), indent 2 8.2.5, 8.2.6, 8.3, 8.4, requirements on monitoring the operation of the quality management system and the control of non-conforming product. 6.2, 2nd paragraph, reference to 4.1.5, 7.4.1 Covered. EN ISO 13485 has requirements Annex IX, 2.2 (b), indent 3 for cases when an organization outsources an activity, and these requirements link with the requirements for evaluation and xiv

Requirements of Annex XI of Clause(s) / sub•clause(s) Regulation (EU) 2017/745 of this EN 6.2, 2nd paragraph, reference to Annex IX, 2.2 (b), indent 4 6.2, 2 nd paragraph, reference to 7.5.1, 7.5.5, 7.5.6, 7.5.7 Annex IX, 2.2 (d) 6.2, 2nd paragraph, reference to 7.4.3, 7.5.1, 7.6, 8.2.S, 8.2.6 Annex IX, 2.2 ( e) 6.4 4.1.4, 7.2.3 7, 1st paragraph 7.2.3 12, t•t paragraph 4.2.1, 4.2.3, 4.2.4, 4.2.5, 6, 7.1, 7.4, 7.5, 7.6, 8.2.5, 8.2.6, 8.3, 8.5 12, 2 nd paragraph 13 8.2.1, 8.5.1 BS EN ISO 13485:2016+All:2021 EN ISO 13485:2016+A11:2021 Remarks/ Notes selection of suppliers, their monitoring and their re-evaluation. Not covered. Covered. EN ISO 13485 covers controls in product realization including sterilization. Covered. EN ISO 13485 covers monitoring and measurement of product and the calibration of test equipment. Partially covered. EN ISO 13485 requires incorporation of regulatory requirements into the QMS and communication with regulatory authorities in accordance with regulatory requirements. The term 'regulatory authorities' is used in a general context and the term notified body, as used in the Regulation, is not explicitly mentioned. Communication in relation to changes in the QMS or range of medical devices is not referred to specifically. Partially covered. EN ISO 13485 requires communication with regulatory authorities in accordance with applicable regulatory requirements. The term 'regulatory authorities' is used in a general context and the term notified body, as used in the Regulation, is not explicitly mentioned. The provision of specific information as detailed in the Regulation is not detailed explicitly. Covered. EN ISO 13485 covers controls of documents, infrastructure, product realization including sterilization, nonconformity and corrective action. See ail of 6 and 7 in th is table above. Partially covered. EN ISO 13485 references inclusion of applicable regulatory requirements on post market surveillance into the quality management system. The detailed requirements in the regulation are not referenced explicitly. WARNING 1: Presumption of conformity stays valid only as long as a reference to this European standard is maintained in the list published in the Official Journal of the European Union. Users of this standard should consult frequently the latest list published in the Official Journal of the European Union. WARNING 2: Other Union legislation may be applicable to the product(s) falling within the scope of this standard. xv

BS EN ISO 13485:2016+All:2021 EN ISO 13485:2016+A11:2021 AnnexZB (informative) Relationship between this European standard and the requirements of Regulation (EU) 2017/746 aimed to be covered This European standard has been prepared under a Commission's standardisation request M/575 of 14.4.2021 to provide one voluntary means of conforming to the requirements of Regulation (EU) 2017/746 of 5 April 2017 concerning in vitro diagnostic medical devices [OJ L 117]. Once this standard is cited in the Official Journal of the European Union under that Regulation, compliance with the normative clauses of this standard given in Tables ZB.1, ZB.2 or ZB.3 confers. within the limits of the scope of this standard, a presumption of conformity with the corresponding requirements of that Regulation, and associated EFTA regulations. This Annex covers the relationship of this European standard with: • the general obligations of the manufacturer in Article 10 (Table ZB.1 ); and, • the quality management system requirements in the conformity assessment annexes (Annexes IX and XI) (Table ZB.2 and ZB.3 respectively). EN ISO 13485:2016 is an adoption of an international standard, ISO 13485:2016, which is intended to be applicable in jurisdictions all over the world. Therefore, it is not the primary goal of ISO 13485:2016 to cover exactly the European quality management system requirements. Consequently, for all of the qua) ity management system requirements, conformity is not entirely achieved by complying only with the requirements specified in EN ISO 13485. Manufacturers and conformity assessment bodies will need to integrate the quality management system requirements in the applicable European Regulation into the processes provided by EN ISO 13485. In addition, the European Regulations require the incorporation of certain processes in the quality management system, such as clinical evaluation, risk management, post• market surveillance, and assignment of unique device identification. EN ISO 13485 requires the integration of these processes into the quality management system in accordance with regulatory requirements but does not explicitly include the details of the particular European Union regulatory requirements within the standard. Furthermore, the definitions in applicable regulatory requirements differ from nation to nation and region to region. As a result, the definitions in this document can differ in wording from those in European Regulations. For use in support of European requirements, definitions in the European regulations for medical devices take precedence. In addition to requirements on the manufacturer's quality management system, Article 10 and Annexes IX and XI of the European Regulations include a description of the regulatory processes and activities undertaken by the notified body, competent authority and European Commission, which are outside of the scope of EN ISO 13485 and therefore not covered by the standard. NOTE 1 Where a reference from a clause of this standard to the risk management process is made, the risk management process needs to he in compliance with Regulation (EU) 2017/7 46. This means that risks have to be 'reduced as far as possible', 'reduced to a level as low as reasonably practicable', 'reduced to the lowest possible level', 'reduced as far as possible and appropriate', 'removed or reduced as far as possible', 'eliminated or reduced as far as possible', 'prevented' or 'minimized', according to the wording of the corresponding General Safety and Performance Requirement. NOTE 2 The manufacturer's policy for determining accept.able risk must be in compliance with General Safety and Performance Requirements 1, 2, 3, 4, 5, 8, 10, 11, 13, 15, 16, 17, 18 and 19 of the Regulation. xvi

BS EN ISO 13485:2016+A11:2021 EN ISO 13485:2016+A11:2021 NOTE 3 This Annex ZB is based on normative references according to the table of references in the European Foreword, replacing the references in the core text. NOTE 4 When a requirement does not appear in Tables ZB.11 ZB.2 or ZB.3 it means that it is not addressed by this European Standard. Table ZB.1 - Correspondence between this European standard and Article 10 of Regulation (EU) 2017/746 [OJ L 117] Requirements of Article 10 of Clause(s} / sub-clause(sJ Remarks/ Notes Regulation (EU) 2017/746 of this EN 1 4.1, 7.1. 7.2.lc), 7.2.2c), 7.3, Partially covered. EN ISO 13485 includes 7.5. requirements for the QMS, design and development and manufacturing that require incorporation of the regulatory requirements into the quality management system. 2 7,1 Partially covered. EN ISO 13485 includes requirements to risk management in product realization. The detail of the specific requirements of Annex 1, Chapter 1 of the Regulation is not stated explicitly 3 Not covered. 7.3.7 of EN ISO 13485 requires performance evaluation in accordance with applicable regulatory requirements. The details contained in Article 56 and Annex XIII are not provided. 4, first paragraph 4.2.3 Partially covered. EN ISO 13485 requires that the quality management system includes one or more files either containing or referencing documents generated to demonstrate compliance with applicable regulatory requirements. A summary of the types of documents is provided. All the detail in Annexes II and III is not provided explicitly. 41 second paragraph Not covered. 5 Not covered. Preparation of the EU declaration of conformity and affixing the CE mark is not covered in EN ISO 13485. 6 Not covered. 7.5.8 ofEN ISO 13485 includes a requirement to control the UDI under the quality management system. The detail of the system prescribed in the Article 24, and with the registration obligations referred to in Articles 26 and 28, are not provided. 7, 1,1 paragraph 4.2.4, 4.2.5, 7.2.3 Partially covered. EN ISO 13485 requires the retention of documents, including records, for at least the period specified bv a oo\icahle reeu\atoi:v requirements. xvii

BS EN ISO 13485:2016+A11:2021 EN ISO 13485:2016+A11:2021 Requirements of Article 10 of Clause(s) / sub-clause(s) Regulation (EU) 2017/746 of this EN 7, 2nd paragraph 7.2.3 7, 3 rd paragraph 8, 1st paragraph, 1•1 sentence 4, 5, 6, 7, 8 8, 1st paragraph, 2nd sentence 4.1.4, 4.2.4, 5.6.2, 5.6.3, 7.3.3, 7.3.9 8, 1st paragraph, 3rd sentence 4.1 8, 2°d paragraph 4, 5, 6, 7, 8 8, 3n1 paragraph (a) 4.1.1, 7.3.9 xviii Remarks / Notes The retention time defined in the Regulations is not provided explicitly. Partially covered. EN ISO 13485 requires communication with regulatory authorities in accordance with applicable regulatory requirements. The term 'regulatory authorities' is used in a general context and the term competent authority, as used in the Regulation, is not explicitly mentioned. The provision of specific information as detailed in the Regulation is not stated explicitly. Not covered. Covered. EN ISO 13485 requires the quality management system to comply with applicable regulatory requirements and that production is planned, carried out, monitored and controlled to ensure that product conforms to specification and regulatory requirements. Partially covered. EN ISO 13485 includes general reference to regulatory requirements and standards as design and development inputs. Identification of new or revised regulatory requirements is identified as an input into Management Review and changes needed as a result of such inputs are required as outputs of Management Review. Change to the medical device is covered through control of design and development changes. Common specifications are not explicitly mentioned. Partially covered. EN ISO 13485 requires that the effectiveness of the quality management system is maintained and provides requirements for improvement processes, including corrective action and preventive action. There is no explicit requirement for the quality management system to be continually improved. Covered. Partially covered. EN ISO 13485 requires that the organization identifies applicable regulatory requirements and incorporates them in its quality management system. An explicit requirement for a documented regulatory strategy is not included. Control of design and development changes is explicitly specified.

Requirements of Article 10 of Clause(s) / sub-dause(s) Regulation (EU) 2017/746 of this EN 8, 3rd paragraph (b) 4.2.3, 7.2.lc), 7.3.3b), 7.3.4a), 7.3.5 8, 3rd paragraph (c) 5 8, 3rc1 paragraph (d} first element, 6 resource management 8, 3,d paragraph (d) second 4.1.5, 7.4.1 element, suppliers and subcontractors 8, Jrd paragraph (e) 4.1.2, 7.1 8, 3 rd paragraph (fl 8, 3 rd paragraph (g) 7.1, 7.3.2, 7.3.8, 7.5,1, 7.5.4 8, 3rd paragraph (h) 8, 3rd paragraph (i) 8.2.1, 8.5.1 8, 3rd paragraph U) 7.2.3 BS EN ISO 13485:2016+A11:2021 EN ISO 13485:2016+A11:2021 Remarks/ Notes Partially covered. EN ISO 13485 includes a general reference to inclusion of applicable regulatory requirements and standards as a design input. The general safety and performance requirements, harmonized standards or common specifications are not mentioned explicitly. Covered. EN ISO 13485 defines responsibilities of top management. Covered. EN ISO 13485 includes specific requirements for provision of human resources including competence, infrastructure, work environment and contamination control. Covered. EN ISO 13485 includes requirements on the evaluation and selection of suppliers, their monitoring and their re-evaluation. Partially covered. EN ISO 13485 includes requirements to apply a rtsk-based approach to the quality management system and apply risk management in product realization. The detail of the specific requirements of Annex 1 of the Regulation are not detailed specifically Not covered. EN ISO 13485 requires performance evaluation in accordance with applicable regulatory requirements. The specific details in Article 56 and Annex XIV and reference to post market performance follow-up (PMPF) are not included explicitly. Covered. EN ISO 13485 requires planning of product realization, planning of design and development and planning of production and service provision. Not covered. EN ISO 13485 includes a requirement to control the UDI underthe quality management system. The detail of the system prescribed in the Regulation is not specified explicitly. Partially covered. EN ISO 13485 requires a system of post market surveillance within the quality management system. The detail in Article 78 is not specified explicitly. Partially covered. EN JSO 13485 specifies requirements for communication w ith customers and re1mlatorv authorities. The xix

BS EN ISO 13485:2016+A11:2021 EN ISO 13485:2016+A11:2021 Requirements of Article 10 of Clause(s) / sub-clause(s) Regu)ation(EU)2017/746 of this EN 8, 3rd paragraph (k) 8.2.2, 8.2.3, 8.3.3 8, 3 rd paragraph (I) 8.5.2, 8.5.3 8, 3rd paragraph (m) 8.2.5, 8.2.6, 8.4, 8.5 9 8.2.1, 8.5.1 10 4.2.3aJ 7.3.3, 7.5.le) 11, 1st paragraph 7.2.3, 8.3.3 xx Remarks/ Notes term 'regulatory authorities' is used in a general context and the terms competent authority and notified body, as used in the Regulation, are not explicitly mentioned. Other economic operators and other stakeholders are not explicitly mentioned. Partially covered. EN ISO 13485 requires processes for reporting events in accordance with applicable regulatory requirements. The details of the vigilance system and the timescales for reporting are not specified explicitly. Covered. EN ISO 13485 specifies requirements for management of corrective actions and preventive actions, including verification of their effectiveness. Covered. EN ]SO 13485 includes requirements on monitoring and measurement of processes, analysis of data and improvement of product. Partially covered. EN ISO 13485 requires a system of post market surveillance in accordance with regulatory requirements within the quality management system. The detail in Article 78 is not covered explicitly. Partially covered. EN ISO 13485 includes a general requirement for design inputs to include applicable regulatory requirements and for the medical device file to include the labelling, including instructions for use. Specific requirements of Annex I are not explicitly included nor is the language in which the information is to be provided. The physical characteristics of the information on the label are not covered explicitly. Partially covered. EN ISO 13485 uses the definitions in ISO 9000 where this situation would be within the definition of a correction rather than a corrective action. Communication with customers and regulatory authoMties is required. The term 'regulatory authorities' is used in a general context and the terms competent authority and notified body, as used in the Regulation, are not explicitly mentioned. Distributors as a specific category of customer, and importers and authorized representative are not explicitly mentioned.

Requirements of Article 10 of Clause(s) / sub-clause(s) Regulation (EU) 2017/746 of this EN 11, zn~ paragraph 8.2.2d), 8.2.3, 8.3.3 12 8.2.3 13, 1st paragraph 7.2.3 13, znd, 3rd and 4th paragraphs 14 4.1, 4.2.3, 7.2.3, 7.4 15 BS EN ISO 13485:2016+A11:2021 EN ISO 13485:2016+A11:2021 Remarks / Notes Partially covered. EN ISO 13485 uses the definitions in ISO 9000 where this situation would be within the definition of a correction rather than a corrective action Communication with regulatory authorities is required in accordance with regulatory requirements. Specific regulatory bodies are not stated explicitly. Partially covered. EN ISO 13485 includes the requirements on adverse event reporting and mentions actions in the field to be reported. The detailed requirements in Articles 82 and 83 are not specified explicitly. Partially covered. EN ISO 13485 requires communication with regulatory authorities in accordance with applicable regulatory requirements. The term 'regulatory authorities' is used in a general context and the term competent authority, as used in the Regulation, is not explicitly mentioned. The provision of information as in the Regulation, the language in which it is to be provided, the provision of samples of the device free of charge or granting access to the device are not covered explicitly. Not covered. Partially covered. EN ISO 13485 requires communication with regulatory authorities in accordance with applicable regulatory requirements. The provision of information on the identity of a third party that designed or manufactured the medical device as in the Regulation are not covered explicitly. Not covered. xxi

BS EN ISO 13485:2016+A11:2021 EN ISO 13485:2016+A11:2021 Table ZB.2 - Correspondence between this European standard and Annex IX of Regulation (EU) 2017 /746 [OJ L 117] Requirements of Annex IX Clause(s) / sub-clause(s) of Regulation (EU) Remarks / Notes 2017/746 of this EN 1 4.1 Partially covered. EN ISO 13485 requires the quality management system to comply with applicable regulatory requirements. EN ISO 13485 is applicable to all sizes of organization and all types and class of medical device. EN ISO 13485 does not have requirements for the quality management system to be subject to third party assessment or certification. 2.1, 1st sentence Not covered. 2.1, bullet 1 Not covered. 2.1, bullet 2, 4.2 Covered. EN ISO 13485 requires that the quality management system documentation includes information on the device(s) within its scope. 2.1, bullet 3, Not covered. 2.1, bullet 4 Not covered. 2.1, bullet 5, 4.2 Covered. EN ISO 13485 specifies the quality management system documentation and how it is controlled. 2.1, bullet 6, 4.2, 5.1 Partially covered. EN ISO 13485 requires evidence of top management commitment to implementing the quality management system. EN ISO 13485 does not explicitly require a documented undertaking. 2.1, bullet 7 4.1.4, 4.2, 5.1, 5.4.2, 5.6, 6.1, 8 Covered. EN ISO 13485 requires that the quality management system is applied and maintained. 2.1, bul!et 8 8.2.1, 8.5.1 Partially covered. EN ISO 13485 references inclusion of applicable regulatory requirements on post market surveillance into the quality management system. The detailed requirements in the Regulation to post-market performance follow-up are not referenced explicitly. 2.1, bullet 9 8.2.1, 8.5.1 Partially covered. EN ISO 13485 references inclusion of applicable regulatory requirements on post market surveillance into the quality management system. The detailed requirements in the regulation and post-market performance follow-up are not referenced explicitly. 2.1, bullet 10 Not covered. EN ISO 13485 requires performance evaluation in accordance with planned and documented arrangements and aoolicah\e rel?tl]atorv xxii

