When medical customers say “we need ISO 13485,” they usually mean one thing in practice: prove what you built, prove you followed controlled instructions, and prove you can trace issues back to components, lots, processes, and shipments. ISO 13485 is a quality management system standard for medical devices and related activities, and it pushes organizations toward documented, repeatable control of processes and evidence.
This article focuses on contract manufacturing reality for electronics: what documentation customers expect you to produce, how traceability should work for PCBAs and harnesses, and what evidence prevents audit findings and supply-chain disruptions.
Contract manufacturing adds risk that customers can’t “see”: multiple operators, multiple shifts, substitutions during shortages, test fixtures changing over time, suppliers changing, and builds shipping to different integration sites. Customers push for ISO 13485 because it forces discipline: controlled instructions, controlled changes, and records that provide objective evidence of conformity.
Think in two buckets: documents = controlled instructions you follow (work instructions, travelers, test procedures), and records = evidence you followed them (build logs, test results, NCRs, calibration records). Customers expect both—and they expect them to agree.
Customers expect that the instructions used on the floor are approved, current, and available at point-of-use—and that obsolete versions can’t accidentally be used. They also expect you can show what version was used for a specific build (especially after changes).
For medical electronics, customers typically expect a DHR-style package (even if they don’t use that term) that can answer: Did you build the right configuration? Did you test it the right way? Did it pass? If not, what did you do about it?
| Record type | What it proves | Common electronics examples |
|---|---|---|
| Incoming inspection / receiving | critical parts were verified before use | key components, harnesses, custom parts, certificates |
| In-process checks | build steps were performed and verified | torque logs, visual inspection, polarity checks, wiring continuity |
| Functional test results | unit meets acceptance criteria | power rail validation, load tests, comms checks, burn-in summary |
| Final inspection / release | unit was released under a controlled decision | sign-off, label verification, packaging verification |
| Calibration status | measurements are trustworthy | cal certs for meters, fixtures, programmable loads |
In electronics, “traceability” is often the deciding factor for customer confidence. The practical goal is containment: if a component lot is later found defective, you can rapidly identify affected serial numbers and shipments.
Customers expect more than “we reworked it.” They expect a controlled nonconformance record: what failed, disposition (use-as-is / rework / scrap), verification after rework, and whether a corrective action was required. This is where good traceability pays off: it turns customer concerns into fast containment.
In medical electronics, you can outsource processes (plating, conformal coat, specialized test, cable assemblies), but you can’t outsource responsibility. Customers expect you to define supplier requirements, verify incoming quality where it matters, and keep evidence that outsourced processes are controlled.
Two practical points drive customer behavior:
| Customer question | What you should be able to provide |
|---|---|
| How do you control build instructions? | Controlled traveler/WI/test procedure with approvals + revision history + proof of version used for a given build |
| What records come with each shipment? | Build record package (DHR-style): key inspections, test results summary, release sign-off, label verification |
| How deep is traceability? | Serial-to-work-order mapping and, for defined critical items, lot/serial trace to components and key processes |
| How do you manage nonconformances? | NCR process, disposition controls, verification after rework, and CAPA linkage when needed |
| How are suppliers controlled? | Approved supplier list evidence, purchasing requirements, incoming verification plan, change notification process |
| Can you support audits? | Records retrieval process, retention approach, and a clear “who owns what” responsibility map |
If your build includes power distribution and DIN-rail components, documenting configuration control and test acceptance criteria is especially important: DIN-rail power supplies. For examples of compliance work patterns, see Safety/Compliance cases.
Grounding/bonding discipline often shows up as both quality and compliance risk in integrated cabinets: Control panel grounding and bonding failure modes.
At minimum, expect controlled build instructions (travelers/work instructions/test procedures) and shipment-ready records that prove the unit was built and tested to acceptance criteria, with traceability to the configuration and (where required) component lots/serials.
Documents are controlled instructions (what you intend to do). Records are evidence (what you actually did and the results). Customers expect both—and they expect them to be consistent for the specific product revision shipped.
It depends on risk and customer requirements. A common baseline is serial-to-work-order plus traceability for defined critical items: key components, custom parts, harnesses, PCBAs, and special processes that are difficult to verify later.
FDA published a final rule that amends 21 CFR 820 by incorporating by reference the ISO 13485:2016 QMS requirements (QMSR). Many customers interpret this as a stronger expectation for ISO 13485-style documentation and records discipline.
MDSAP is a single-audit approach for medical device manufacturers’ quality management systems. It uses ISO 13485:2016 as the QMS basis and adds participating regulators’ requirements, so customers often use MDSAP language when they care about audit-ready evidence.
References:
