When considering expanding operations to include activities outside the previously certified scope, what is the most appropriate sequence? Should we create procedures and practices that are inconsistent with the certified scope or update the scope first, although in this situation we wouldn't yet have any procedures to support that wider scope and certainly no evidence to show they were being followed (yet).
Assign topic to the user
ISO 13485 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 13485 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 13485 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
First, clearly describe what activities are planned outside the current certified scope. This can be documented as a planned scope extension, business decision, regulatory strategy, or change-control record. Then, perform a gap analysis and impact assessment to determine what new activities are required in terms of regulatory requirements, ISO 13485 clauses, competence, infrastructure, suppliers, records, risk management, validation, PMS, technical documentation, etc. According to the results of this GAP analysis, develop or revise procedures before implementation. The next step is to train relevant personnel, assign responsibilities, qualify suppliers if needed, establish records, and begin operating the new processes under controlled conditions. Before asking the certification body to extend the certified scope, the new activities should be included in the internal audit programme and discussed in management review, at least to the extent that implementation and readiness can be demonstrated. Only after the QMS has been updated, implemented, and evidence exists, you can ask the certification body to assess and formally extend the certified scope.
First, clearly describe what activities are planned outside the current certified scope. This can be documented as a planned scope extension, business decision, regulatory strategy, or change-control record. Then, perform a gap analysis and impact assessment to determine what new activities are required in terms of regulatory requirements, ISO 13485 clauses, competence, infrastructure, suppliers, records, risk management, validation, PMS, technical documentation, etc. According to the results of this GAP analysis, develop or revise procedures before implementation. The next step is to train relevant personnel, assign responsibilities, qualify suppliers if needed, establish records, and begin operating the new processes under controlled conditions. Before asking the certification body to extend the certified scope, the new activities should be included in the internal audit programme and discussed in management review, at least to the extent that implementation and readiness can be demonstrated. Only after the QMS has been updated, implemented, and evidence exists, you can ask the certification body to assess and formally extend the certified scope.
Comment as guest or Sign in
May 14, 2026