Requirements of Annex IX Clause(s) / sub-clause(s) of Regulation (EU) of this EN 2017/746 2.1, bullet 11 2.2, 1st paragraph 4.1, 4.2, 5, 6, 8 2.2, 2nd paragraph (a) 4.2.la), 5.1c), 5.3c), 5.4.1, 7.1a) 2.2. 2nd paragraph (b) indent 5.5.1 1 2.2, 2nd paragraph (b) indent 5.6, 7.3.5, 8.1, 8.2.1, 8.2.4, 8.2.5, 2 8.2.6, 8.3, 8.4 2.2, znd paragraph (b) indent 4.1.5, 7.4 3 2.2, 2nd paragraph (b) indent 4 2.2, 2nd paragraph (c) 4.2.5, 7.3, 2.2, 2 nd paragraph (c) indent 4.1.1, 7.3.9 1 BS EN ISO 13485:2016+A11:2021 EN ISO 13485:2016+A11:2021 Remarks / Notes requirements. A performance evaluation plan is not referenced explicitly. Not covered. EN ISO 13485 requires that the continued suitability of the medical device is maintained. A performance evaluation plan is not referenced explicitly. Partially covered. EN ISO 13485 requires that the quality management system is implemented systematically in accordance with the requirements of the standard and applicable regulatory requirements. EN ISO 13485 requires a quality manual, written policies and procedures, quality planning and quality records. Covered. EN ISO 13485 requires that quality objectives are defined and documented. Covered. EN JSO 13485 requires that organizational structures, roles and responsibilities, and interrelationships are defined and documented. Covered. EN ISO 13485 includes requirements on monitoring the operation of the quality management system and the control of non-conforming product Covered. EN ISO 13485 has requirements when an organization outsources an activity which link with the requirements for evaluation and selection of suppliers, their monitoring and their re-evaluation. Not covered. Covered. EN ISO 13485 covers design and development controls as well as the control of documentation, including records, Partially covered. EN ISO 13485 requires that the organization identifies applicable regulatory requirements and incorporates them in its quality management system. An explicit requirement for a documented regulatory strategy is not included. Control of design and development changes is explicitly specified. xxiii

BS EN ISO 13485:2016+A11:2021 EN ISO 13485:2016+A11:2021 Requirements of Annex IX Clause(s) / sub-clause(s) of Regulation (EU) 2017 /746 of this EN 2.2, 2•d paragraph (c) indent 2 2.2, 2nd paragraph ( c) indent 3 2.2, 2 nd paragraph (c) indent 4 2.2, zod paragraph (c) indent 5 2.2, 2nd paragraph (c) indent 6 2.2, 2•d paragraph (c) indent 7 7.2.lc), 7.3.3 4.1.2, 7.1 7.3.4, 7.3.6, 7.3.7 4.2.3a) 7.3.3h), 7.5.le) 7.5.8, 7.5.9 2.2, 2nd paragraph (c) indent 8 4.1.4, 4.2.4, 5.6.2, 5.6.3, 7.3.3, 7.3.9 xxiv Remarks/ Notes Partially covered. EN ISO 13485 includes a general reference to inclusion of applicable regulatory requirements and standards as a design input. The general safety and performance requirements, harmonized standards or common specifications are not mentioned explicitly. Partially covered. EN ISO 13485 includes requirements to apply a risk-based approach to the quality management system and apply risk management in product realization, The detail of the specific requirements of Annex 1 of the Regulation are not detailed specifically. Not covered. EN ISO 13485 requires performance evaluation in accordance with applicable regulatory requirements. The specific details in Article 56 and Annex XIV and reference to post market performance follow-up (PMPF) are not included explicitly. Partially covered. EN ISO 13485 details requirements for design and development verification and validation. Preclinical evaluation as an aspect of design verification is not mentioned explicitly. Partially covered. EN ISO 13485 includes a general requirement for design inputs to include applicable regulatory requirements and for the medical device file to include the labelling, including instructions for use. Specific requirements of Chapter Ill of Annex I are not included explicitly. Covered. EN ISO 13485 specifies requirements for identification and traceability. Partially covered. EN ISO 13485 includes general reference to regulatory requirements and standards as design and development inputs. Identification of new or revised regulatory requirements is identified as an input into Management Review and changes needed as a result of such inputs are required as outputs of Management Review. Change to the medical device is covered through control of design and development changes.

Requirements of Annex IX Clause(s) / .sub-clause(s) of Regulation (EU) of this EN 2017/746 2.2, 2nd paragraph (d) 7.5.1, 7.5.5, 7.5.6, 7.5.7 2.2, 2nd paragraph ( e) 7.4.3, 7.5.1, 7.5.9, 7.6, 8.2.5. 8.2.6 2.2, 3rd paragraph 7.2.3 2.4 4.1.4, 7.2.3 3.2 7.2.3 BS EN ISO 13485:2016+A11:2021 EN ISO 13485:2016+A11:2021 Remarks / Notes Covered. EN ISO 13485 covers controls in product realization including sterilization. Covered. EN ISO 13485 covers monitoring and measurement of product and the calibration oftest equipment Partially covered. EN 1S0 13485 requires communication with regulatory authorities in accordance with applicable regulatory requirements. The term 'regulatory authorities' is used in a general context and the term notified body, as used in the Regulation, is not explicitly mentioned. The provision of specific information as detailed in the Regulation is not detailed explicitly. Partially covered. EN ISO 13485 requires incorporation of regulatory requirements into the QMS and communication with regulatory authorities in accordance with regulatmy requirements. The term 'regulatory authorities' is used in a general context and the term notified body, as used in the Regulation, is not explicitly mentioned. Communication in relation to changes in the QMS or range of medical devices is not referred to specifically. Partially covered. EN ISO 13485 requires communication with regulatory authorities in accordance with applicable regulatory requirements. The term 'regulatory authorities' is used in a general context and the term notified body, as used in the Regulation, is not explicitly mentioned. The provision of specific information as detailed in the Regulation is not detailed explicitly. XXV

BS EN ISO 13485:2016+A1L2021 EN ISO 13485:2016+A11:2021 Table ZB.3 - Correspondence between this European standard and Annex XI of Regulation (EU) 2017 /746 [OJ L 117] Requirements of Annex XI of Clause(s) / sub-clause{s) Remarks / Notes Regulation (EU) 2017/746 of this EN 1 4.1, 5.1, 8.2.6 Partially covered. EN ISO 13485 has requirements for the implementation of the quality management system and final verification. EN ISO 1348 5 does not have requirements for the quality management system to be subject to third party assessment or certification. 2 Not covered. Preparation of the EU declaration of confonnity and affixing the CE mark is not covered in EN ISO 13485. 3.1, 1" paragraph Not covered. 3.1, 2nd paragraph, bullet 1 See Table ZB.3. section 2.1 3.1, 2nd paragraph, bullet 2 4.2.3 Partially covered. EN ISO 13485 requires that the quality management system includes one or more files either containing or referencing documents generated to demonstrate compliance with applicable regulatory requirements. A summary of the types of documents is provided. All the detail in Annexes II and III is not provided explicitly. 3.1, 2nd paragraph, bullet 3 Not covered. 3.2, 1st paragraph 4.1 Partially covered. EN ISO 13485 requires that the quality management system is implemented systematically in accordance with the requirements of the standard and applicable regulatory requirements. EN ISO 13485 requires a quality manual, written policies and procedures, quality planning and quality records. EN ISO 13485 does not explicitly reference conformance to an approved type- examination certificate. 3.2, 2ntl paragraph, reference to 4.2.la), 5.1c), 5.3c), 5.4.1, Covered, EN ISO 13485 requires that Annex IX, 2.2 (a) 7.la) quality objectives are defined and documented. 3.2, 2 nd paragraph, reference to 5.5.1 Covered, EN ISO 13485 requires that Annex IX, 2.2 (b), indent 1 organizational structures, roles and responsibilities, and interrelationships are defined and documented. 3.2, 2nd paragraph, reference to 5.6, 7.3.5, 8.1, 8.2.1, 8.2.4, Covered. EN ISO 13485 includes Annex IX, 2.2 (b), indent 2 8.2.5, 8.2.6, 8.3, 8,4, requirements on monitoring the operation of the quality management system and the control of non-conforming product. 3.2, znd paragraph, reference to 4.1.5, 7.4.1 Covered. EN ISO 13485 has requirements Annex IX, 2.2 (b), indent 3 for cases when an organization outsources an activitv and these reouirements link xxvi

Requirements of Annex XI of Clause(s) / sub-clause(s) Regulation (EU) 2017/746 of this EN 3.2, 2nd paragraph, reference to Annex IX, 2.2 (b), indent4 3.2, 2nd paragraph, reference to 7.5.1, 7.5.5, 7.5.6, 7.5.7 Annex IX, 2.2 (d) 3.2, 2nd paragraph, reference to 7.4.3, 7.5.1, 7.6, 8.2.5, 8.2.6 Annex IX, 2.2 (e) 6, bullet 1 6, bullet 2, reference to Annex IX, 4.2 2.1 bullet 5 6, bullet 3 6, bullet 4, reference to Annex IX, 4.1.4, 7.2.3 2.4 6, bullet 5 BS EN ISO 13485:2016+A11:2021 EN ISO 13485:2016+A11:2021 Remarks/ Notes with the requirements for evaluation and selection of suppliers, their monitoring and their re-evaluation. Not covered. Covered. EN ISO 13485 covers controls in product realization including sterilization. Covered. EN ISO 13485 covers monitoring and measurement of product and the calibration oftest equipment. Not covered. Covered. EN ISO 13485 specifies the quality management system documentation and how it is controlled. Not covered. Partially covered. EN ISO 13485 requires incorporation of regulatory requirements into the QMS and communication with regulatory authorities in accordance with regulatory requirements. The term 'regulatory authorities' is used in a general context and the term notified body, as used in the Regulation, is not explicitly mentioned. Communication in relation to changes in the QM S or range of medical devices is not referred to specifically. Not covered. WARNING 1: Presumption of conformity stays valid only as long as a reference to this European standard is maintained in the list published in the Official Journal of the European Union. Users of this standard should consult frequently the latest list published in the Official Journal of the European Union. WARNING 2: Other Union legislation may be applicable to the product(s) falling within the scope of this standard. xxvii

Contents BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(E) Page Foreword ........................................................................................................................................................................................................................................v Introduction .............................................................................................................................................................................................................................vi 1 Scope ................................................................................................................................................................................................................................. 1 Z Normative references .................................................................................................................................................................................... 1 3 Terms and definitions .................................................................................................................................................................................. 1 4 Quality management system ........................................................................................................... ...................................................... 6 4.1 General requirements ..................................................................................................................................................................... 6 4.2 Documentation requirements ................................................................................................................................................... 7 4. 2.1 General..................................................................................................................................................................................... 7 4.2.2 Quality manual ............................................................................................................................................................... 7 4. 2.3 Medical device file .................................................................................................................................................... 7 4.2.4 Control of documents ......................................................................................................................................... 8 4. 2. 5 Control of records ........................................................................................................................................................... 8 5 Management responsibility .................................................................................................................................................................. 9 5.1 Management commitment......................................................................................................................................................... 9 5.2 Customer focus ....................................................................................................................................................................................... 9 5.3 Quality policy.................................................................................................................................................................................... 9 5.4 Planning ........................................................................................................................................................................................................ 9 5.4.1 Quality objectives ........................................................................................................................................................ 9 5.4.2 Quality management system planning ....................................................................................................... 9 5.5 Responsibility, authority and communication ........................................................................................ 10 5.5.1 Responsibility and authority ........................................................................................................................ 10 S.S.2 Management representative ............................................................................................................................... 10 5.5.3 Internal communication ........................................................................................................................................ 10 5.6 Management review ...................................................................................................................................................................... 10 5.6.1 General..............................................................................................................................................................................

c.) BS EN ISO 13485:2016+All:2021 ISO 134BS:2016(E) 7.4 Purchasing ................................................................................................................,.................................................,........................... 17 7.4.1 Purchasing process .................................................................................................................................................,17 7.4.2 Purchasing information ............................................................................................................................. 17 7.4.3 Verification of purchased product................................................. . ........................................ 17 7.5 Production and service provision.....................................................................................................................................,18 7.5.1 Control of production and service provision.................................................................................... 18 7.5.2 Cleanliness of product........................................................................................................................................... 18 7.5.3 Installation activities ................................................................................................................................................ 18 7.5.4 Servicing activities ....................................................................................................................................... ,,............ 19 7.5.S Particular requirements for sterile medical devices ............................................................. 19 7.5.6 Validation of processes for production and service provision ............................................ 19 7.5.7 Particular requirements for validation of processes for sterilization and sterile barrier systems ........................................,.................................................................................................. 19 7.5.8 Identification ............................................................................................................................................,...................... 20 7.5.9 Traceability .................................................................................................................................................................... 20 7.5.10 Customer property.....................................................................................................................,............................. 20 7.5.11 Preservation of product .................................................................... ........................................ 20 7.6 Control of monitoring and measuring equipment ........................................................................................... 21 8 Measurement, analysis and improvement ...........................................,...............................................................................22 8.1 General .................................................................................................................................................................................................... 2 2 8.2 Monitoring and measurement...................................................................................................................................,,........ 2 2 8.2 .1 Feedback .................................................,...,............................................................,........................................................ 2 2 8.2 .2 Complaint handling ...............,.................................................................................................................................. 2 2 8.2 .3 Reporting to regulatory authorities.......... . ................................................................................. 23 8.2 .4 In temal audit ..............................................................,............................................................................................ 23 8.2.5 Monitoring and measurement of processes .................................................................................... 23 8.2.6 Monitoring and measurement of product........................................................................................... 23 8.3 Control of nonconforming product .......................................................................................................,.......................... 24 8.3.1 General ................................................................................................................................................................................... 24 8.3.2 Actions in response to nonconforming product detected before delivery ................. 24 8.3.3 Actions in response to nonconforming product detected after delivery...................... 24 8.3.4 Rework .............

Foreword BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(E) ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IECJ on all matters of electrotechnical standardization. The procedures used to develop this document and those intended for its further maintenance are described in the 1S0/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the 1S0/IEC Directives, Part 2 (seewww.iso.org/directives). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents). Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO's adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following URL: www.jso.org/iso/foreword.html. The committee responsible for this document is Technical Committee ISO/TC 210, Quality management and corresponding general aspects for medical devices. This third edition of ISO 13485 cancels and replaces the second edition (ISO 13485:2003) and ISO/TR 14969:2004, which have been technically revised. It also incorporates the Technical Corrigendum ISO 13485:2003/Cor.1:2009. A summary of the changes incorporated into this edition compared with the previous edition is given in Annex A. © TSO 2016 - All rights reserved V

BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(E) Introduction 0.1 General This International Standard specifies requirements for a quality management system that can be used by an organization involved in one or more stages of the life-cycle of a medical device, including design and development, production, storage and distribution, installation, servicing and final decommissioning and disposal of medical devices, and design and development, or provision of associated activities (e.g. technical support). The requirements in this International Standard can also be used by suppliers or other external parties providing product (e.g. raw materials, components, subassemblies, medical devices, sterilization services, calibration services, distribution services, maintenance services) to such organizations. The supplier or external party can voluntarily choose to conform to the requirements of this International Standard or can be required by contract to conform. Several jurisdictions have regulatory requirements for the application of quality management systems by organizations with a variety of roles in the supply chain for medical devices, Consequently, this International Standard expects that the organization: identifies its role(s) under applicable regulatory requirements; identifies the regulatory requirements that apply to its activities under these roles; incorporates these applicable regulatory requirements within its quality management system. The definitions in applicable regulatory requirements differ from nation to nation and region to region. The organization needs to understand how the definitions in this International Standard will be interpreted in light of regulatory definitions in the jurisdictions in which the medical devices are made available. This International Standard can also be used by internal and external parties, including certification bodies, to assess the organization's ability to meet customer and regulatory requirements applicable to the quality management system and the organization's own requirements. It is emphasized that the quality management system requirements specified in this International Standard are complementary to the technical requirements for product that are necessary to meet customer and applicable regulatory requirements for safety and performance. The adoption of a quality management system is a strategic decision of an organization, The design and implementation of an organization's quality management system is influenced by the: a) organizational environment changes in that environment, and the influence that the organizational environment has on the conformity of the medical devices; b) organization's varying needs; c) organization's particular objectives; d) product the organization provides; e) processes the organization employs; f) organization's size and organizational structure; g) regulatory requirements applicable to the organization's activities. It is not the intent of this International Standard to imply the need for uniformity in the structure of different quality management systems, uniformity of documentation or alignment of documentation to the clause structure of this International Standard. There is a wide variety of medical devices and some of the particular requirements of this International Standard only apply to named groups of medical devices. These groups are defined in Clause 3. vi © ISO 2016 - All rights reserved

BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(E) 0.2 Clarification of concepts In this International Standard, the following terms or phrases are used in the context described below. When a requirement is qualified by the phrase "as appropriate", it is deemed to be appropriate unless the organization can justify otherwise. A requirement is considered appropriate ifit is necessary for: product to meet requirements; compliance with applicable regulatory requirements; the organization to carry out corrective action; the organization to manage risks. When the term "risk" is used, the application of the term within the scope of this International Standard pertains to safety or performance requirements of the medical device or meeting applicable regulatory requirements. When a requirement is required to be "documented", it is also required to be established, implemented and maintained. When the term "product# is used, it can also mean "service". Product applies to output that is intended for, or required by, a customer, or any intended output resulting from a product realization process. When the term ''regulatory requirements" is used, it encompasses requirements contained in any law applicable to the user of this International Standard (e.g. statutes, regulations, ordinances or directives). The application of the term "regulatory requirements" is limited to requirements for the quality management system and the safety or performance of the medical device. In this International Standard, the following verbal forms are used: "shall" indicates a requirement; "should" indicates a recommendation; "may" indicates a permission; "can" indicates a possibility or a capability. Information marked as "NOTE" is for guidance in understanding or clarifying the associated requirement. 0.3 Process approach This International Standard is based on a process approach to quality management. Any activity that receives input and converts it to output can be considered as a process. Often the output from one process directly forms the input to the next process. For an organization to function effectively, it needs to identify and manage numerous linked processes. The application of a system of processes within an organization, together with the identification and interactions of these processes, and their management to produce the desired outcome, can be referred to as the "process approach." When used within a quality management system, such an approach emphasizes the importance of: a) understanding and meeting requirements; b) considering processes in terms of added value; c) obtaining results of process performance and effectiveness; d) improving processes based on objective measurement. © ISO 2016 -All rights reserved vii

BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(E) 0.4 Relationship with ISO 9001 While this is a stand•alone standard, it is based on ISO 9001:2008, which has been superseded by ISO 9001:2015. For the convenience of users, Annex B shows the correspondence between this International Standard and ISO 9001:2015. This International Standard is intended to facilitate global alignment of appropriate regulatory requirements for quality management systems applicable to organizations involved in one or more stages of the life-cycle of a medical device. This International Standard includes some particular requirements for organizations involved in the life-cycle of medical devices and excludes some of the requirements of ISO 9001 that are not appropriate as regulatory requirements. Because of these exclusions, organizations whose quality management systems conform to this International Standard cannot claim conformity to ISO 9001 unless their quality management system meets all the requirements of ISO 9001. 0.5 Compatibility with other management systems This International Standard does not include requirements specific to other management systems, such as those particular to environmental management, occupational health and safety management, or financial management. However, this International Standard enables an organization to align or integrate its own quality management system with related management system requirements. It is possible for an organization to adapt its existing management system(s) in order to establish a quality management system that complies with the requirements of this International Standard. viii © TSO 2016 - All rights reserved

BS EN ISO 13485:2016+A11:2021 INTERNATIONAL STANDARD ISO 13485:2016(E) Medical devices - Quality management systems - Requirements for regulatory purposes 1 Scope This International Standard specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements. Such organizations can be involved in one or more stages of the life-cycle, including design and development, production, storage and distribution, installation, or servicing of a medical device and design and development or provision of associated activities (e.g. technical support). This International Standard can also be used by suppliers or external parties that provide product, including quality management system-related services to such organizations. Requirements of this International Standard are applicable to organizations regardless of their size and regardless of their type except where explicitly stated. Wherever requirements are specified as applying to medical devices, the requirements apply equally to associated services as supplied by the organization. The processes required by this International Standard that are applicable to the organization, but are not performed by the organization, are the responsibility of the organization and are accounted for in the organization's quality management system by monitoring, maintaining, and controlling the processes. If applicable regulatory requirements permit exclusions of design and development controls, this can be used as a justification for their exclusion from the quality management system. These regulatory requirements can provide alternative approaches that are to be addressed in the quality management system. It is the responsibility of the organization to ensure that claims of conformity to this International Standard reflect any exclusion of design and development controls. If any requirement in Clauses 6. 1 or .8. of this International Standard is not applicable due to the activities undertaken by the organization or the nature of the medical device for which the quality management system is applied, the organization does not need to include such a requirement in its quality management system. For any clause that is determined to be not applicable, the organization records the justification as described in 1:22. 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO 9000:20151), Quality management systems - Fundamentals and vocabulary 3 Terms and definitions For the purposes of this document, the terms and definitions given in ISO 9000:2015 and the following apply. 1) Supersedes ISO 9000:2005. © ISO 2016 - All rights reserved 1

BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(E) 3.1 advisory notice notice issued by the organization, subsequent to delivery of the medical device, to provide supplementary information or to advise on action to be taken in the: use of a medical device, modification of a medical device, return of the medical device to the organization that supplied it, or destruction of a medical device Note 1 to entry: Issuance ofan advisory notice can be required to comply with applicable regulatory requirements. 3.2 authorized representative natural or legal person established within a country or jurisdiction who has received a written mandate from the manufacturer to act on his behalf for specified tasks with regard to the latter's obligations under that country or jurisdiction's legislation [SOURCE: GHTF/SGl/NOSS:2009, 5.2] 3.3 clinical evaluation assessment and analysis of clinical data pertaining to a medical device to verify the clinical safety and performance of the device when used as intended by the manufacturer [SOURCE: GHTF/SG5/N4:2010, Clause 4] 3.4 complaint written, electronic or oral communication that alleges deficiencies related to the identity, quality, durability, reliability, usability, safety or performance of a medical device that has been released from the organization's control or related to a service that affects the performance of such medical devices Note 1 to entry: This definition of"complaint" differs from the definition given in ISO 9000:2015. 3.5 distrtbutor natural or legal person in the supply chain who, on his own behalf, furthers the availability of a medical device to the end user Note 1 to entry: More than one distributor may be involved in the supply chain. Note 2 to entry: Persons in the supply chain involved in activities such as storage and transport on behalf of the manufacturer, importer or distributor, are not distributors under this definition. [SOURCE: GHTF/SGl/NOSS:2009, 5.3] 3.6 implantable medical device medical device which can only be removed by medical or surgical intervention and which is intended to: be totally or partially introduced into the human body or a natural orifice, or replace an epithelial surface or the surface of the eye, and remain after the procedure for at least 30 days Note 1 to entry: This definition of implantable medical device includes active implantable medical device 2 © ISO 2016 - All rights reserved

BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(E) 3.7 importer natural or legal person in the supply chain who is the first in a supply chain to make a medical device, manufactured in another country or jurisdiction, available in the country or jurisdiction where it is to be marketed [SOURCE: GHTF/SGl/N0SS:2009, 5.4) 3.8 labelling label, instructions for use, and any other information that is related to identification, technical description, intended purpose and proper use of the medical device, but excluding shipping documents [SOURCE: GHTF/SG1/N70:2011, Clause 4] 3.9 life-cycle all phases in the life of a medical device, from the initial conception to final decommissioning and disposal [SOURCE: ISO 14971:2007, 2.7] 3.10 manufacturer natural or legal person with responsibility for design and/or manufacture of a medical device with the intention of making the medical device available for use, under his name; whether or not such a medical device is designed and/or manufactured by that person himself or on his behalf by another person(s) Note 1 to entry: This "natural or legal person" has ultimate legal responsibility for ensuring compliance with all applicable regulatory requirements for the medical devices in the countries or jurisdictions where it is intended to be made available or sold, unless this responsibility is specifically imposed on another person by the Regulatory Authority (RA) within that jurisdiction. Note 2 to entry: The manufacturer's responsibilities are described in other GHTF guidance documents. These responsibilities include meeting both pre-market requirements and post-market requirements, such as adverse event reporting and notification of corrective actions. Note 3 to entry: "Design and/or manufacture", as referred to in the above definition, may include specification development, production, fabrication, assembly, processing, packaging, repackaging, labelling, relabelling, sterilization, installation, or remanufacturing of a medical device; or putting a collection of devices, and possibly other products, together for a medical purpose. Note 4 to entry: Any person who assembles or adapts a medical device that has already been supplied by another person for an individual patient, in accordance with the instructions for use, is not the manufacturer, provided the assembly or adaptation does not change the intended use of the medical device. Note S to entry: Any person who changes the intended nse of, or modifies, a medical device without acting on behalf of the original manufacturer and who makes it available for use under his own name, should be considered the manufacturer of the modified medica I device. Note 6 to entry: An authorized representative, distributor or importer who only adds its own address and con tact details to the medical device or the packaging, without covering or changing the existing labelling, is not considered a manufacturer. Note 7 to entry: To the extent that an accessory is subject to the regulatory requirements of a medical device, t he person responsible for the design and/or manufacture of that accessory is considered to be a manufacturer. [SOURCE: GHTF/SGl/N0SS:2009, 5.1] © ISO 2016 -All rights reserved 3

BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(E) 3.11 medical device instrument, apparatus, implement, machine, appliance, implant, reagent for in vitro use, software, material or other similar or related article, intended by the manufacturer to be used, alone or in combination, for human beings, for one or more of the specific medical purpose(s) of: diagnosis, prevention, monitoring, treatment or alleviation of disease; diagnosis, monitoring, treatment, alleviation of or compensation for an injury; investigation, replacement, modification, or support of the anatomy or of a physiological process; supporting or sustaining life; control of conception; disinfection of medical devices; providing information by means of in vitro examination of specimens derived from the human body; and does not achieve its primary intended action by pharmacological, immunological or metabolic means, in or on the human body, but which may be assisted in its intended function by such means Note 1 to entry: Products which may be considered to be medical devices in some jurisdictions but not in others include: disinfection substances; aids for persons with disabilities; devices incorporating animal and/or human tissues; devices for in vitro fertilization or assisted reproduction technologies. [SOURCE: GHTF/SG1/N071:2012, 5.1] 3.12 medical device family group of medical devices manufactured by or for the same organization and having the same basic design and performance characteristics related to safety, intended use and function 3.13 performance evaluation assessment and analysis of data to establish or verify the ability of an in vitro diagnostic medical device to achieve its intended use 3.14 post-market surveillance systematic process to collect and analyse experience gained from medical devices that have been placed on the market 3.15 product result of a process Note 1 to entry: There are four generic product categories, as follows: services (e.g. transport); 4 software (e.g. computer program, dictionary); hardware (e.g. engine mechanical part); processed materials (e.g. lubricant). © ISO ZO 16 - All rights reserved

BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(E) Many products comprise elements belonging to different generic product categories. Whether the product is then called service, software, hardware or processed material depends on the dominant element. For example, the offered product "automobile" consists of hardware (e.g. tyres), processed materials (e.g. fuel, cooling liquid), software (e.g. engine control software, driver's manual), and service (e.g. operating explanations given by the salesman). Note 2 to entry: Service is the result of at least one activity necessarily performed at the interface between the supplier and customer and is generally intangible. Provision of a service can involve, for example, the following: - an activity performed on a customer-supplied tangible product (e.g. automobile to be repaired); an activity performed on a customer-supplied intangible product {e.g. the income statement needed to prepare a tax return); the delivery of an intangible product (e.g. the delivery of information in the context of knowledge transmission); - the creation of ambience for the customer (e.g. in hotels and restaurants). Software consists of information and is generally intangible and can be in the form of approaches, transactions or procedures. Hardware is generally tangible and its amount is a countable characteristic. Processed materials are generally tangible and their amount is a continuous characteristic. Hardware and processed materials often are referred toas goods. Note 3 to entry: This definition of"product" differs from the definition given in ISO 9000:2015. [SOURCE: ISO 9000:200521, 3.4.2, modified] 3.16 purchased product product provided by a party outside the organization's quality management system Note 1 to entry: The provision of product does not necessarily infer a commercial or financial arrangement. 3.17 risk combination of the probability of occurrence of harm and the severity of that harm Note 1 to entry; This definition of "risk" differs from the definition given in ISO 9000:2015. [SOURCE: ISO 14971:2007, 2.16] 3.18 risk management systematic application of management policies, procedures and practices to the tasks of analysing, evaluating, controlling and monitoring risk [SOURCE: ISO 14971:2007, 2.22] 3.19 sterile barrier system minimum package that prevents ingress of microorganisms and allows aseptic presentation of the product at the point of use [SOURCE: ISO 11607-1:2006, 3.22] 2) Superseded by ISO 9000:2015. © ISO 2016-All rights reserved 5

BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(E) 3.20 sterile medical device medical device intended to meet the requirements for sterility Note 1 to entry; The requirements for sterility of a medical device can be subject to applicable regulatory requirements or standards. 4 Quality management system 4.1 General requirements 4.1.1 The organization shall document a quality management system and maintain its effectiveness in accordance with the requirements of this International Standard and applicable regulatory requirements. The organization shall establish, implement and maintain any requirement, procedure, activity or arrangement required to be documented by this International Standard or applicable regulatory requirements. The organization shall document the role(s) undertaken by the organization under the applicable regulatory requirements. NOTE Roles undertaken by the organization can include manufacturer, authorized representative, importer or distributor. 4.1.2 The organization shall: a} determine the processes needed for the quality management system and the application of these processes throughout the organization taking into account the roles undertaken by the organization; b} apply a risk based approach to the control of the appropriate processes needed for the quality management system; c) determine the sequence and interaction of these processes. 4.1.3 For each quality management system process, the organization shall: a) determine criteria and methods needed to ensure that both the operation and control of these processes are effective; b) ensure the availability of resources and information necessary to support the operation and monitoring of these processes; c) implement actions necessary to achieve planned results and maintain the effectiveness of these processes; d) monitor, measure as appropriate, and analyse these processes; e) establish and maintain records needed to demonstrate conformance to this International Standard and compliance with applicable regulatory requirements (see .:1.2..5). 4.1.4 The organization shall manage these quality management system processes in accordance with the requirements of this International Standard and applicable regulatory requirements. Changes to be made to these processes shall be: a) evaluated for their impact on the quality management system; b) evaluated for their impact on the medical devices produced under this quality management system; 6 © ISO 2016 -All rights reserved

BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(E) c) controlled in accordance with the requirements of this International Standard and applicable regulatory requirements. 4.1.5 When the organization chooses to outsource any process that affects product conformity to requirements, it shall monitor and ensure control over such processes. The organization shall retain responsibility of conformity to this International Standard and to customer and applicable regulatory requirements for outsourced processes. The controls shall be proportionate to the risk involved and the ability of the external party to meet the requirements in accordance with ZA. The controls shall include written quality agreements. 4.1.6 The organization shall document procedures for the validation of the application of computer software used in the quality management system. Such software applications shall be validated prior to initial use and, as appropriate, after changes to such software or its application. The specific approach and activities associated with software validation and revalidation shall be proportionate to the risk associated with the use of the software. Records of such activities shall be maintained (see 4. 2. 5). 4.2 Documentation requirements 4.2.1 General The quality management system documentation (see 4.2.4) shall include: a) documented statements of a quality policy and quality objectives; b) a quality manual; c) documented procedures and records required by this International Standard; d) documents, including records, determined by the organization to be necessary to ensure the effective planning, operation, and control of its processes; e) other documentation specified by applicable regulatory requirements. 4.2.2 Quality manual The organization shall document a quality manual that includes: a) the scope of the quality management system, including details of and justification for any exclusion or non-application; b) the documented procedures for the quality management system, or reference to them; c) a description of the interaction between the processes of the quality management system. The quality manual shall outline the structure of the documentation used in the quality management system. 4.2.3 Medical device file For each medical device type or medical device family, the organization sha Jl establish and maintain one or more files either containing or referencing documents generated to demonstrate conformity to the requirement of this International Standard and compliance with applicable regulatory requirements. The content of the file(s} shall include, but is not limited to: a) general description of the medical device, intended use/purpose, and labelling, including any instructions for use; © ISO 2016 - All rights reserved 7

BS EN ISO 13485:2016+A11:2021 ISO 1348S:2016(E) b) specifications for product; c) specifications or procedures for manufacturing, packaging, storage, handling and distribution; d) procedures for measuring and monitoring; e) as appropriate, requirements for installation; f) as appropriate, procedures for servicing. 4.2.4 Control of documents Documents required by the quality management system shall be controlled. Records are a special type of document and shall be controlled according to the requirements given in .12..5. A documented procedure shall define the controls needed to: a) review and approve documents for adequacy prior to issue; b) review, update as necessary and re-approve documents; c) ensure that the current revision status of and changes to documents are identified; · d) ensure that relevant versions of applicable documents are available at points of use; e) ensure that documents remain legible and readily identifiable; f) ensure that documents of external origin, determined by the organization to be necessary for the planning and operation of the quality management system, are identified and their distribution controlled; g) prevent deterioration or loss of documents; h) prevent the unintended use of obsolete documents and apply suitable identification to them. The organization shall ensure that changes to documents are reviewed and approved either by the original approving function or another designated function that has access to pertinent background information upon which to base its decisions. The organization shall define the period for which at least one copy of obsolete documents shall be retained. This period shall ensure that documents to which medical devices have been manufactured and tested are available for at least the lifetime of the medical device as defined by the organization, but not less than the retention period of any resulting record (see .4.2...5.), or as specified by applicable regulatory requirements. 4.2.5 Control of records Records shall be maintained to provide evidence of conformity to requirements and of the effective operation of the quality management system. The organization shall document procedures to define the controls needed for the identification, storage, security and integrity, retrieval, retention time and disposition of records. The organization shall define and implement methods for protecting confidential health information contained in records in accordance with the applicable regulatory requirements. Records shall remain legible, readily identifiable and retrievable. Changes to a record shall remain identifiable. The organization sha11 retain the records for at least the lifetime of the medical device as defined by the organization, or as specified by applicable regulatory requirements, but not less than two years from the medical device release by the organization. 8 © ISO 2016 - All rights reserved

5 Management responsibility 5.1 Management commitment BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(£) Top management shall provide evidence of its commitment to the development and implementation of the quality management system and maintenance of its effectiveness by: a) communicating to the organization the importance of meeting customer as well as applicable regulatory requirements; b) establishing the quality policy; c) ensuring that quality objectives are established; d) conducting management reviews; e) ensuring the availability of resources. 5.2 Customer focus Top management shall ensure that customer requirements and applicable regulatory requirements are determined and met. 5.3 Quality policy Top management shall ensure that the quality policy: a) is applicable to the purpose of the organization; b) includes a commitment to comply with requirements and to maintain the effectiveness of the quality management system; c) provides a framework for establishing and reviewing quality objectives; d) is communicated and understood within the organization; e) is reviewed for continuing suitability. 5.4 Planning 5.4.1 Quality objectives Top management shall ensure that quality objectives, including those needed to meet applicable regulatory requirements and requirements for product, are established at relevant functions and levels within the organization. The quality objectives shall be measurable and consistent with the quality policy. S.4.2 Quality management system planning Top management shall ensure that: a) the planning of the quality management system is carried out in order to meet the requirements given in il as well as the quality objectives; b) the integrity of the quality management system is maintained when changes to the quality management system are planned and implemented. © ISO 2016 -All rights reserved 9

BS EN ISO 13485:2016+A1L2021 ISO 13485:2016(E) 5.5 Responsibility, authority and communication 5.5.1 Responsibility and authority Top management shall ensure that responsibilities and authorities are defined, documented and communicated within the organization. Top management sha II document the interrelation of all personnel who manage, perform and verify work affecting quality and shall ensure the independence and authority necessary to perform these tasks. 5.5.2 Management representative Top management shall appoint a member of management who, irrespective of other responsibilities, has responsibility and authority that includes: a) ensuring that processes needed for the quality management system are documented; b) reporting to top management on the effectiveness of the quality management system and any need for improvement; c) ensuring the promotion of awareness of applicable regulatory requirements and quality management system requirements throughout the organization. 5.5.3 Internal communication Top management shall ensure that appropriate communication processes are established within the organization and that communication takes place regarding the effectiveness of the quality management system. 5.6 Management review 5.6.1 General The organization shall document procedures for management review. Top management shall review the organization's quality management system at documented planned intervals to ensure its continuing suitability, adequacy and effectiveness. The review shall include assessing opportunities for improvement and the need for changes to the quality management system, including the quality policy and quality objectives. Records from management reviews shall be maintained (see .4.2.,__S_). 5.6.2 Review input The input to management review shall include, but is not limited to, information arising from: a) feedback; b) complaint handling; c) reporting to regulatory authorities; d) audits; e) monitoring and measurement of processes; f} monitoring and measurement of product; g) corrective action; h) preventive action; 10 © ISO 2016-All rights reserved

BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(£) i) follow-up actions from previous management reviews; j) changes that could affect the quality management system; k) recommendations for improvement; I) applicable new or revised regulatory requirements. 5.6.3 Review output The output from management review shall be recorded (see .1.2...5.) and include the input reviewed and any decisions and actions related to: a) improvement needed to maintain the suitability, adequacy, and effectiveness of the quality management system and its processes; b) improvement of product related to customer requirements; c) changes needed to respond to applicable new or revised regulatory requirements; d) resource needs. 6 Resource management 6.1 Provision ofresources The organization shall determine and provide the resources needed to: a) implement the quality management system and to maintain its effectiveness; b) meet applicable regulatory and customer requirements. 6.2 Human resources Personnel performing work affecting product quality shall be competent on the basis of appropriate education, training, skills and experience. The organization shall document the process(es) for establishing competence, providing needed training, and ensuring awareness of personnel. The organization shall: a) determine the necessary competence for personnel performing work affecting product quality; b) provide training or take other actions to achieve or maintain the necessary competence; c) evaluate the effectiveness of the actions taken; d) ensure that its personnel are aware of the relevance and importance of their activities and how they contribute to the achievement of the quality objectives; e) maintain appropriate records of education, training, skills and experience (see~). NOTE The methodology used to check effectiveness is proportionate to the risk associated with the work for which the training or other action is being provided. © ISO 2016 -All rights reserved 11

BS EN ISO 1348S:2016+Al1:2021 ISO 13485:2016(E) 6.3 Infrastructure The organization shall document the requirements for the infrastructure needed to achieve conformity to product requirements, prevent product mix-up and ensure orderly handling of product. Infrastructure includes, as appropriate: a) buildings, workspace and associated utilities; b) process equipment (both hardware and software); c) supporting services (such as transport, communication, or information systems). The organization shall document requirements for the maintenance activities, including the interval of performing the maintenance activities, when such maintenance activities, or lack thereof, can affect product quality. As appropriate, the requirements shall apply to equipment used in production, the control of the work environment and monitoring and measurement. Records of such maintenance shall be maintained (see 1.2...5.). 6.4 Work environment and contamination control 6.4.1 Workenvironment The organization shall document the requirements for the work environment needed to achieve conformity to product requirements. If the conditions for the work environment can have an adverse effect on product quality, the organization shall document the requirements for the work environment and the procedures to monitor and control the work environment. The organization shall: a) document requirements for health, cleanliness and clothing of personnel if contact between such personnel and the product or work environment could affect medical device safety or performance; b) ensure that all personnel who are required to work temporarily under special environmental conditions within the work environment are competent or supervised by a competent person. NOTE Further information can be found in ISO 14644 and ISO 14698. 6.4.2 Contamination control As appropriate, the organization shall plan and document arrangements for the control of contaminated or potentially contaminated product in order to prevent contamination of the work environment, personnel, or product. For sterile medical devices, the organization shall document requirements for control of contamination with microorganisms or particulate matter and maintain the required cleanliness during assembly or packaging processes. 7 Product realization 7 .1 Planning of product realization The organization shall plan and develop the processes needed for product realization. Planning of product realization shall be consistent with the requirements of the other processes of the quality management system. The organization shall document one or more processes for risk management in product realization. Records of risk management activities shall be maintained (see il..5.). 12 © ISO 2016 -All rights reserved

BS EN ISO 13485:2016+All:2021 ISO 13485:2016(E) In planning product realization, the organization shall determine the following, as appropriate: a) quality objectives and requirements for the product; b) the need to establish processes and documents (see 4.2.4} and to provide resources specific to the product, including infrastructure and work environment; c) required verification, validation, monitoring, measurement, inspection and test, handling, storage, distribution and traceability activities specific to the product together with the criteria for product acceptance; d) records needed to provide evidence that the realization processes and resulting product meet requirements (see .4.2..5.). The output of this planning shall be documented in a form suitable for the organization's method of operations. NOTE Further information can be found in ISO 14971. 7 .2 Customer-related processes 7.2.1 Determination of requirements related to product The organization shall determine: a} requirements specified by the customer, including the requirements for delivery and post-delivery activities; b) requirements not stated by the customer but necessary for specified or intended use, as known; c) applicable regulatory requirements related to the product; d) any user training needed to ensure specified performance and safe use of the medical device; e) any additional requirements determined by the organization. 7 .2.2 Review of requirements related to product The organization shall review the requirements related to product. This r eview shall be conducted prior to the organization's commitment to supply product to the customer (e.g. submission of tenders, acceptance of contracts or orders, acceptance of changes to contracts or orders) and shall ensure that: a) product requirements are defined and documented; b) contract or order requirements differing from those previously expressed are resolved; c) applicable regulatory requirements are met; d} any user training identified in accordance with Z..2..,1 is available or planned to be available; e) the organization has the ability to meet the defined requirements. Records of the results of the review and actions arising from the review shall be maintained (see ±2..,5.). When the customer provides no documented statement of requirement, the customer requirements shall be confirmed by the organization before acceptance. When product requirements are changed, the organization shall ensure that relevant documents are amended and that relevant personnel are made aware of the changed requirements. © ISO 2016 - All rights reserved 13

BS EN ISO 13485:2016+All:2021 ISO 13485:2016(E) 7.2.3 Communication The organization shall plan and document arrangements for communicating with customers in relation to: a) product information; b) enquiries, contracts or order handling, including amendments; c) customer feedback, including complaints; d) advisory notices. The organization shall communicate with regulatory authorities in accordance with applicable regulatory requirements. 7.3 Design and development 7.3.1 General The organization shall document procedures for design and development. 7.3.2 Design and development planning The organization shall plan and control the design and development of product. As appropriate, design and development planning documents shall be maintained and updated as the design and development progresses. During design and development planning, the organization shall document: a) the design and development stages; b) the review(s) needed at each design and development stage; c) the verification, validation, and design transfer activities that are appropriate at each design and development stage; d) the responsibilities and authorities for design and development; e) the methods to ensure traceability of design and development outputs to design and development inputs; f) the resources needed, including necessary competence of personnel. 7 .3.3 Design and development inputs Inputs relating to product requirements shall be determined and records maintained (see .1,LS). These inputs shall include: a) functional, performance, usability and safety requirements, according to the intended use; b) applicable regulatory requirements and standards; c) applicable output(s) of risk management; d) as appropriate, information derived from previous similar designs; e) other requirements essential for design and development of the product and processes. These inputs shall be reviewed for adequacy and approved. 14 © ISO 2016 - All rights reserved

BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(E) Requirements shall be complete, unambiguous, able to be verified or validated, and not in conflict with each other. NOTE Further information can be found in !EC 62366-1. 7.3.4 Design and development outputs Design and development outputs shall: a) meet the input requirements for design and development; b) provide appropriate information for purchasing, production and service provision; c) contain or reference product acceptance criteria; d) specify the characteristics of the product that are essential for its safe and proper use. The outputs of design and development shall be in a form suitable for verification against the design and development inputs and shall be approved prior to release. Records of the design and development outputs shall be maintained (see 4.2.5). 7.3.5 Design and development review At suitable stages, systematic reviews of design and development shall be performed in accordance with planned and documented arrangements to: a) evaluate the ability of the results of design and development to meet requirements; b) identify and propose necessary actions. Participants in such reviews shall include representatives of functions concerned with the design and development stage being reviewed, as well as other specialist personnel. Records of the results of the reviews and any necessary actions shall be maintained and include the identification of the design under review, the participants involved and the date of the review (see~). 7.3.6 Design and development verification Design and development verification shall be performed in accordance with planned and documented arrangements to ensure that the design and development outputs have met the design and development input requirements. The organization shall document verification plans that include methods, acceptance criteria and, as appropriate, statistical techniques with rationale for sample size. If the intended use requires that the medical device be connected to, or have an interface with, other medical device(s), verification shall include confirmation that the design outputs meet design inputs when so connected or interfaced. Records of the results and conclusions of the verification and necessary actions shall be maintained (see .4.2..1: and 1..2...5.). 7.3.7 Design and development validation Design and development validation shall be performed in accordance with planned and documented arrangements to ensure that the resulting product is capable of meeting the requirements for the specified application or intended use, The organization shall document validation plans that include methods, acceptance criteria and, as appropriate, statistical techniques with rationale for sample size. © 150 2016 - All rights reserved 15

BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(E) Design validation shall be conducted on representative product. Representative product includes initial production units, batches or their equivalents. The rationale for the choice of product used for validation shall be recorded (see 4.2.5). As part of design and development validation, the organization shall perform clinical evaluations or performance evaluations of the medical device in accordance with applicable regulatory requirements. A medical device used for clinical evaluation or performance evaluation is not considered to be released for use to the customer. If the intended use requires that the medical device be connected to, or have an interface with, other medical device(s}, validation shall include confirmation that the requirements for the specified application or intended use have been met when so connected or interfaced. Validation shaJI be completed prior to release for use of the product to the customer. Records of the results and conclusion of validation and necessary actions shall be maintained (see 4.2.4 and 4.2.5). 7.3.8 Design and development transfer The organization shall document procedures for transfer of design and development outputs to manufacturing. These procedures shall ensure that design and development outputs are verified as suitable for manufacturing before becoming final production specifications and that production capability can meet product requirements. Results and conclusions of the transfer shall be recorded (see .4.2...5.). 7.3.9 Control of design and development changes The organization shall document procedures to control design and development changes. The organization shall determine the significance of the change to function, performance, usability, safety and applicable regulatory requirements for the medical device and its intended use. Design and development changes shall be identified. Before implementation, the changes shall be: a) reviewed; b) verified; c) validated, as appropriate; d) approved. The review of design and development changes shall include evaluation of the effect of the changes on constituent parts and product in process or already delivered, inputs or outputs of risk management and product realization processes. Records of changes, their review and any necessary actions shall be maintained (see .'1..2.5). 7.3.10 Design and development files The organization shall maintain a design and development file for each medical device type or medical device family. This file shall include or reference records generated to demonstrate conformity to the requirements for design and development and records for design and development changes. 16 © ISO 2016 -All rights reserved

7.4 Purchasing 7 .4.1 Purchasing process BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(E) The organization shall document procedures (see 4.2.4) to ensure that purchased product conforms to specified purchasing information. The organization shall establish criteria for the evaluation and selection of suppliers. The criteria shall be: a) based on the supplier's ability to provide product that meets the organization's requirements; bJ based on the performance of the supplier; c) based on the effect of the purchased product on the quality of the medical device; d) proportionate to the risk associated with the medical device. The organization shall plan the monitoring and re-evaluation of suppliers. Supplier performance in meeting requirements for the purchased product shall be monitored. The results of the monitoring shall provide an input into the supplier re-evaluation process. Non-fulfilment of purchasing requirements shall be addressed with the supplier proportionate to the risk associated with the purchased product and compliance with applicable regulatory requirements, Records of the results of evaluation, selection, monitoring and re•evaluation of supplier capability or performance and any necessary actions arising from these activities shall be maintained (see .4..2..5). 7 .4.2 Purchasing information Purchasing information shall describe or reference the product to be purchased, including as appropriate: a) product specifications; b) requirements for product acceptance, procedures, processes and equipment; c) requirements for qualification of supplier personnel; d) quality management system requirements, The organization shall ensure the adequacy of specified purchasing requirements prior to their communication to the supplier. Purchasing information shall include, as applicable, a written agreement that the supplier notify the organization of changes in the purchased product prior to implementation of any changes that affect the ability of the purchased product to meet specified purchase requirements, To the extent required for traceability given in 7. 5.9. the organization shall maintain relevant purchasing information in the form of documents (see 4.2,4) and records (see 12,.5.). 7.4.3 Verification of purchased product The organization shall establish and implement the inspection or other activities necessary for ensuring that purchased product meets specified purchasing requirements. The extent of verification activities shall be based on the supplier evaluation results and proportionate to the risks associated with the purchased product. When the organization becomes aware of any changes to the purchased product, the organization shall determine whether these changes affect the product realization process or the medical device. © rso 2016 -All rights reserved 17

BS EN ISO 1348S:2016+A11:2021 ISO 13485:2016(E) When the organization or its customer intends to perform verification at the supplier's premises, the organization shall state the intended verification activities and method of product release in the purchasing information. Records of the verification shall be maintained (see .4,__2_,__5_). 7 .5 Production and service provision 7.5.1 Control of production and service provision Production and service provision shall be planned, carried out, monitored and controlled to ensure that product conforms to specification. As appropriate, production controls shall include but are not limited to: a) documentation of procedures and methods for the control of production (see .4:.,lA); bJ qualification of infrastructure; c) implementation of monitoring and measurement of process parameters and product characteristics; d) availability and use of monitoring and measuring equipment; e) implementation of defined operations for labelling and packaging; f) implementation of product release, delivery and post-delivery activities. The organization shall establish and maintain a record (see 4.2.5) for each medical device or batch of medical devices that provides traceability to the extent specified in 7.5.9 and identifies the amount manufactured and amount approved for distribution. The record shall be verified and approved. 7.5.2 Cleanliness of product The organization shall document requirements for cleanliness of product or contamination control of product if: a} product is cleaned by the organization prior to sterilization or its use; b) product is supplied non-sterile and is to be subjected to a cleaning process prior to sterilization or its use; c) product cannot be cleaned prior to sterilization or its use, and its cleanliness is of significance in use; d) product is supplied to be used non-sterile, and its cleanliness is of significance in use; e) process agents are to be removed from product during manufacture. If product is cleaned in accordance with a) orb) above, the requirements contained in .6A:.1 do not apply prior to the cleaning process. 7.5.3 Installation activities The organization shall document requirements for medical device installation and acceptance criteria for verification of installation, as appropriate. If the agreed customer requirements allow installation of the medical device to be performed by an external party other than the organization or its supplier, the organization shall provide documented requirements for medical device installation and verification of installation. Records of medical device installation and verification of installation performed by the organization or its supplier shall be maintained (see 4.2.5). 18 © ISO 2016 -All rights reserved

BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(E) Processes for sterilization and sterile barrier systems shall be validated prior to implementation and following product or process changes, as appropriate. Records of the results and, conclusion of validation and necessary actions from the validation shall be maintained (see .12..1 and ±..2..5). NOTE Further information can be found in ISO 11607-1 and ISO 11607-2. 7.5.8 Identification The organization shall document procedures for product identification and identify product by suitable means throughout product realization. The organization shall identify product status with respect to monitoring and measurement requirements throughout product realization. Identification of product status shall be maintained throughout production, storage, installation and servicing of product to ensure that only product that has passed the required inspections and tests or released under an authorized concession is dispatched, used or installed. If required by applicable regulatory requirements, the organization shall document a system to assign unique device identification to the medical device, The organization shall document procedures to ensure that medical devices returned to the organization are identified and distinguished from conforming product. 7.5.9 Traceability 7.5.9.1 General The organization shall document procedures for traceability. These procedures shall define the extent of traceability in accordance with applicable regulatory requirements and the records to be maintained (see 1,2_5_). 7 .5.9.2 Particular requirements for implantable medical devices The records required for traceability shall include records of components, materials, and conditions for the work environment used, if these could cause the medical device not to satisfy its specified safety and performance requirements. The organization shall require that suppliers of distribution services or distributors maintain records of the distribution of medical devices to allow traceability and that these records are available for inspection. Records of the name and address of the shipping package consignee shall be maintained (see .:l:.2....5.). ' 7.5.10 Customer property The organization shall identify, verify, protect, and safeguard customer property provided for use or incorporation into the product while it is under the organization's control or being used by the organization. If any customer property is lost, damaged or otherwise found to be unsuitable for use, the organization shall report this to the customer and maintain records (see~). 7.5.11 Preservation of product The organization shall document procedures for preserving the conformity of product to requirements during processing, storage, handling, and distribution. Preservation shall apply to the constituent parts of a medical device. 20 © ISO 2016 -All rights reserved

BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(E) The organization shall protect product from alteration, contamination or damage when exposed to expected conditions and hazards during processing, storage, handling, and distribution by: a} designing and constructing suitable packaging and shipping containers; b) documenting requirements for special conditions needed if packaging alone cannot provide preservation. If special conditions are required, they shall be controlled and recorded (see .1:.2...5.). 7.6 Control of monitoring and measuring equipment The organization shall determine the monitoring and measurement to be undertaken and the monitoring and measuring equipment needed to provide evidence of conformity of product to determined requirements. The organization shall document procedures to ensure that monitoring and measurement can be carried out and are carried out in a manner that is consistent with the monitoring and measurement requirements. As necessary to ensure valid results, measuring equipment shall: a} be calibrated or verified, or both, at specified intervals, or prior to use, against measurement standards traceable to international or national measurement standards: when no such standards exist, the basis used for calibration or verification shall be recorded {see 4.2.5); b) be adjusted or re-adjusted as necessary: such adjustments or re-adjustments shall be recorded (see 1.2.5); c) have identification in order to determine its calibration status; d} be safeguarded from adjustments that would invalidate the measurement result; e) be protected from damage and deterioration during handling, maintenance and storage. The organization shall perform calibration or verification in accordance with documented procedures. In addition, the organization shall assess and record the validity of the previous measuring results when the equipment is found not to conform to requirements. The organization shall take appropriate action in regard to the equipment and any product affected. Records of the results of calibration and verification shall be maintained (see 4. 2.5). The organization shall document procedures for the validation of the application of computer software used for the monitoring and measurement of requirements. Such software applications shall be validated prior to initial use and, as appropriate, after changes to such software or its application. The specific approach and activities associated with software validation and revalidation shall be proportionate to the risk associated with the use of the software, including the effect on the ability of the product to conform to specifications. Records of the resu Its and conclusion of validation and necessary actions from the validation shall be maintained (see .4:..2....4. and .4.2....5.). NOTE Further information can be found in ISO 10012. © ISO 2016 - All rights reserved 21

BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(£) 8 Measurement, analysis and improvement 8.1 General The organization shall plan and implement the monitoring, measurement, analysis and improvement processes needed to: a) demonstrate conformity of product; b) ensure conformity of the quality management system; c) maintain the effectiveness of the quality management system. This shall include determination of appropriate methods, including statistical techniques, and the extent of their use. 8.2 Monitoring and measurement 8.2.1 Feedback As one of the measurements of the effectiveness of the quality management system, the organization shall gather and monitor information relating to whether the organization has met customer requirements. The methods for obtaining and using this information shall be documented. The organization shall document procedures for the feedback process. This feedback process shall include provisions to gather data from production as well as post•production activities. The information gathered in the feedback process shall serve as potential input into risk management for monitoring and maintaining the product requirements as well as the product realization or improvement processes. If applicable regulatory requirements require the organization to gain specific experience from post- production activities, the review of this experience shall form part of the feedback process. 8.2.2 Complaint handling The organization shall document procedures for timely complaint handling in accordance with applicable regulatory requirements. These procedures shall include ata minimum requirements and responsibilities for: a) receiving and recording information; b) evaluating information to determine if the feedback constitutes a complaint; c) investigating complaints; d) determining the need to report the information to the appropriate regulatory authorities; e) handling of complaint-related product; f) determining the need to initiate corrections or corrective actions. If any complaint is not investigated, justification shall be documented, Any correction or corrective action resulting from the complaint handling process shall be documented. If an investigation determines activities outside the organization contributed to the complaint, relevant information shall be exchanged between the organization and the external party involved. Complaint handling records shall be maintained (see U..S.). 22 © ISO 2016 -All rights reserved

8.2.3 Reporting to regulatory authorities BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(£) If applicable regulatory requirements require notification of complaints that meet specified reporting criteria of adverse events or issuance of advisory notices, the organization shall document procedures for providing notification to the appropriate regulatory authorities. Records ofreporting to regulatory authorities shall be maintained {see !1.,2.5}. 8.2.4 Internal audit The organization shall conduct internal audits at planned intervals to determine whether the quality management system: a) conforms to planned and documented arrangements, requirements of this International Standard, quality management system requirements established by the organization, and applicable regulatory requirements; b) is effectively implemented and maintained. The organization shall document a procedure to describe the responsibilities and requirements for planning and conducting audits and recording and reporting audit results. An audit program shall be planned, taking into consideration the status and importance of the processes and area to be audited, as well as the results of previous audits. The audit criteria, scope, interval and methods shall be defined and recorded (see .4..2....!i}. The selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process. Auditors shal I not audit their own work. Records of the audits and their results, including identification of the processes and areas audited and the conclusions, shall be maintained (see U5). The management responsible for the area being audited shall ensure that any necessary corrections and corrective actions are taken without undue delay to eliminate detected nonconformities and their causes. Follow-up activities shall include the verification of the actions taken and the reporting of verification results. NOTE Further information can be found in ISO 19011. 8.2.5 Monitoring and measurement of processes The organization shall apply suitable methods for monitoring and, as appropriate, measurement of the quality management system processes, These methods sha11 demonstrate the ability of the processes to achieve planned results. When planned results are not achieved, correction and corrective action shall be taken, as appropriate. 8.2.6 Monitoring and measurement of product The organization shall monitor and measure the characteristics of the product to verify that product requirements have been met. This shall be carried out at applicable stages of the product realization process in accordance with the planned and documented arrangements and documented procedures. Evidence of conformity to the acceptance criteria shall be maintained. The identity of the person authorizing release of product shall be recorded (see 4.2.5). As appropriate, records shall identify the test equipment used to perform measurement activities. Product release and service delivery shall not proceed until the planned and documented arrangements have been satisfactorily completed. For implantable medical devices, the organization shall record the identity of personnel performing any inspection or testing. © ISO 2016 - All rights reserved 23

BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(E) 8.3 Control of nonconforming product 8.3.1 General The organization shall ensure that product which does not conform to product requirements is identified and controlled to prevent its unintended use or delivery. The organization shall document a procedure to define the controls and related responsibilities and authorities for the identification, documentation, segregation, evaluation and disposition of nonconforming product. The evaluation of nonconformity shall include a determination of the need for an investigation and notification of any external party responsible for the nonconformity. Records of the nature of the nonconformities and any subsequent action taken, including the evaluation, any investigation and the rationale for decisions shall be maintained {see 4.2.S) 8.3.2 Actions in response to nonconforming product detected before delivery The organization shall deal with nonconforming product by one or more of the following ways: a) taking action to eliminate the detected nonconformity; b) taking action to preclude its original intended use or application; c) authorizing its use, release or acceptance under concession. The organization shall ensure that nonconforming product is accepted by concession only if the justification is provided, approval is obtained and applicable regulatory requirements are met. Records of the acceptance by concession and the identity of the person authorizing the concession shall be maintained (see :1:.,2,_5_). 8.3 .3 Actions in response to nonconforming product detected after delivery When nonconforming product is detected after delivery or use has started, the organization shall take action appropriate to the effects, or potential effects, of the nonconformity. Records of actions taken shall be maintained {see :l...2...5.). The organization shall document procedures for issuing advisory notices in accordance with applicable regulatory requirements. These procedures shall be capable of being put into effect at any time. Records of actions relating to the issuance of advisory notices shall be maintained (see .4.2....5.). 8.3.4 Rework The organization shall perform rework in accordance with documented procedures that takes into account the potential adverse effect of the rework on the product. These procedures shall undergo the same review and approval as the original procedure. After the completion of rework, product shall be verified to ensure that it meets applicable acceptance criteria and regulatory requirements. Records of rework shall be maintained (see 1.2.5). 8.4 Analysis of data The organization shall document procedures to determine, collect and analyse appropriate data to demonstrate the suitability, adequacy and effectiveness of the quality management system. The procedures shall include determination of appropriate methods, including statistical techniques and the extent of their use. 24 © ISO Z016 -All rights reserved

BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(E) The analysis of data shall include data generated as a result of monitoring and measurement and from other relevant sources and include, at a minimum, input from: a) feedback; b) conformity to product requirements; c) characteristics and trends of processes and product, including opportunities for improvement; d) suppliers; e) audits; f) service reports, as appropriate. If the analysis of data shows that the quality management system is not suitable, adequate or effective, the organization shall use this analysis as input for improvement as required in .8....5.. Records of the results of analyses shall be maintained (see 4.2.5). 8.5 Improvement 8.5.1 General The organization shall identify and implement any changes necessary to ensure and maintain the continued suitability, adequacy and effectiveness of the quality management system as well as medical device safety and performance through the use of the quality policy, quality objectives, audit results, post- market surveillance, analysis of data, corrective actions, preventive actions and management review. 8.5.2 Corrective action The organization shall take action to eliminate the cause of nonconformities in order to prevent recurrence. Any necessary corrective actions shall be taken without undue delay. Corrective actions shall be proportionate to the effects of the nonconformities encountered. The organization shall document a procedure to define requirements for: a) reviewing nonconformities (including complaints); b) determining the causes of nonconformities; c) evaluating the need for action to ensure that nonconformities do not recur; d) planning and documenting action needed and implementing such action, including, as appropriate, updating documentation; e) verifying that the corrective action does not adversely affect the ability to meet applicable regulatory requirements or the safety and performance of the medical device; f) reviewing the effectiveness of corrective action taken. Records of the results of any investigation and of action taken shall be maintained (see~). 8.5.3 Preventive action The organization shall determine action to eliminate the causes of potential nonconformities in order to prevent their occurrence. Preventive actions shall be proportionate to the effects of the potential problems. The organization shall document a procedure to describe requirements for: a) determining potential nonconformities and their causes; © ISO 2016 -All rights reserved 25

BS EN ISO 13485:2016+A11:2021 ISO 134B5:2016(E) b) evaluating the need for action to prevent occurrence of nonconformities; c) planning and documenting action needed and implementing such action, including, as appropriate, updating documentation; d) verifying that the action does not adversely affect the ability to meet applicable regulatory requirements or the safety and performance of the medical device; e) reviewing the effectiveness of the preventive action taken, as appropriate. Records of the results of any investigations and of action taken shall be maintained [see .4..2.,_5_). 26 © ISO 2016 -All rights reserved

AnnexA (informative) BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(E) Comparison of content between ISO 13485:2003 and ISO 13485:2016 Table A 1 outlines the changes in this edition of this International Standard (ISO 13485:2016) compared with the previous edition (ISO 13485:2003). Table A.1 - Comparison of content between ISO 13485:2003 and ISO 13485:2016 Clause In ISO 13485:2.016 Comment on change compared with ISO 13485:2003 . Foreword - ClarifieRt he effect of the third edition of this International Standard. lntroducticm - Includes substantially more detail related to the nature of the organization covered by this 0.1 General International Standard's requirements and the lifo-cyde stages covered. - Explains that the requirements can be used by suppliers or other external parties either voluntarily or as a result of contract arrangements. - Alerts organizations about their oblli:;ations related to regulatory r equirements focused on quality management systems. - Alerts organizations about differences in local reg ulation definitions and their obligation to un derstand how these definitions will affect their quality management system. - Adds t he obllgation to meet the organ ization's own quality management system re- quircments. - Specifically calls out the focus on the necessity to "meet customer and applicable reguJato- ry requirements for safety and performa nce." - Emphasizes that the product requirement., that are Jmpurtantare those related to safety nnd performance. - Adds two inf!uen~es on the nature of t he quality management system that were not In the original listing (organizational environment and regulatory r equirements). - Clarlfies t h.at the organization docs nut have to align Its documentation to the clause structure of this lnternatlona1Standard. 0.2 Clarification of concepts - Adds two additional criteria associated with th~ description of appropriate rcqui re men ts: - compliance with regulatory requirements; - the requirement is necessary for t he organization to manage risks. - Limits application ofrlsk to the safety or performance requirements of the medical device or meeting applicable regulntory requirements. - Clarirles that the term "documented" Includes tho need tu establish. Implement and maintain. - Clarifies that the term "product" applies to outputs that are intended for, or required by, a customer, or nny intended output resulting from a product renltzntion process. 0.3 Process approach Explanation of process approach extended. 0.4 Re lationship wit h ISO 9001 - Stat.es the relationship bet ween ISO 13485:2016 a nd ISO 9001. - Indicates the structural relationship between ISO 13485:2016 and ISO 9001:2015 will be outlined in A.cull:x.lL - The use of italic text within standard to indicate changes from ]SO 9001: 2008 has been eliminated. © ISO 2016 -All rights reserved 27

BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(E) Table A.1 (continued) Clause in ISO 13485:2016 Comment on change compared with ISO 13485:2003 l Scope - Indicates the applicablllty of this lntcrnallona! Standard to organizations that are in- vo!ved in one or more stages of the life-cycle of a medical device. - Indicates that this International Standard can also be used by suppliers or external parties that provide prnduct, including quality management system-related services tn medical device organi;rntions. - Specllically calls out the responsi hi Ii ties for monitoring, maintaining. and controlling outsourced processes. - Ex pan tis requirements that can be not applicable to those in~ and B.. - Clarifies that the term '"regulatory requirements" includes statutes. regulations, ordi- nances or directlves and limits the scope oft he "applicable regulatory requirements" to those requirements for the quality management system and the safety or performance of the medical dcvke. .J. Terms and definitions - Several new definitions added and .some existing definitions refined. 1 Quality management system - Added requirement to document the rolc(s) of the organization. ti General require men ts - Requires the determination of proc.,sses "taking into account the roles undertaken by the organization." - Requires the applicaUon of a "risk based approach to the control of the appropriate pro- cesses needed for the quality management system." - Adds requirements related to changes to processes. - Added requirements related co validation of the application of computer software used in the quality management system. .4:.2 Documentation requirements Includes control of record.s within the docu mcnt control requirements . Ltsts the documents that would be included in the medical device file. New requirement related to protection nf co11fidentlal health information. New requirement rdated to deterioration and loss of documents 5...6 Management review - Includes requirement for the documenta11on of one or more procedures for management review and the req u!rement for manai:ement reviews at "documented planned intervals··. - Lists of inputs and outputs of management review have been expanded. 2.2. Human resources - New requirement for documentation processes of estah iishi ng competence, providing needed training and ensuring awareness of personnel. fi.J. Infrastructure - Adds requirement that infrastructure prevents product mix-up and ensure orderli• han- dling of product. - Adds Information system to the listing of supporting services. Ji.A Work environment and contamlna- - Added documentation requirements for work environment. tion control Added requirement related to control of contamination wl th microorganism or particulate- matter for sterlle medical fovices. Z1 Planning of product realization - Added requirements to list. 7,1 Customer-related processes - Added requirements to list. - New requirement related to communication with regulatory authorities. Z..1.2 Design anti development planning - Added requirements to list. - Eliminated the requirement related to the management of the interfaces between different groups involved in design and development. Ud. Design and development inputs - Added requirements to list. - Added requirement thal the requirements shall be able to he verified or validated. 1..3..5 Design and development review - Added details of the contents of records. 2..3...6 Design and development verification - Added requirement for documentation of verification plans and interface considerations. - Requirement added for records of verification. Ziil. Design and development validation - Added requirement for documentation of validation plans, product to be used for valid a· tiun and Interface considerations. Requirement added for recortls ofvalldation. 7..l..8. Design and development transfer - New sub-clause added. Z3....9. Contro I of design and develop- - Adds the requirement that the evaluation of the change effect shou ltl be made on products ment changes in process and on the outputs of risk management and product realization processes - Added detail to consider in the determination of the significance ofa design and develop- ment changes. 28 © ISO 2016 - All rights reserved

Clause in ISO 13485:2016 23...lQDesign and developmentflles LU Purchasing process 2.!..Z Purchasing information 21.:! Verification of purchased product Lil Control of production and service provision z..s...z Cleanliness of product .2..5A Servicing activities 1..5...6 Validation of processes for produc- tlon and service provision ZJ;,l. Particular requirements for val!- datlon of proces.ses for sterilization and sterile barrier systems 7.5...8 Identification LSJ.1 Preservation of product illl Feedback 8...2.2. Complaint handling .ll..k..3. Reporting to regulatory authorities ll.2.-{, Mon!tor1ng and measurement of product 6..3. Control of nonconforming product BA Analysis of data ~ Corrective action ll..!i..3. Preventive action © ISO 2016 - All rights reserved BS EN ISO 1348S:2016+A11:2021 ISO 13485:2016(£) Table A.1 (continued) Comment on change compared with ISO 1348S:2003 - New sub-clause added. - Focuses the supplier selection criteria on the effect of the supplier performance on the quality of the medica I device, the risk associated with the medical device, and the product meeting applicable regulatory requirements. - New requirements added related to monitoring and re-evaluation of suppliers, a nd action to be taken when purchasing requirements are not met - Provides a<ld111on details related to the content of the records. - New requirement added to include notification of changes in purchased product, - New requirements added an the extent of verification activities and action to be taken when the organization becomes aware of any changes to the purchased product. - Adds details related to the controls for carrying out production and service provision. - Added a requirement to the list. - New requirement for analysis of records for servicing activities, - Added requirements to the 11st - Adds details related tc situations requiring procedures. - Relates the specific approach to software validation to the risk associated w ith the use of the software. - Adds requirements related to the val1dation records. - Added requirements for sterile barrier systems. - Added requirement for unique device identification. - New requirement for a documented procedure for rroduct identilicatlon and regarding identification and product status during productiou - Adds details as to how preservation can be accomplished. - Indicates that feedback should come from production and post-production activities. - Adds a requirement to utilize feedback in risk management processes in order to monitor and maintain product requirements. - New sub-clause. - New sub-clause. - Adds rcqui rement to identify the test equipment used to perform measurement activities. - Added details related to ki 11ds of controls that shall be due um en ted. - Generalized the requirement to include any investigation and the rationale for decisions. - Adds requirements related to concessions. - Separated requirements for nonconformities detected before delivery, detected after delivery and rework. - Adds requirements for records related to the iss uanee of advisory notices. - Adds the requirement tu include determination of appropriate methods, including statisti- cal techniques and the extent of their use. - Adds detail to list of inputs. - Adds the requirement to verify that the corrective action does not have an adverse effect. - Added requirement for corrective action to be taken without undue delay. - Adds the requirement to verify that the preventive action docs not have an adverse effect. 29

BS EN ISO 13485:2016+A11:2021 ISO 13485:2016[E) AnnexB (informative) Correspondence between ISO 13485:2016 and ISO 9001:2015 Tables B.1 and .B..2 show the correspondence between ISO 13485:2016 and ISO 9001:2015. Table B.1- Correspondence between ISO 13485:2016 and ISO 9001:2015 Clause tn ISO 1348S:2016 Clause in ISO 9001:2015 1 Scope I Scope i.1.1 (no title) 4.3 Determining the scope of the qua Ilty management system !I; Qual!ty management system 4 Context of the organization 4.1 Understanding the organization and its context 4.2 Understanding the needs and expectations of interested parties 4.4 Qual!ty management system and its processes ti General requirements 4.4 Quality management system and its processes 8.4 Control of externally provided processes, products am! services 1.,; Documentation requirements 7.5 Documented information 4..2..1 Genera1 7.5.1 General ¾,.2..2 Quality manual 4.3 Determining the scope of the quality management system 4.4 Quality management system and !ts processes 7.5.1 General .42..3. Medical device file No equivalent clause !.ld; Control of documents 7. 5.2. Creating and updating 7.5.3 Control of documented information il5 Control of records 7.5.2 Creating and updating 7.5.3 Control of documented information .5. Management responsibility 5 Leadership 5.J. Management commitment 5.1 Leadership and commitment 5.1.1 General 5.2. Customer focus S.1.2 Customer focus 5...3. Quality policy 5.2 Policy 5.2.1 Establishing the quality policy S. 2.2 Communicating the quality policy ,5..4Planning 6 Planning .2.iJ. Quality objectives 6.2 Quality objectives and planning to achieve them .5.,_12 Quality management system planning 6 Planning 6.1 Actions to address risks and opportunities 6.3 Planning of changes 5..!i. Respunslb!lity, authority and communication 5 Leadership .5...5..1 Responsibility and authority 5.3 Organizational roles, responsibilities and authorities 5...5.2 Management representative 5.3 Organtzational roles, responsibilities and authorities 5...5..,;i Jnternal communkation 7.4 Communication 5_,_g Management review 9.3 Management review 5.&.l General 9.3. l General 5..Ji.,l, Review input 9.3.2 Management review inputs 5...6..3. Review output 9.3. 3 Management review outputs 30 © ISO 2016 - All rights reserved

