← All guides

ISO 9001 and ISO 13485 in Injection Moulding: What They Mean for Buyers

ISO certificates are useful, but only if the scope matches the part you are buying. For injection moulding, ISO 9001 shows that the supplier has a general quality management system. ISO 13485 is the medical-device quality standard and is the relevant benchmark when the moulded component enters a regulated medical-device supply chain.

The certificate is not the quality plan. A buyer still needs the drawing, material specification, inspection method, traceability requirement, change-control rules, and acceptance criteria written into the project.

What does ISO 9001 cover in an injection moulding context?

ISO 9001:2015 specifies requirements for a quality management system (QMS) for organisations that need to provide products and services that meet customer and applicable statutory or regulatory requirements. In a moulding shop, a credible ISO 9001 scope should cover the site and processes used to make your parts.

For injection moulding buyers, ISO 9001 usually points to documented systems for:

  • Process control and parameter monitoring, such as injection pressure, melt temperature, cycle time, and hold pressure
  • Incoming resin inspection and supplier control
  • Non-conformance recording and corrective action
  • Calibrated measurement equipment
  • Drawing revision control and customer complaint handling
  • Batch or order traceability at the level agreed with the customer

Certification is awarded by an accredited third-party certification body after audit. The certificate includes the certified organisation, site, scope, issue date, and expiry date. Read that scope. A certificate for "sales and administration" does not prove the moulding floor is certified.

ISO 9001 does not guarantee a specific defect rate or tolerance capability. It means the supplier has an audited system for controlling work. The buyer still has to define what "good part" means.

What does ISO 13485 add for medical device components?

ISO 13485:2016 is the internationally recognised QMS standard for organisations involved in medical devices. It is not just a stricter version of ISO 9001. It is written around regulatory control, documented evidence, risk, traceability, validation, and the medical-device lifecycle.

Key additions and stronger controls include:

Regulatory documentation. Records must support the customer's regulatory file and quality agreement. The required content depends on whether the moulder is build-to-print, has design responsibility, performs assembly, or controls a special process.

Risk-based controls. ISO 13485 uses risk-based thinking across QMS processes. Device-level risk management is normally owned by the legal manufacturer, often under ISO 14971, but component suppliers may need to provide evidence that supports that risk file.

Process validation. Processes whose output cannot be fully verified by later inspection must be validated. In moulding, this can apply to over-mould adhesion, insert retention, leak-tightness, cleanliness, sterile-barrier-related handling, or other agreed critical characteristics.

Traceability. Medical projects often require traceability from resin lot to moulding lot, machine, tool, process window, inspection record, and shipment. The exact depth is defined by the device risk class, customer agreement, and regulatory route.

Change control. Resin substitutions, colourant changes, tool repairs, cavity changes, process changes, and supplier changes need defined approval rules. For regulated work, "equivalent material" is not enough unless the customer's regulatory and quality teams approve it.

How do ISO 9001 and ISO 13485 compare?

Attribute ISO 9001:2015 ISO 13485:2016
Applicable sector Any sector Medical devices and related services
Main purpose Consistent products/services and customer satisfaction Medical-device regulatory QMS requirements
Risk approach Risk-based thinking Risk-based controls across QMS and product processes
Process validation Required where needed to control processes, less prescriptive Explicitly required where output cannot be fully verified
Design controls Applies if supplier has design responsibility More formal design and development file requirements where design applies
Traceability As required by customer/product More prescriptive where traceability is required by regulation/customer
Regulatory link Supports customer and statutory requirements Written for regulatory purposes in medical devices
Customer complaint handling Required Required, with stronger links to regulatory reporting where applicable
Record retention Defined by the organisation and customer requirements Defined by regulation, customer agreement, and device lifecycle
Certification body examples BSI, TÜV, DNV, Bureau Veritas, other accredited bodies Same type of accredited bodies; scope must cover medical-device activity

A supplier holding ISO 13485 has a QMS aimed at medical-device work. A supplier holding only ISO 9001 may still be suitable for non-critical plastic parts, lab equipment, or early prototypes, but it should not be assumed suitable for regulated device components without a quality and regulatory review.

When is ISO 13485 required?

ISO 13485 is required when the customer, regulator, notified body, or quality agreement makes it a condition of the project. For many medical-device components, that condition is practical even if the legal duty sits with the finished-device manufacturer.

EU Medical Device Regulation (MDR 2017/745). The MDR requires device manufacturers to establish and maintain a QMS proportionate to the device and risk class. ISO 13485 is commonly used as the recognised route for building that QMS. Critical component suppliers are often required by the device manufacturer or notified body expectation to hold ISO 13485 or equivalent controls.

