Last Updated on September 25, 2025 by Melissa Lazaro

Introduction: Why a 90-Day Plan Works

Here’s the truth—most teams overcomplicate ISO 13485. They see it as a massive, expensive project that could take a year or more, and that mindset alone makes the process drag on. I’ve seen startups stall for months because they didn’t know where to begin, and established companies waste resources by spreading efforts too thin.

But ISO 13485 doesn’t have to be overwhelming. When you break it into a clear 90-day action plan, the path forward suddenly feels manageable. Instead of chasing everything at once, you focus on what really matters—laying the groundwork, building the core system, and testing it for audit readiness.

This guide gives you that roadmap. Over the next few sections, you’ll see how to:

• Run a focused gap analysis so you know exactly where you stand.

• Build a lean project plan and assign roles without bloating your budget.

• Develop the essential processes and training your team actually needs.

• Test your system through audits and CAPA so you’re confident when auditors arrive.

Think of this article as your big picture blueprint. For the deep dives, I’ll point you to supporting guides—like how to build a project plan, run training that sticks, integrate risk management, and even implement ISO 13485 on a startup budget.

By the end, you’ll have a step-by-step, 90-day playbook to get ISO 13485 off the ground—without drowning in paperwork or breaking the bank.

Laying the Groundwork (Days 1–30)

The first 30 days are all about clarity. Before you dive into documentation or audits, you need to understand where you stand, what your scope will be, and who’s going to lead the effort. Think of this as building the foundation—if you skip it, everything else will feel shaky.

Step 1: Run a Gap Analysis

Start with a gap analysis to identify what’s already in place and where the biggest holes are. This prevents wasted effort and gives you a realistic picture of how much work lies ahead.
[Read the ISO 13485 Gap Analysis Checklist guide]

Step 2: Define Project Scope & Team

Decide which parts of your business will be covered under ISO 13485—just design and development, or full manufacturing too? Then assign roles. Even if people wear multiple hats, clarity on responsibilities avoids delays later.
[See the ISO 13485 Project Plan Template]

Step 3: Align with Your Budget

Startups especially worry about costs, but you don’t need a huge budget to make progress. Focus on essentials—certification fees, training, and a working QMS. Avoid overspending on software or consultants too early.
[Check out ISO 13485 Implementation on a Start-Up Budget]

Pro Tip: Use what you already have. Supplier records, design notes, and test results can often be adapted into compliant documents without starting from scratch.

Outcome by Day 30: You’ll have a clear picture of your gaps, a defined scope, named responsibilities, and a realistic budget plan. This sets you up to start building the system in the next phase.

Building the System (Days 31–60)

With your foundation in place, the next 30 days are about building the core of your Quality Management System (QMS). This is where policies, procedures, and risk management come together to form a system that actually works in practice.

Step 1: Develop Core SOPs and Records

Focus on the essentials first: document control, CAPA, supplier management, training, and risk. Don’t aim for a library of 50 SOPs—keep it lean and relevant to how your team works.
[See ISO 13485 Project Plan Template for guidance on documentation]

Step 2: Integrate Risk Management

ISO 13485 and ISO 14971 go hand in hand. By embedding risk thinking into your QMS (design reviews, supplier checks, production processes), you avoid costly rework later and impress auditors.
[Explore Integrating ISO 13485 with ISO 14971 and MDSAP]

Step 3: Begin Employee Training

Even the best QMS fails if your team doesn’t understand it. Keep training role-specific, practical, and short. Document attendance and test comprehension so you have evidence ready for audits.
[Read ISO 13485 Training for Employees Made Easy]

Pro Tip: Don’t over-engineer your system. Start simple, get it working, and expand later as the company grows. Auditors care more about whether the system is being followed than how glossy it looks.

Real-life story: I worked with a startup that built risk management into their design reviews right from the start. Instead of separate meetings and duplicate paperwork, they combined both. Not only did this save time, but it also made their Stage 2 audit run smoothly—because auditors could see risk management was truly integrated, not just a checklist item.