I:. C BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(E) Table B.1 (continued) Clause in ISO 13485:2016 Clause In ISO 9001:2015 Ji. Resource management 7.1 Resources .6...1 Provision of resources 7.1.1 Genernl 7.1.2 People hl Human resources 7.2 Competence 7.3 Awareness 6..3. In fras tru ccure 7.1.3 Infrastructure U Work environment and contamination control 7.1.4 Environment for the operation of processes 1 Product realization 8 Operation 21 Planning of product reali7,ation 8.1 Operational planning and control Ll. Customer-related processes 8.2 Requirements for products and services l.ll Determination of requirements related to product 8.2.2 Detcrmi ning the requirements for products and services 1.2.2 Review ofrequlrements related to product 8.2.3 Review of the requirements for products and services 8.2.4 Changes to requirements for products and services 7.Z...3. Communication 8.2.1 Customer communication U Design and development 8.3 Design and development of products and services Z.3.J. Genera1 8.3.1 General l..1.2 Design and development planning 8.3.2 Design and development planning 7J,.3. Design and devclopmenl Inputs 8.3.3 Design and clevdopment inruts 7...3..j Design and development outputs 8.3.5 Design and development outputs L..3...5. Design and development review 8.3.4 Design and development controls U..6. Design and development verification 8.3.4 Design and develorrncnt controls 2.3..Z Design and development validation 8.3.4 Design and development controls 1,3.8 Design and development transfer 8.3.4 Design and development controls '.Z3J! Control of design .:ind development cha ngcs 8.3.6 Design and development changes 8.5.6 Control of changes Ll.1Q Dc~ign and development files 7.5.3 Control of documented information 7.1 Purchasing 8.4 Control of externally provided processes, products and services Lil Purchasing process 8.4 Control of extern~lly provided processes, products and services 8.4.1 General 8.4.2 Type and extent of control Zi.2 Purchasing Information 8.4,3 Information for external providers 1.1..3. Verification of purchased product 8.4.2 Type and extent of control 8.4.3 Information for external providers 8.6 Release of products and services 2.5. Production and service provision 8.5 Production and service provision 2..5..1 Control of production and service provision 8.5.1 Control of production and service provision 2.5..2 Clcanli ness of product No equivalent clause 1.S...3. ]nst31lation activities No equivalent clause 2..5.A Servicing activities No equivalent clause 7..5..5: Particular requirements for sterile medical devices No equivalent clause Z,.5..6. Validation of processes for production and service provision 8.5.1 Control ofprnduction and service provision Z5.2 Particular requirements for validation of processes for sterili- No equivalent c/aijse zation and sterile barrier system 2..5..ll Identificatton 8,5,2 Identification and traceability L.S..9. Traceability 8,5,2 Identification and traceab!lity ~ Customer property 8.5.3 Property belonging to customers or external providers 1..5..11 Preservation of product 8.5.4 Preservation li Control of monitoring and measuring equipment 7.1.5 Monitoring and measuring resources © ISO 2016 -All rights reserved 31

BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(E) Table B.1 (continued) Clau5e in ISO 13485:2016 Clause in ISO 9001:2015 fl Measurement. analysis and improvement 9 Performance evaluation 9.1 Monitoring, measurement, analysis and evaluation .!l...1 General 9.1.1 General 8..2 Monitoring and measurement 9,1 Monitoring, measurement, analysis and evaluation .8.2.!Feedback 8.5.S Post-delivery actlVities 9.1.2 Customer satisfaction .8..2.2 Complaint handling 9.1.2 CL1stomer satisfaction !i.2..3 Reporting to regulatory authorities 8.5.S Post-delivery activitios .8,211 nternal audit 9.2 lntcrnal audit .8...k5 Monitoring and measurement of processes 9.1.1 General .8..2.Ji Monitoring and measurement of product 8.6 Release of products and services a.:i Control of nonconforming product 8. 7 Control of nonconforming outputs fl.llGeneral 10.2 Nnnconformlty and corrective action .8...3..ZActions in response to nonconforming product detected 8. 7 Control of nonconforming outputs hcfore delivery -8..U Actions in response to nonconforming product detected arter 8. 7 Control of nonwnformlng outputs delivery 8.1: Analysis of data 9.1.3 Analysis and evaluation !L'i Improvement 10 Improvement a..5.1. General 10.t General 10.3 Continual improvement 8.5.2 Corrective action 10.2 Nonconformity and corrective action !L5...3 Preventive action 0.3.3 Risk-based thinking 6.1 Actions to address risks and opportunities 10.1 General 10.3 Continual lmprovemerit 32 © ISO 2016 -All rights reserved

BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(E) Table B.2 - Correspondence between ISO 9001:2015 and ISO 13485:2016 Clause in ISO 9001:2015 Clause in ISO 13485:2016 1 Sn,pe l Scope 4 Context of the org,rnization 1 Quality management system 4,1 Understanding tile organi~ation and its context 1J. General requirements 4.2 Understanding the needs and expectations ofintcreste<l parties il General requirements 4.3 Determining the scope of the quality management system U General requirements .i.2..2. Quality manual 4.4 Quality management system and its processes il General requirements 5 Leadership .5. Management responsibility 5.1 Leadership and commitment .5..l Management commitment 5.1,l General 5..1 Management commitment 5.1.2 Customer focus 5...2. Customer focus 5.2 Policy 5....3. Quality policy 5.2.l Establ!shlng the quality policy ~ Quality policy S,2.2 Communicating the quality policy 5...3. Quality policy S.3 Organizational roles, responsibilities and authorities .2.U Quality management system planning 5...5...1 Responsibility and authority ~ Management representative 6 Planning S.A.2 Quality management system planning 6.1 Actions to address risks and opportunities 5..1.2 Quality management system planning 8...5....3. Preventive action 6.2 Quality objectives and planning to achieve them .:i.U Quality objectives 6.3 Planning of changes .5A.2. Quality management system planning 7 Support Ji Resource management 7.1 Resources 2 Resource management 7.1.1 General U Provision of resources 7.1.2 People .6.2 Human resources 7,1.3 Infrastructure ~ Infrastructure 7.1.4 Environment for the operation of processes f!.il Work environment 7.1.S Monitoring and measuring resources M Control of monitoring and measuring equipment 7.1.5.1 General M Control of moni Coring and measuring equipment 7.1.5.2 Measurement traceability l.f, Control of monitoring and measuring equipment 7.1.6 Organizational knowledge .fi.,2. Human resources 7.2 Competence .6.2 Human resouix:es 7.3 Awareness Ji.l Human resources 7.4 Communication .5..5....3. lntcrnal communication 7.5 Documented information il Documentation requirements 7.S.1 General ,4..2.1 General 7.5.2 Creating and updating .<t..Z..d Control uf documents .4:..2....5. Control of records 7.5.3 Control of documented Information 1.U Medical device file 1.2..1 Control of documents 1..2....5. Con tro1of records .u.lll Design and development flies 8 Operation 1 Product reaHzation 8.1 Operational planning and control 1.1 Plannin~ of product reali7.ation 8.2 Requirements for products and services ,Z..2. Customer-related processes 8.2.1 Customer communication l.2...3. Communication 8.2. 2 Determining the requirements for products anti services 1..2..l Dekrmination of requ lrements related to product © ISO 2016 - All rights reserved 33

BS EN ISO 13485:2016+All:2021 ISO 13485:2016(E) Table B.2 (continued) Clause in ISO 9001:2015 CJaus e in I SO 13 485:2016 8.2. 3 Review of' the requirements for product5 and services 2.2.2. Review nf requirements related to product 8.2.4 Changes to requirements for products and services 2.2.2 Review of requirements related to product 8.3 Design and development of products and services U Design and development 8.3.1 General 2.ll General 8.3.2 Design and development planning 2..3.2 Design and develupment planning 8.3.3 Design and development inputs :z.u Des1gn and development inputs 8.3.4 Design and development controls L.J...5. Des1gn and development review U.f, Design and development verification 7...J2 Design and development validation z.a..!l. Design and development transfer 8.3.5 Design and development outputs :z..aA Design and development outputs 8.3.6 Design and development changes U.:t Control of design and development changes 8.4 Control of externally provided processes, products and services il General requirements [sec i.1.5:) M.l Purchasing process 8.4.1 General M.1 Purchasing process 8.4.2 Type and extent of control il General requirements (.see !l.l..!i.} ZA.1 Purchasing process ~ Vertflcation of purchased product 8.4.3 Information for external providers M..Z Purchasing information 2.4..3. Verification of purchased product 8.5 Production and service provts1on 7..£ Production and service provision 8.5.1 Control of production and service provision Lil Control of production and service provision 1.5..6. Validation of processes for production and service provision 8.5.2 Jdentlfication and traceability 7..5...J3. ldentification l...5.3 Traceability 8.5. 3 Property belonging tu customers or external providers LS.10. Customer property 8.5.4 Preservation l..5..11 Pt·eservation of product 8,5,5 Post-delJvery activities l..5.1 Control of production and service provision 1...5...J. Installation activities ~ Servicing activities !L.U Complaint handling 8.2-1 Reporting to regulatory authorities 8.1..3.Actions in response to nonconforming product detected after delivery 8.5.6 Control of changes 2...3.2. Control of design and development changes 8.6 Release of products and services L!,1 Verification of purchased product !1.2..(i Monitoring and measurement of product 8.7 Control of nonconformil1g outputs 83 Control of nonrnnformi ng product 9 Performance evaluation fl Measurement, analysis and improvement 9.1 Monitnring, measurement, analysis and evaluation !l. Measurement. nnalysis and improvement 9.1.1 General !l.l. General az.s Monitoring and measurement or processes az.fl Monitoring and measurement of product 9.1.2 Customer satisfaction 1.2...J Communication 8.2..1 Feedback !l,U Complaint handling 9.1.3 Analysis and evaluation M Analysis of data 9.2 Internal audit H.li Internal audit 34 © ISO 2016 - All rights reserved

Clause in ISO 9001:2015 9.3 Management review 9,3.l General 9.3.2 Management review inputs 9.3.3 Management review outputs 10 Improvement 10.1 General 10.2 Nonconformity and corrective action 10,3 Continual improvement © ISO 2016 -All rights reserved BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(E) Table B.2 {continued) Clause In ISO 13485:2016 ;i...Q. Management review 5...6....lGeneral SJi.lReview!nput 5.fL.3. Review output !l...:i lmpruvement ail General lLl! Control of nonconforming product .!l..i..Z Corrective action !l_.UGeneral Jl...5. Jm prove ment 35

BS EN ISO 13485:2016+A11:2021 ISO 13485:2016(£) Bibliography [1J ISO 9001:201531, Quality management systems - Requirements [2} ISO 10012, Measurement management systems - Requirements for measurement processes and measuring equipment [3] ISO 11607-1:2006, Packaging for terminally sterilized medical devices - Part 1: Requirements for materials, sterile barrier systems and packaging systems [4] ISO 11607-2, Packaging for terminally sterilized medical devices - Part 2: Validation requirements for forming, sealing and assembly processes [S] ISO 14644 (all parts), C/eanrooms and associated controlled environments [6J ISO 14698 (all parts), Cleanrooms and associated controlled environments - Biocontamination control [7] ISO 14971:2007, Medical devices -Application ofrisk management to medical devices {8) ISO 19011, Guidelinesforaudititl{J management systems [9J IEC 62366-1, Medical devices -Part 1: Application of usability engineering to medical devices [10] GHTF/SG1/NOSS:Z0094l, Definition of the Terms "Manufacturer': "Authorised Representative", "Distributor" and "Importer" [11) GHTF/SGS/N4:20105l, Post-Market Clinical Follow-Up Studies [12] GHTF/SG1/N70:20116), Label and Instructions for Use for Medical Devices [13) GHTF/SG1/N071:20127), Definition of the Terms "Medical Device" and "In Vitro Diagnostic {!VD) Medical Device" 3) Supersedes ISO 9001:2008. 4) Available from website: htt;p;//wwwjmdrf.nrg/documents/doc-ghtf-sgl.asp 5) Available from website: http://wwwjmdrf.org/documents/doc-ghtf-sg5.asp 6) Available from website: htJ+>://www.imdrf.org/rloc-uments/doc-ghtf-sg1.asp 7) Available from website: http: //www.jmdrf.org/documents/doc-ghtf-sg1.asp 36 © !SO 2016 - All rights reserved

BS EN ISO 13485:2016+Al1:2021 National Annex NZ (informative) Relationship between this British Standard and the Conformity Assessment Requirements of the Medical Devices Regulations 2002 (S.I. 2002 No. 618, as amended) (UK MDR 2002) aimed to be covered This Brit ish Standard may be used to provide voluntary means of conforming to particular requirements of the UK MDR 2002 ('the Regulations'), as amended. Once this standard is cited in the official designated standards list for medical devices, compliance with the normative clauses of this standard given in Tables NZ.1, NZ.2 and NZ.3 confers, within the limits of the scope of this standard, a presumption of conformity with the corresponding conformity assessment requirements stated in the annexes of Directives 90/385/EEC on active implantable medical devices, 93/42/EEC on medical devices and 98/79/EC on in vitro diagnostic medical devices as referred to by the Regulations as shown in the tables. The conformity assessment annexes of the Regulations include description of the regulatory process and activities undertaken by the UK Approved Body, which both are outside of the scope of this British Standard. Furthermore, the requirements of the Regulations refer to an application to a UK Approved Body, not to the requirement for a quality system as such. Accordingly, coverage of legal requirements can only be presumed to the extent listed in the Tables NZ.1, NZ.2 and NZ.3 if an application to a UK Approved Body: • contains the necessary quality system documentation; • has been reviewed and approved by a UK Approved Body, and the undertakings listed in the application are correctly executed by the manufacturer. Compliance with this BMtish Standard does not provide presumption of conformity with alJ the aspects of the annexes referred to by the Regulations. Therefore, a manufacturer or a UK Approved Body has to take additional provisions to ensure conformity, and claim or certify conformance. The legal requirements must be examined, applied and verified one by one and the solutions adopted must become part of the quality system in the meaning of the Regulations. For the purpose of using this standard in support of the requirements in the UK MOR 2002, where a definition in this designated standard differs from a definition of the same term set out in the Regulations, the definitions set out in the Regulations prevail. The terminology used in the Annexes of the Directives referred to by the UK MDR 2002 has been amended or substituted by The Medical Devices (Amendment etc.) (EU Exit) Regulations 2020 (Statutory Instrument 2020 No. 1478). Where the British Standard is an adoption of an international or a European standard, the scope of this document can differ from the scope of the Regulations that it supports. The standard can support UK regulatory requirements only to the extent of the scope of the Regulations. NOTE 1 Where a reference from a clause of this standard to the risk management process is made, the risk management process needs to be in compliance with the UK MDR 2002. This means that risks have to be 'reduced as far as possible', 'reduced to the lowest possible !eve!', 'reduced as far as possible and appropriate', 'removed or reduced as far as possible', 'eliminated or reduced as far as possible', 'removed or minimized as far as possible', or 'minimized', according to the wording of the corresponding essential requirements. NOTE 2 The manufacturer's policy for determining acceptable risk must be in compliance with the applicable essential requirements of AIMDD 90/385/EEC (1. 4, 5, 8, 9 and 10), MDD 93/42/EEC (1, 2, 5, 6, 7, 8, 9, 11 and 12) and IVDD 98/79/EC (Part A: 1, 2 and 5; Part B: 1.2, 2, 3, 5, 6, a nd 7) to comply with the UK MDR2002. 71

BS EN ISO 13485:2016+A11:2021 NOTE 3 When an essential requirement does not appear in Tables NZ.1, NZ.2 or NZ.3, it means that it is not addressed by this standard. Table NZ.1 - Correspondence between this British Standard and Annexes referenced in Part III (AIMDs) of the UK MDR 2002 Paragraph of Directive Clause(s)/Subclause(s) of this Remarks/Notes 90/385/EEC referred to BS by the UKMDR 2002 Annex 2 - 3.1, 1st sentence Not covered. Annex 2 - 3.1, 2nd sen• Not covered. tence, 1st indent Annex 2 - 3.1, 2nd sen- 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.6, Covered. The documentation required in this tence, 2nd indent 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5 British Standard covers the quality system documentation meant in 3.2 of Annex 2 when the explicit legal requirements are incorporated into the quality system documentation. See also coverage of 3.2 below. Annex 2 - 3.1, 2nd sen- 4.1, 5.1, 5.4, 5.5, 5.6 Covered in part. This British Standard requires tence, 3rd indent top management commitment to implementation of the quality system and that documented pro- cedures are implemented but does not require a signed undertaking. Annex 2 • 3.1, 2nd sen- 4.1, 5.1, 5.4, 5.5, 5.6 Covered in part. This British Standard requires tence, 4th indent maintenance of the approved quality system but does not require a signed undertaking. Annex 2 - 3.1, 2nd sen- Not covered. This British Standard includes tence, 5th indent requirements on post-market surveillance, and reporting adverse events and field safety correc- tive actions to authorities but does not cover all the details required by the UK MDR 2002 includ- ing timescales for reporting. Annex 2 - 3.2, 1st para- Not covered. The application of this British graph Standard does not by itself ensure the fulfilment of all regulatory requirements of the UK MDR 2002. The legal requirements must be examined, applied and verified one by one and the solutions adopted become part of the quality system in the meaning of the UK MDR 2002. Annex 2 - 3.2, 2nd para- 4.1,4.2 Covered. graph,lstsentence Annex 2 - 3.2, 2nd para- 4.1,4.2 Covered. graph, 2nd sentence Annex 2 - 3.2, 2nd para- 4.1,4.2, 7 Covered provided quality management system graph, 3rd sentence documentation makes possible a uniform inter- pretation of the quality policies and procedures, such as quality programs, quality plans, quality manuals and quality records, and that the appli- cable documentation listed in 3.2 of Annex 2 is incorporated into the quality system documen- tation. Annex 2 - 3.2, 3rd para- 4.2.1, 4.2.3, 5.1, 5.3, 5.4.1 Covered. graph (a) Annex 2 • 3.2, 3rd para- 4.2.2, 5.1 Covered. graph (b) Annex 2 - 3.2, 3rd para- 4.2.2, 5.1, 5.5.1, 5.5.2 Covered. graph (b), 1st indent 72

