Who needs ISO?

This decision depends primarily on who is the holder of the product, whose name will be on the product as the manufacturer.

If you are a manufacturer (license), then the manufacturer is expected to have ISO 13485 implemented. According to ISO 13485, when the manufacturer (license holder) outsources any part of the production process, this part of the process is still the manufacturer's responsibility. This means that regardless of the fact that you have outsourced that part of the production, that production must also be carried out in accordance with the requirements of ISO 13485. It doesn't matter if they will be ISO 13485 certified, or if you will make all this documentation as part of your ISO 13485 quality system. It all depends on how you agree. There must be a Quality Agreement between you and that company in which all mutual responsibilities will be described. Be prepared that regardless of your mutual agreement and the fact whether they are certified or not, there is a possibility that during your audit by a certification body, the auditor requires that an audit be conducted in that outsourced company as well. 

For more information on this topic, please see the following article:

• First-, Second- & Third-Party Audits for medical device manufacturers & suppliers - https://advisera.com/13485academy/knowledgebase/first-second-third-party-audits-for-medical-device-manufacturers-suppliers/

You can see how we designed a Quality agreement with the subcontractor in our ISO 13485:2016 Documentation toolkit:

• Quality Agreement for Subcontractor https://advisera.com/13485academy/documentation/quality-agreement-for-subcontractor/