US FDA QMSR / 21 CFR Part 820. As of February 2, 2026, FDA's Quality Management System Regulation incorporates ISO 13485:2016 by reference for finished-device manufacturers. Component and part manufacturers are not directly covered by Part 820 unless they are performing regulated finished-device activities, but FDA encourages them to consider the regulation, and customers often flow requirements down by contract.

IVD devices. The EU IVDR creates equivalent QMS pressure for in vitro diagnostic devices and their critical components.

If the moulded part contacts a patient, carries fluid, forms part of a diagnostic instrument, affects sterility, controls dosing, or is named as a critical component by the device manufacturer, expect ISO 13485-level controls to be requested. If the part is an industrial enclosure, consumer product, or non-medical bracket, ISO 9001 is often enough.

How should a buyer evaluate a certified moulding supplier?

Certification is the start of supplier qualification, not the end. Use these steps.

Verify the certificate. Ask for the certificate number, certification body, accreditation mark, site address, issue date, expiry date, and scope. Verify the certificate with the issuing body or its public register where available.

Check the scope. The scope should cover injection moulding and any relevant secondary processes: insert moulding, over-moulding, assembly, pad printing, welding, clean handling, or inspection. If the certificate covers a different site, it may not help your project.

Review audit and non-conformance history. Ask when the last surveillance audit was completed and whether any major non-conformances remain open. Annual surveillance between recertification audits is a normal part of accredited certification.

Ask for documentation samples. For medical work, request a sample quality plan, first-article inspection template, certificate of conformity template, traceability example, and validation approach. For general industrial work, request sample material certificates, inspection reports, and non-conformance reports.

Nordmould can provide certification and quality documentation for review when it is available and relevant to the selected partner facility. Buyers should make certification, traceability, and validation requirements explicit in the RFQ so the project is routed correctly.

What certification signals should buyers treat as red flags?

Several patterns suggest that a certificate may not reflect the process you are buying.

Certificate issued by an unrecognised body. Certification is only useful when the issuing body is accredited by a recognised accreditation authority, such as UKAS, DAkkS, FINAS, EAK, or another IAF-recognised body.

Scope that excludes production. A certificate covering only administration, sales, or quality management services does not prove the moulding operation is certified.

Wrong site. Multi-site suppliers may certify one plant but quote production from another. The site on the certificate must match the production site.

No surveillance audit evidence. If the supplier cannot identify the last surveillance audit, treat the certificate as unverified until the certification body confirms it.

Weak traceability records. A supplier claiming medical-device capability but unable to show a batch record, resin lot traceability, or controlled change process is not ready for regulated production.

Frequently asked questions

Does my injection moulding supplier need to be ISO 9001 certified? ISO 9001 is not a legal requirement for most commercial products, but many OEMs treat it as a baseline signal that the supplier has a documented quality management system. Ask for the current certificate, scope, site, and expiry date rather than relying on a logo.

When is ISO 13485 required for injection moulded parts? ISO 13485 is usually required by contract when a moulded part is used in a medical device or supplied into a regulated medical-device supply chain. The legal obligation sits mainly with the finished-device manufacturer, but critical component suppliers are commonly expected to hold ISO 13485 or work under equivalent audited controls.

What is the difference between ISO 9001 and ISO 13485? ISO 9001 is a general quality management standard. ISO 13485 is written for medical-device organisations and adds stronger controls around regulatory documentation, traceability, risk, validation, cleanliness where applicable, and supplier control. It overlaps with ISO 9001 but is not simply a superset.

How do I verify that a moulding supplier is genuinely certified? Request the certificate number, issuing certification body, site address, expiry date, and scope statement. Verify the certificate directly with the certification body or accreditation route, and check that injection moulding and relevant secondary processes are inside the scope.

Does ISO certification guarantee part quality? No. Certification confirms that a supplier's quality management system has been audited against a standard. It does not prove that a specific part is dimensionally correct, made from the right resin lot, or free of defects. First-article inspection and production controls still matter.

What documentation should a certified supplier provide? At minimum, ask for the current certificate with scope and expiry date, material certificates or certificates of conformity, inspection records for agreed dimensions, and PPAP/ISIR or validation records where the project requires them. Medical work may also need traceability and process-validation evidence.

Can Nordmould produce parts for medical devices? Nordmould can review medical-device moulding enquiries and route them toward a partner and documentation level that matches the stated requirement. Buyers should declare ISO 13485, ISO 10993, clean handling, traceability, and validation needs at the enquiry stage.


Contact Nordmould with your regulatory and documentation requirements so the quote can be matched to the right certification level.

Last reviewed: 2026-05

Get a quote Free DFM review