BS EN ISO 13485:2016+A11:2021 Table NZ.1 (continued) Paragraph of Directive Clause(s)/Subdause(s) of this Remarks/Notes 90/385/EEC referred to BS by the UK MDR 2002 Annex 2 - 3.2, 3rd para- 4.1, 5.6, 7.1, 8.2.4, 8.3, 8.4, 8.5.2, Covered provided that the methods and accept- graph (b), 2nd indent 8.5.3 ance criteria chosen by the manufacturer ensure that the requirements of the UK MDR 2002 are fulfilled. Annex 2 - 3.2 3rd para- 4.1, 4.2, 7.4, 8.2.2 Covered. graph (b} 3rd indent Annex 2 - 3.2 3rd para- 4.2, 7.3.2, 7.3.3, 7.3.7, 7.3.9, 7.3.10 Covered provided that the applicable quality graph (c) 1st indent management system documentation includes de- sign specifications identifying standards which will be applied and a description of the solutions adopted to fulfil the essential requirements which apply when designated standards are not applied in full. Annex 2 - 3.2, 3rd para- 7.3.1, 7.3.6, 7.3.7, 7.3.9 Covered. graph (c), 2nd indent Annex 2 - 3.2, 3rd para- Not covered. graph (c), 3rd indent Annex 2 - 3.2, 3rd para- 7.3.6, 7.3.7 Covered provided that the qua] ity management graph (c), 4th indent system records include the pre-clinical evalua- tion. Annex 2 - 3.2, 3rd para- Not covered. Clause 7.3.7 does not include the graph (c), 5th indent details of Annex 7. Annex 2 - 3.2, 3rd para- 4.2, 6.4, 7.1, 7.4 7.5 Covered provided that the quality management graph (d), 1st indent system documentation includes relevant docu• ments and records in regards to sterilization and purchasing. Annex 2 - 3.2, 3rd para- 4.2, 6.4, 7.1, 7.4 7.5 Covered provided that the quality management graph (d), 1st indent system documentation includes relevant docu- ments and records in regards to sterilization and purchasing. Annex 2 - 3.2, 3rd para- 4.2. 7.5.8, 7.5.9 Covered. graph (d), 2nd indent Annex 2 - 3.2, 3rd para- 4.2, 7.1, 7.4.3, 7.5.9.1, 7.6, 8.2.6 Covered provided that the documented frequen- graph (e) cy at which tests are carried out is detailed in the quality management system documentation. Annex 2 - 6.1 Not covered. The specific time periods in UK MDR 2002 are not specified in 4.2.4 or 4.2.S. Annex 5 - 3.1, 1st para- Not covered. graph Annex 5 - 3.1, 2nd para- Not covered. graph, 1st indent Annex 5 - 3.1, 2nd para- 4.1,4.2 Covered. The documentation required in this graph, 2nd indent British Standard covers the quality system documentation meant in 3.2 of Annex 5 when the explicit legal requirements are incorporated into the quality system documentation. See also coverage of3.2 below. Annex 5 - 3.1, 2nd para- 4.1, 5.1, 5.4, 5.5, 5.6 Covered. graph, 3rd indent Annex 5 - 3.1, 2nd para- 4.1, 5.1, 5.4, 5.5, 5.6 Covered. graph, 4th indent 73

BS EN ISO 13485:2016+A11:2021 Table NZ.1 (continued) Paragraph of Directive Clause(s)/Subdause(s) of this Remarks/Notes 90/385/EEC referred to BS by the UK MDR 2002 Annex 5 - 3.1, 2nd para- 4.1, 4.2 Covered in part provided that quality manage- graph. 5th indent ment system includes the technical documenta- tion relating to the applicable approved type(s) of medical device(s). Reference to the EC type-ex- amination certificate is not covered. Annex 5 - 3.1, 2nd para- Not covered. This British Standard includes graph, 6th indent requirements on post market surveillance, and reporting adverse events and field safety correc- tive actions to authorities but does not cover all the details required by the UK MDR 2002 includ- ing timescales for reporting Annex 5 - 3.2, 1st para- Not covered. Reference to the EC type-examina- graph tion certificate is not covered. Annex 5 - 3.2, 2nd para- 4.1,4.2 Covered. graph Annex 5 - 3.2, 3rd para- 4.2.1, 5.1, 5.3, 5.4.1 Covered. graph (a) Annex 5 - 3.2, 3rd para- 5.5.1, 5.5.2 Covered. graph (b), 1st indent Annex 5 • 3.2, 3rd para- 4.1, 5.6, 7.1, 8.2.4, 8.3, 8.4, 8.5.2, Covered provided that the methods and accept- graph (b), 2nd indent 8.5.3 ance criteria chosen by the manufacturer ensure that the requirements of the UK MDR 2002 are fulfilled. Annex 5 - 3.2, 3rd para- 4.1, 4.2, 7.4, 8.2.2 Covered. graph (b), 3rd indent Annex 5 - 3.2, 3rd para- 4.2, 6.4, 7.1, 7.4, 7.5, 8.2.S Covered provided that the quality management graph (c), 1st indent sys tern documentation includes relevant docu- ments and records in regards to sterilization and purchasing. Annex 5 - 3.2, 3rd para• 4.2, 7.5.8, 7.5.9 Covered. graph (c), 2nd indent Annex 5 - 3.2, 3rd para- 7.1, 7.4.3, 7.6, 8.2.6 Covered provided that the frequency at which graph (d) tests are carried out is documented in the quality management system documentation. - - - - - - - Table NZ.2 - Correspondence between this British Standard and Annexes referenced in Part II (general medical devices) of the UK MDR 2002 Paragraph of Directive Clause(s)/Subclause(s) of this Remarks/Notes 93/4Z/EEC referred to by BS the UK MOR 200 Annex II - 3.1, 1st sentence Not covered. Annex II - 3.1, 2nd sen- Not covered. tence, 1st indent Annex II - 3.1, 2nd sen- Not covered. tence, 2nd indent Annex II - 3.1, 2nd sen- Not covered. tence, 3rd indent 74

BS EN ISO 13485:2016+A11:2021 Table NZ.2 (continued) Paragraph of Directive Clause(s)/Subclause(s) ofthis Remarks/Notes 93/42/EEC referred to by BS the UK MDR 200 Annex II - 3.1, 2nd sen- 4.1,4.2 Covered. The documentation required in this tence, 4th indent British Standard covers the quality system documentation meant in 3.2 of Annex II when the explicit legal requirements are incorporated into the quality system documentation. See also coverage of 3.2 below. Annex II - 3.1, 2nd sen- 4.1, 5.1, 5.4, 5.5, 5.6 Covered. tence, 5th indent Annex II - 3.1, 2nd sen- 4.1, 5.1, 5.4, 5.5, 5.6 Covered. tence, 6th indent Annex II - Not covered. This British Standard indudes 3.1, 2nd sentence, 7th requirements on post market surveill anee, and indent reporting adverse events and field safety correc- tive actions to authorities but does not cover all 3.1, 7th indent (i) the details required by the UK MOR 2002 includ- 3.1, 7th indent (ii) ingtimescales for reporting. Annex II - 3.2, 1st para- Not covered. The application of this British graph, 1st sentence Standard does not by itself ensure the fulfilment of all regulatory requirements of the UK MD R 200 2. The legal requirements must be examined, applied and verified one by one and the solutions adopted become part of the quality system in the meaning of the UK MOR 2002. Annex 11 - 3.2, 1st para- 4.1, 4.2, 7.1. Covered. graph, 2nd sentence Annex II - 3.2, 2nd para- 4.1, 4.2, 7 Covered provided quality management system graph documentation makes possible a uniform inter- pretation of the quality policies and procedures, such as quality programs, quality plans, quality manuals and quality records, and that the appli- cable documentation listed in 3.2 of Annex II is incorporated into the quality system documen- tation. Annex II - 3.2, 3rd para- 4.2.1, 5.1, 5.3. 5.4.1 Covered. graph (a) Annex II - 3.2, 3rd para- 4,2-2, 5.1 Covered. graph (b) Annex II - 3.2, 3rd para- 4.2.2, 5.1, 5.5.1, 5,5_2 Covered. graph (b), 1st indent Annex II - 3.2, 3rd para- 4.1, 5.6, 7.1, 8.2.4, 8.3, 8.4, 8.5.2, Covered provided that the methods and accept- graph (b), 2nd indent 8.5.3 a nee criteria chosen by the manufacturer ensure that the requirements of the UK MOR 2002 are fulfilled. Annex II - 3.2, 3rd para- 4.1, 4.2, 7.4, 8.2.2 Covered. graph (b), 3rd indent Annex II - 3.2, 3rd para- 7.1, 7.2, 7.3 Covered. graph (c) Annex II - 3.2, 3rd para- 4.2.3, 7.2, 7.3.3, 7.3.4, 7.3.10 Covered provided that the documentation graph (c), 1st indent containing a general description of the medical device includes any variants. 75

BS EN ISO 13485:2016+A11:2021 Table NZ.2 (continued) Paragraph of Directive Clause(s)/Subclause(s) orthis Remarks/Notes 93/42/EEC referred to by BS the UK MDR ZOO Annex II - 3.2, 3rd para- 4.2, 7.3.3, 7.3.4, 7.3.6, 7.3.8 Covered provided that the applicable quality graph (c), 2nd indent management system documentation includes de- sign specifications identifying standards which will be applied and a description of the solutions adopted to fulfil the essential requirements which apply when designated standards are not applied in full. Annex II - 3.2, 3rd para- 7.3.1, 7.3.6, 7.3.7, 7.3.8, 7.3.9, Covered. graph (c), 3rd indent 7.3.10 Annex II - 3.2, 3rd para- 7.3.2, 7.3.3, 7.3.5, 7.3.6 Covered. graph (c), 4th indent Annex II - 3.2, 3rd para- 4.2.3 Covered provided that the quality management graph (c), 5th indent system documentation includes a statement indicating whether or not the medical device incorporates, as an integral part, a substance or a human blood derivative and the data on the tests conducted in this connection required to assess the safety, quality and usefulness of that sub- stance or human blood derivative, taking account of the intended purpose of the medical device. Annex II - 3.2, 3rd para- 4.2.3 Covered provided that the quality management graph (c), 6th indent system documentation includes a statement indi- eating whether or not the device is manufactured utilizing tissues of animal origin as referred to in Regulation EU No. 722/2012. Annex II - 3.2, 3rd para• Not covered. graph (c), 7th indent Annex II - 3.2, 3rd para- 7.3.6, 7.3.7 Covered provided that the quality management graph (c), 8th indent system records include the pre-clinical evalua- tion. Annex II - 3.2, 3rd para- Not covered. 7.3.7 does not include the details of graph (c), 9th indent AnnexX. Annex II - 3.2, 3rd para- 4.1, 4.2, 7 Covered provided that the quality management graph (c), 10th indent system documentation includes the label and, where appropriate, instructions for use. Annex II - 3.2. 3rd para- 4.2, 7.1, 7.5, 7.6, 8.1, 8,2,5, 8.2,6 Covered. graph (d) Annex II - 3.2, 3rd par- 4.1.1, 6.4, 7.5 Covered. agraph (d), 1st indent, sterilization Annex II - 3.2, 3rd par- 4.1.1. 7.4 Covered. agraph (d), 1st indent, purchasing Annex II - 3.2, 3rd par- 4.2, 7.1 Covered provided that the quality management agraph (d), 1st indent, system documentation includes relevant docu- relevant documents ments and records in regards to sterilization and purchasing. Annex II - 3.2, 3rd para- 4.2, 7.5.8, 7.5,9 Covered, graph (d), 2nd indent Annex II - 3.2, 3rd para- 4.2, 7.1, 7.4.3, 7.5.9.1, 7.6, 8.2,6 Covered provided thatthe documented frequen- graph (e) cy at which tests are carried out is detailed in the quality management system documentation. 76

BS EN ISO 13485:2016+A11:2021 Table NZ.2 (continued) Paragraph of Directive Clause(s)/Subclause(s) of this Remarks/Notes 93/42/EEC referred to by BS the UK MDR 200 Annex II - 6.1 Not covered. The specific time periods in UK MDR 2002 are not Specified in 4.2.4 and 4.2.5 Annex V - 3.1 lst para- Not covered. graph AnnexV - 3.1 2nd para- Not covered. graph 1st indent Annex V - 3.1 2nd para- Not covered. graph 2nd indent Annex V - 3.1 2nd para- Not covered. graph 3rd indent Annex V - 3.1 2nd para- 4.1,4.2 Covered provided qua Iity management system graph 4th indent documentation makes possible a uniform inter- pretatlon of the qualltypolicies and procedures, such as quality programs, quality plans, quality manuals and quality records, and that the appli- cable documentation listed in 3.2 of Annex Vis incorporated into the qua Iity system documen- tation. Annex V - 3.1 2nd para- 4.1, 5.1, 5.4, 5.5, 5.6 Covered. graph 5th indent Annex V - 3.1 2nd para- 4.1, 5.1, 5.4, 5.5, 5.6 Covered. graph 6th indent Annex V - 3.1 2nd para- 4.1,4.2 Covered in part provided that quality manage- graph 7th indent ment system includes the technical documenta- tion relating to the applicable approved type(s) of medical device(s). Reference to the EC type-ex- ami nation certificate is not covered. AnnexV- Not covered. This British Standard includes 3.1 2nd paragraph 8th requirements on post-market surveillance, and indent reporting adverse events and field safety correc- tive actions to authorities but does not cover all 3.1 2nd paragraph 8th the details required by the UK MDR 2002 includ- indent (i) ing timescales for reporting. 3.1 2nd paragraph 8th indent (ii) Annex V - 3 .2 1st para- Not covered. graph AnnexV- 3.2 2nd para- 4.1, 4.2 Covered. graph Annex V - 3. 2 3rd para- 4.2.1, 5.1, 5.3, 5.4.1 Covered. graph {a) Annex V - 3.2 3rd para- 4.2.2 Covered. graph (b) Annex V - 3. 2 3rd para- 5.1, 5.5.1, 5.5.2 Covered. graph (b) 1st indent Annex V - 3. 2 3rd para- 4.1, 5.6, 7.1, 8.2.4, 8.3, 8.4, 8.5.2. Covered provided that the methods and accept- graph (b) 2nd indent 8.5.3 a nee criteria chosen by the manufacturer ensure that the requirements of the UK MDR 2002 are fulfilled. Annex V - 3.2 3rd para- 4.1, 4.2, 7.4, 8.2.2 Covered. graph (b) 3rd indent 77

BS EN ISO 13485:2016+A11:2021 Table NZ.2 (continued) Paragraph of Directive Clause (s)/Subclause(s) of this Remarks/Notes 93/42/ EEC referred to by BS the UK MDR 200 Annex V • 3.2 3rd para- 4.2, 6.4, 7.1, 7.4. 7.5, 8.2.5 Covered provided that the quality management graph (c) 1st indent system documentation includes relevant docu- ments and records in regards to sterilization and purchasing. Annex V - 3.2 3rd para- 4.2, 7.5.8, 7.5.9 Covered. graph (c) 2nd indent Annex V - 3.2 3rd para- 7.1, 7.4.3, 7.6, 8.2.6 Covered provided that the documented frequen- graph (d) cy at which tests are carried out is detailed in the quality management system documentation. Annex VI - 3.1, 1st para· Not covered. graph Annex VI - 3.1, 2nd para- Not covered. graph, 1st indent Annex VI - 3.1, 2nd para- Not covered. graph,2ndindent Annex VI - 3.1, 2nd para- Not covered. graph, 3rd indent Annex VI - 3.1, 2nd para- 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.6, Covered. The documentation required in this graph, 4th indent 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5 British Standard covers the quality system documentation meant in 3 .2 of Annex VI when the exp Iicit legal requirements are incorporated into the quality system documentation. See also coverage of 3.2 below. Annex VI - 3.1, 2nd para- 4.1, 5.4, 5.5, 5.6 Covered. graph, 5th indent Annex VI - 3.1, 2nd para- 4.1, 5.4, 5.5, 5.6 Covered. graph, 6th indent Annex VI - 3.1, 2nd para- 4.1, 4.2 Covered in part provided that quality manage- graph, 7th indent ment system includes the technical documenta- tion relating to the applicable approved type(s) of medical device(s). Reference to the EC type-ex- amination certificate is not covered. Annex VI- Not covered. This British Standard includes 3.1, 2nd paragraph, 8th requirements on post-market surveillance, and reporting adverse events and field safety correc- indent tive actions to authorities but does not cover all 3.1, 2nd paragraph, 8th the details required by the UK MDR 2002 includ- indent (i) ing timescales for reporting. 3.1, 2nd paragraph, 8th indent (ii) Annex VI - 3.2, 1st sen- Not covered. tence Annex VI - 3.2, 2nd and 4.1, 4.2 Covered. 3rd sentences Annex VI - 3.2, 2nd para- 4.2.1, 5.1, 5.3, 5.4.1 Covered. graph, 1st indent Annex VI - 3.2, 2nd para- 7.1, 7.4.3, 7.6, 8.2.6 Covered provided that the documented frequen- graph, 2nd indent cy at which tests are carried out is detailed in the quality management system documentation. 78