Outcome by Day 60: You’ll have a working draft QMS with core procedures documented, risk management embedded, and your team trained on their roles.

Testing & Audit Readiness (Days 61–90)

By this stage, your QMS is documented and running. The final 30 days are about proving it works. Auditors don’t just want to see procedures on paper—they want evidence that your system is being used and continuously improved.

Step 1: Run Internal Audits

Use a structured checklist to test whether processes are being followed. Capture findings, assign corrective actions, and make sure evidence is recorded. This is your “dress rehearsal” for the certification audit.
[See ISO 13485 Gap Analysis Checklist for audit prep ideas]

Step 2: Conduct a Management Review

Top management must be actively involved. Review progress, risks, CAPAs, and resources. This isn’t just a compliance task—it’s a chance to confirm leadership is aligned.

Step 3: Correct Findings with CAPA

Any gaps from internal audits or reviews should go straight into your CAPA system. Closing issues now prevents them from becoming nonconformities in the certification audit.

Step 4: Run a Mock Audit or Readiness Check

If budget allows, bring in an external reviewer for a short, focused audit. If not, do a DIY mock audit using your team. The key is practicing audit scenarios and confirming records are ready to show.
[Read ISO 13485 Implementation on a Start-Up Budget for low-cost audit prep]

Step 5: Map to MDSAP (Optional for Global Markets)

If you’re targeting multiple countries, align your system with MDSAP at this point. This ensures your ISO 13485 QMS also satisfies global regulators.
[Explore Integrating ISO 13485 with ISO 14971 and MDSAP]

Pro Tip: Practice answering audit questions out loud. It builds confidence and shows auditors that staff understand their roles, not just the paperwork.

Outcome by Day 90: Your QMS is documented, tested, and corrected. You have audit evidence, trained staff, and a system ready for Stage 1 and Stage 2 certification audits.

FAQs About the 90-Day ISO 13485 Action Plan

Q1: Is 90 days really enough to implement ISO 13485?

Yes—if you focus on essentials. The 90-day plan isn’t about creating a “perfect” QMS from day one. It’s about getting a functional, compliant system in place quickly, then refining and expanding it over time.

Q2: Can small teams or startups handle ISO 13485 without consultants?

Absolutely. Many startups succeed by handling documentation, training, and internal audits themselves. Consultants can add value for specific areas—like readiness checks or regulatory nuance—but they’re not mandatory for every step.
[See ISO 13485 Implementation on a Start-Up Budget]

Q3: What happens if we don’t pass the first audit?

That’s common and not the end of the road. Most companies get a few minor nonconformities in their first attempt. As long as your system is functional, you’ll be given time to correct issues. With the 90-day plan in place, you’ll already have the structure to close gaps quickly.

Conclusion: 90 Days to Confidence

ISO 13485 can feel intimidating when you look at it as one massive project—but breaking it into a 90-day action plan changes everything. By focusing on clear stages—laying the groundwork, building the system, and testing it for audit readiness—you move from overwhelm to steady progress.

The big picture:

• In the first 30 days, you identify your gaps, define scope, and set responsibilities.

• By day 60, you’ve built the core of your QMS with documented processes, risk management, and trained staff.

• By day 90, your system is tested, corrected, and ready to face auditors with confidence.

The best part? You don’t need a huge budget or a big team to get there. With the right priorities and smart use of resources, even startups can achieve certification without breaking the bank.

Your next step: Start with a gap analysis to see exactly where you stand. From there, follow the 90-day roadmap and dive deeper into the supporting guides:

• [ISO 13485 Gap Analysis Checklist]

• [ISO 13485 Project Plan Template]

• [ISO 13485 Training for Employees Made Easy]

• [Integrating ISO 13485 with ISO 14971 and MDSAP]

• [ISO 13485 Implementation on a Start-Up Budget]

By following this approach, you’ll not only earn certification—you’ll build a quality system that actually supports your business long-term.