BS EN ISO 13485:2016+Al1:2021 Table NZ.2 (continued) Paragraph of Directive Clause(s)/Subdause(s) of this Remarks/Notes 93/42/EEC referred to by BS the UK MDR 200 Annex VI• 3.2, 2nd para· 4.1, 5.6, 7.1. 8.2.4, 8.3, 8.4, 8.5.2, Covered provided that the methods and accept- graph.3rd indent 8.5.3 ance criteria chosen by the manufacturer ensure that the requirements of the UK MDR 2002 are fulfilled. Annex VI - 3.2, 2nd para- 4.1, 4.2, 6.1 Covered. graph, 4th indent Annex VI - 3.2, 2nd para- 4.1, 4.2, 7.4, 8.2.2 Covered. graph, 5th indent Annex VI - 3.2, 3rd para- Not covered. graph Table NZ.3 - Correspondence between this British Standard and Annex referenced in Part IV (IVDs) of the UK MDR 2002 Paragraph of Directive Clause(s)/Subclause(s) of this Remarks/Notes 98/79/EC referred to by BS the UK MDR 2002 Annex III - 3, 1st sentence Not covered. Annex 111 • 3, 1st indent 4.2.3, 7.2, 7.3.2, 7.3.3, 7.3.10 Covered provided that the documentation containing a general description of the medical device includes any variants. Annexlll-3,2ndindent 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.6, Covered. The documentation required in this 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5 British Standard covers the quality system documentation meant in 3 of Annex III when the explicit legal requirements are incorporated into the quality system documentation. Annex 111 · 3. 3rd indent 4.2, 7.1, 7.3, 7.5 Covered provided quality management system documentation includes design information, including the determination of the characteris- tics of the basic materials, characteristics and limitation of the performance of the medical devices, methods of manufacture and, in the case of instruments, design drawings, diagrams of components. sub-assemblies, circuits and the like. Annex III - 3, 4th indent 4.1, 4.2 Covered provided that, in the case of devices con- taining tissues of human origin or substances de- rived from such tissue, the quality management system documentation includes information on the origin of such material and on t he conditions in which it was collected. Annex III - 3, 5th indent 4.1, 4.2 Covered provided that the quality management system documentation includes the descriptions and explanations necessary to understand the characteristics of the medical device drawings and diagrams and the operation of the product. Annex III - 3, 6th indent 4.2, 7.3.2, 7.3.3, 7.3.6, 7.3.8 Covered provided that the quality management system documentation includes the results of the risk analysis and, where appropriate, a list of the standards applied in full or in part, and descriptions of the solutions adopted to meet the essential requirements of the UK MD R 2002 if designated standards have not been applied in full. 79

BS EN ISO 13485:2016+A11:2021 Table NZ.3 (continued) Paragraph of Directive Clause(s)/Subclause(s) of this Remarks/Notes 98/79/EC referred to by BS the UK MOR 2002 Annex III - 3. 7th indent 6.4, 7.5.2, 7.5.5, 7.5.7 Covered. Annex III - 3, 8th indent 4.2.1, 7.3.3, 7.3.4, 7.3.5, 7.3.6, Covered. 7.4.3, 7.5.1, 7.5.9, 8.2.5, 8.2.6 Annex III - 3, 9th indent 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, Covered provided the applicable regulatory 7.3.7 requirements in the design and development in- puts include the essential requirements and that conformance with these essential requirements is proven in design and development verifica- tion and validation for medical devices that are combined with other medical devices in order to operate as intended. Annex III - 3, 10th indent 4.2.5, 8.2.6 Covered. Annex Ill - 3, 11th indent 4.1,4.2 Covered provided that the quality management system documentation includes data from stud- ies in a clinical or other appropriate environment or result from relevant bibliographical referenc• es showing adequate performance evaluation ...C data showing the performances claimed by the manufacturer and supported by a reference measurement system (when available), with information on the reference methods, the refer- ence materials, the known reference values, the accuracy and measurement units used. Annex Ill · 3, 12th indent 4.2.3 a) Covered providing the quality management system documentation includes the labels and instructions for use. Annex III - 3, 13th indent 4.2 Covered provided that the quality management system records include the results of stability studies. Annex III - 4, paragraph 1 4-8 Covered. Annex Ill - 4, 2nd para- 4.2.2, 5.1, 5.5.1, 5.5.2 Covered. graph, 1st indent Annex III - 4, 2nd para- 4,6, 7, 8 Covered. graph. 2nd indent Annex III - 4, 2nd para- 4.1, 5.6, 8.2.4, 8.4, 8.5.2, 8.5.3 Covered. graph, 3rd indent Annex 111 · 5 Not covered. This British Standard includes requirements on post-market surveillance, and reporting adverse events and field safety correc- tive actions to authorities but does not cover all the details required by the UK MDR 2002 includ- ing timescales for reporting. Annex JV· 3.1, 1st para· Not covered. graph Annex IV - 3.1, 2nd para- Not covered. graph, 1st indent Annex IV - 3.1, 2nd para- Not covered. graph, 2nd indent Annex IV - 3.1, 2nd para- Not covered. graph, 3rd indent 80

BS EN ISO 13485:2016+A11:2021 Table NZ.3 (continued) Paragraph of Directive Clause(s)/Subclause(s) of this Remarks/Notes 98/79/EC referred to by BS the UK MOR 2002 Annex IV• 3.1, 2nd para- 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.6, Covered. The documentation required in this graph, 4th indent 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5 British Standard covers the quality system documentation meant in 3.2 of Annex IV when the explicit legal requirements are incorporated into the quality system documentation. See also coverage of 3.2 below. Annex IV - 3.1, 2nd para- 4.1, 5.1, 5.4, 5.5, 5.6 Covered. graph, 5th indent Annex IV - 3.1, 2nd para- 4.1, 5.1, 5.4, 5.5, 5.6 Covered in part. This British Standard requires graph, 6th indent top management commitment to implementation of the quality management system and that docu- mented procedures are implemented but does not require a signed undertaking. Annex IV - 3.1, 2nd para- Not covered. This British Standard includes graph, 7th indent requirements on post-market surveillance, and reporting adverse events and field safety correc- tive actions to authorities but does not cover all the details required by the UK MDR 2002 includ- ing timescales for reporting. Annex IV - 3.2, 1st sen- Not covered. tence Annex IV - 3.2, 2nd sen- 4.1, 4.2 Covered. tence Annex IV - 3.2, 2nd para- 4.2.1, 5.1, 5.3, 5.4.1 Covered graph (a) Annex IV - 3.2, 2nd para- 4.2.2 Covered. graph (b) Annex IV - 3.2, 2nd para- 5.5.1, 5.5.2 Covered. graph {b), 1st indent Annex IV - 3.2, 2nd para- 5.6, 8.2.4, 8.3, 8.5.2 Covered. graph (b), 2nd indent Annex IV - 3.2, 2nd para- 4.2.3, 7.2, 7.3.3, 7.3.4, 7.3.10 Covered provided that the documentation graph (c), 1st indent containing a general description of the medical device includes any variants. Annex IV - 3.2, 2nd para- 4.2. 7.1, 7.3, 7.5 Covered provided that the quality management graph (c), 2nd indent refer- system documentation includes design inforrna- ence to Annex III - section tion, including the determination of the charac- 3 3rd indent teristics of the basic materials, characteristics and limitation of the performance of the medical devices, methods of manufacture and, in the case of instruments, design drawings, diagrams of components, sub-assemblies, circuits and the like. Annex IV - 3.2, 2nd para- 4.1, 4.2 Covered provided that, in the case of devices con- graph (c), 2nd indent refer- taining tissues of human origin or substances de- ence to Annex Ill - section rived from such tissue, the quality management 3 4th indent system documentation includes information on the origin of such material and on the conditions in which it was collected. 81

BS EN ISO 13485:2016+A11:2021 Table NZ.3 (continued) Paragraph of Directive Clause(s)/Subclause(s) of this Remarks/Notes 98/79/EC referred to by BS the UK MDR 2002 Annex IV - 3.2, 2nd para- 4.1, 4.2 Covered provided that the quality management graph (c), 2nd indent refer- system documentation includes the descriptions ence to Annex III - section and explanations necessar}' to understand the 3 5th indent characteristics of the medical device drawings and diagrams and the operation of the product. Annex IV - 3.2, 2nd para- 4.2, 7.3.2, 7.3.3, 7.3.6, 7.3.8 Covered provided that the quality management graph (c), 2nd indent refer- system documentation includes the results of ence to Annex III - section the risk analysis and, where appropriate. a list 3 6th indent of the standards applied in full or in part, and descriptions of the solutions adopted to meet the essential requirements of the UK MDR 2002 if designated standards have not been applied in full. Annex IV - 3.2, 2nd para- 6.4, 7.5.2, 7.5.5, 7.5.7 Covered. graph (c), 2nd indent refer- ence to Annex Ill - section 3 7th indent Annex IV - 3.2, 2nd para- 4.2.1, 7.1, 7.3.3, 7.3.4, 7.3.S, 7.3.6, Covered. graph (c), 2nd indent refer- 7.4.3, 8.2.5, 8.2.6 ence to Annex Ill - section 3 8th indent Annex JV - 3.2, 2nd para- 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, Covered provided the applicable regulatory graph (c), 2nd indent refer- 7.3.7 requirements in the design and development in- ence to Annex Ill - section puts include the essential requirements and that 3 9th indent conformance with these essential requirements is proven in design and development verifica- tion and validation for medical devices that are combined with other medical devices in order to operate as intended. Annex IV - 3.2, 2nd para- 4.2.5, 8.2.6 Covered. graph (c), 2nd indent refer- ence to Annex III - section 3 10th indent Annex IV - 3.2, 2nd para- 4.1, 4.2 Covered provided that the quality management graph (c), 2nd indent refer- system documentation includes data from stud- ence to Annex III - section ies in a clinical or other appropriate environment 3 11th indent or result from relevant bibliographical referenc- es showing adequate performance evaluation data showing the performances claimed by the manufacturer and supported by a reference measurement system (when available), with information on the reference methods, the refer- ence materials, the known reference values, the accuracy and measurement units used. Annex JV - 3.2, 2nd para- 4.2.3 Covered provided that the quality management graph (c). 2nd indent refer- system documentation includes the labels and ence to Annex IIJ - section instructions for use. 3 12th indent Annex JV - 3.2, 2nd para- 4.2 Covered provided that the quality management graph (c), 2nd indent refer- system records include the results of stability ence to Annex Ill - section studies. 3 13th indent Annex IV - 3.2, 2nd para- 6.4, 7.5 Covered. graph (d), 1st indent 8Z

BS EN ISO 13485:2016+A11:2021 Table NZ.3 (continued) Paragraph of Directive Clause(s)/Subclause(s) of this Remarks/Notes 98/79/EC referred to by BS the UK MDR 2002 Annex JV• 3.2, 2nd para- 7.4 Covered. graph (d), 2nd indent Annex IV - 3.2, 2nd para- 4.2, 7.4, 7.5 Covered. graph (d), 3rd indent Annex IV - 3.2, 2nd para- 7.1, 7.4.3, 7.6, 8.2.6 Covered provided that the documented frequen- graph (e) cy at which tests are carried out is detailed in the quality management system documentation. Annex VII - 3.1. 1st para- Not covered graph Annex VII - 3.1, 2nd Not covered. paragraph, 1st indent, reference to Annex IV, 3.1, 1st indent Annex VII - 3.1, 2nd Not covered. paragraph, 1st indent, reference to Annex IV, 3.1, 2nd indent Annex VII - 3.1, 2nd Not covered. paragraph, 1st indent reference to Annex IV, 3.1, 3rd indent Annex VII - 3.1, 2nd 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.6, Covered. The documentation required in this paragraph, 1st indent, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5 British Standard covers the quality system reference to Annex IV, 3.1, documentation meant in 3.2 of Annex VII when 4th indent the explicit legal requirements are incorporated into the quality system documentation. See also coverage of 3.2 below. Annex VII - 3.1, 2nd 4.1, 5.1, 5.4, 5.5, 5.6 Covered. paragraph, 1st indent, reference to Annex IV, 3.1, 5th indent Annex VII - 3.1, 2nd 4.1, 5.1, 5.4, 5.5, 5.6 Covered. paragraph, 1st indent, reference to Annex IV, 3.1, 6th indent Annex VII - 3.1, 2nd Not covered. This British Standard includes paragraph, 1st indent, requirements on post-market surveillance, and reference to Annex IV, 3.1, reporting adverse events and field safety correc- 7th indent tive actions to authorities but does not cover all the details required by the UK MOR 2002 induct- ing timescales for reporting. Annex VII - 3.1, 2nd para- 4.1,4.2 Covered in part provided that quality manage- graph 2nd indent mentsystem includes the technical documenta- tion relating to the applicable approved type(s) of medical device(s). Reference to the EC type-ex- amination certificate is not covered. Annex VII - 3.2, lst para- Not covered. graph Annex VII - 3.2, 2nd para- 4.1, 4.2 Covered. graph Annex VII - 3.2, 3rd para- 4.2.1, 5.1, 5.3, 5.4.1 Covered. graph (a) 83

BS EN ISO 13485:2016+A11:2021 Table NZ.3 (continued) Paragraph of Directive Clause(s)/Subclause(s) of this Remarks/Notes 98/79/F..C referred to by BS the UK MDR 2002 Annex VII - 3.2, 3rd para- 4.2.2 Covered. graph (b) Annex VII - 3.2, 3rd para- 5.5.1, 5.5.2 Covered. graph (b), 1st indent Annex VII - 3 .2, 3rd para- 5.6, 8.2.4, 8.3, 8.5.2 Covered. graph (b), 2nd indent Annex VII - 3.2, 3rd para- 6.4, 7.5 Covered. graph (c), 1st indent Annex VII - 3.2, 3rd para- 7.4 Covered. graph (c), 2nd indent Annex VII - 3.2, 3rd para- 4.2, 7.4, 7.5 Covered. graph (c), 3rd indent Annex VII - 3.2, 3rd para- 4.2, 7.1, 7.4.3, 7.6, 8.2.6 Covered provided that the frequency at which lgraph (d) tests are carried out is documented in the qua] ity I management system documentation. WARNING 1: Presumption of conformity stays valid only as long as a reference to this British Standard is maintained in the designated standards list. Users of this standard should frequently consult the latest published list. 84

NO COPYING WITHOUT 8S1 PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW About us .We bring together business, industry, government, consumers, innovators .- and others to shape their combined experience and expertise into scandards •based solutions. ?'The knowledge embodied in our standards has been careful~ assembled in c·a dependable format and reiir,ed through our open consultatios process. t Organizations of all sizes and across all sectors choose standards to help f them achieve their goals. ~:Information on standards C' -0·We can provide you with the knowledge that your organization needs to succeed. Find out more about British Standards by visiting our website at bsigroup.com/standards or contacting our Customer Services team or ' Knowledge Centre. >Buying standards You can buy and download PDF versions of BSI publications, including British and ( adopted European and in1ernational standards, through our website at bsigroup. J com/shop, where hard copies c.an also l>e purchased. c If you need international and foreign standards from other Standards Development , · Ql'g ~nizations, hard copies. can be ordered from our Customer Servjces. team. C (Copyright in B51 publications < All the content in BSI publications. including British Standards, is the property col and copyrighted by BSI or some person or entity that owns copyright in the , · information used {such as the international standardization bodies) and has <formally licensed such information to B5I for commercial publication and use. ·;.save for the provisions l>elow. you may not transfer, share or dis.seminate any _c portion of the standaro to any other person, You may not adapt. distribute, ,. commercially exploit or publicly display the standard or any portion thereof in any r manner whatsoever without BSl's priof written consent. Storing and using standards Standards purdiased in soft copy fonmat: • A British Standard purchased in soft copy format is licensed to a sole named user for personal or internal company use only. : • The standard may be stored on mor<! than one desice provide~ that ii is accessible by the sole named user only and that only one copy is accessed at .iny one time. • A single paper copy may be printed for per;onal or internal company use only. Standards purd1ased in hard copy format: • A British Standard purchased in hard copy format is for personal or internal company use only, • It may no! be further reproduaad - in any fonmat- to create an additional copy. This includes scanning of the document. If you need mor,, than one copy of the document, or ii you wish to share the document on an internal network, you can save money by choosing a subscription product (see 'Subscrip!ions'). bsi. Reproducing extracts For permission to reproduce content from 6SI publications contact the BSI Copyright and Licensing team. Subscriptions Our range of subscription sel'lices are designed to make using standards easier lor you. For further information on our subscription products go to bsigroup. com/subsoiptions. With Briti,h Stand.lrds Online {BSOL) you'll have instant accels !0 over 55,00D British and adoptl'd European an<i international standards from your desktop. It's available 2417 and is refreshed daily so you'll always be up to date. You can keep in touch with standards developments and re,:e;ve substantial discounlS on the purchase price of standards, both in single copy and subscription format. by becoming a B51 Subscribing Member. PLUS is an updating service exclusive to 8$1 Subscribing Members You w ill automatically receive the latest hard copy of your standards when they're revised or rep laced. To find out more about becoming a BSI Subscribing Member and the benefits of membership, please visit bsigroup.comishop. With a Multi-User Network Licence {MUNL) you are able to host standards pu l)tic;ations on your intranet. Licences can ,:over as few or as many uier, as you wish. With updates supplied as soon as they're available, you can l>e sure your documentation is current. For further information, email cservices@bsigroup.com. Revisions Our British Standards and other publications are updated by amendment or revision. We continually improve the quality of our products and services to benefit ycur business. If you find an inaccuracy or ambiguity within 3 Briti,h Standard or other BSI publication please inform the Knowledge Centre. Useful Contacts Customer Services T~I: +44 345 086 9001 Email: cservices@bsigroup.com Subscrlptlo ns Tel: -,.44 345 086 9D01 Ema;I: subscriptions@bsigroup.com Knowledge Centre Tel: +44 20 8996 7004 Ema ii: knowled gecentre@b,igroup.com Copyright & Lieens ing Tel: +44 20 8996 7070 Email: copyright@l)<;igroup.com BSI Group Headquarters 389 Chiswict. High Road London W4 4AL UK