What is the difference between ISO 9001, AS 9100, ISO 13485 and TL 9000?

The four standards share a common QMS skeleton (top-management commitment, document and record control, internal audit, management review, corrective and preventive action) but target different sectors. ISO 9001:2015 is the generic baseline, built on the Annex SL high-level structure and applicable to any industry. AS 9100 Rev D (2016) is the aerospace overlay, published by the IAQG (International Aerospace Quality Group): it embeds ISO 9001 word-for-word and adds aerospace-specific clauses on configuration management, counterfeit-part prevention, special processes, product safety and traceability. ISO 13485:2016 is the medical-device QMS: it deliberately did not migrate to Annex SL and adds design controls, risk management linked to ISO 14971, sterile barrier validation and post-market surveillance. TL 9000 is the telecom overlay maintained by the QuEST Forum (now part of TIA) and combines a requirements handbook with a measurements handbook reporting KPIs to a central repository (MRS).

Can a single QMS cover ISO 9001, AS 9100 and ISO 13485 together?

In theory yes, in practice rarely. ISO 9001 and AS 9100 share the Annex SL structure and integrate cleanly: most AS 9100-certified organisations run a single integrated management system that satisfies both standards, often extended to ISO 14001 (environment) and ISO 45001 (health and safety). ISO 13485 sits apart: it kept the ISO 9001:2008 structure and explicitly excludes some ISO 9001:2015 requirements such as continual improvement framed as a generic principle. An organisation that needs both an aerospace and a medical scope typically maintains two QMS branches with a shared top layer (policy, document control, internal audit programme) and separate operational procedures. Trying to collapse everything into a single document set usually fails at the next ISO 13485 surveillance audit.

Is ISO 9001 mandatory for electronics manufacturers?

ISO 9001 is not mandatory by law in the European Union or in the United States for general electronics. It is a voluntary standard, certifiable by accredited bodies under ISO/IEC 17021-1 (UKAS, COFRAC, ANAB, DAkkS, JAB and others). It is however a contractual prerequisite for many tier-1 customers and public procurement frameworks. Aerospace customers require AS 9100, medical-device customers require ISO 13485 (and the regulator does as well, through MDR or the US QMSR), telecom Tier-1 operators may require TL 9000. So the practical answer is: ISO 9001 alone is rarely sufficient for B2B electronics, but it is the entry door and the substrate on which sector overlays are added.

What changed between ISO 9001:2008 and ISO 9001:2015, and what about 2026?

ISO 9001:2015 introduced the Annex SL high-level structure (HLS), risk-based thinking as an explicit requirement, the "context of the organisation" clause (4) covering interested-party analysis, and a stronger emphasis on leadership commitment without the dedicated management-representative role. The process approach was made more explicit. ISO 9001:2015 remains the current edition in 2026. A revision (commonly referred to as ISO 9001:2026) is in development at ISO/TC 176. As of mid-2026 the working draft is not yet a published standard. Once published, a transition period (typically three years) is granted by accredited certification bodies. Existing ISO 9001:2015 certificates remain valid during the transition.

Does AS 9100 certification require special auditor accreditation?

Yes. AS 9100 audits are not delivered under the general ISO/IEC 17021-1 accreditation alone: the IAQG (International Aerospace Quality Group) runs the OASIS scheme (Online Aerospace Supplier Information System) which lists every certified aerospace supplier worldwide and the certification bodies authorised to issue AS 9100 (or EN 9100, JISQ 9100) certificates. Auditors must be qualified under the AATT (Aerospace Auditor Training and Transition) scheme. A certificate that does not appear in OASIS is not recognised by aerospace primes. The IAQG also publishes 9101 (audit requirements), 9104 (oversight) and 9117 (delegation of verification) that govern the audit programme.

What is the status of the US FDA QMSR Final Rule and ISO 13485?

In February 2024, the US FDA published the QMSR Final Rule (Quality Management System Regulation), which amends 21 CFR Part 820 to incorporate ISO 13485:2016 by reference. The effective date is 2 February 2026. From that date, the QSR (Quality System Regulation) as historically structured is replaced by the QMSR, and FDA inspections will be carried out against the new framework. The substance of ISO 13485:2016 is preserved, but FDA-specific provisions (definitions, labelling cross-references, complaint files, UDI) are retained. Medical- device manufacturers selling in the US must have their QMS ready against the QMSR from February 2026 onwards. MDSAP (Medical Device Single Audit Program) audits already used ISO 13485 as the technical baseline and are unaffected in structure.

What does TL 9000 add on top of ISO 9001 for telecom suppliers?

TL 9000 is a two-volume standard: the Quality Management System Requirements Handbook (QMS-R), currently at Release 6.3 (2023), and the Quality Management System Measurements Handbook (QMS-M), currently at Release 5.5. The requirements handbook embeds ISO 9001 and adds telecom-specific clauses (long-term planning, end-of-life management, network outage analysis, services lifecycle). The measurements handbook defines telecom KPIs reported monthly to the Measurements Repository System (MRS), in particular outage measurements (network outage frequency and duration), Field Replacements per Thousand (FRT, also known as return rate), problem reports per million, on-time delivery. The MRS aggregates these measurements anonymously and produces industry benchmarks used by Tier-1 operators in supplier evaluation.

How is MDSAP related to ISO 13485 and is it a separate certification?

MDSAP (Medical Device Single Audit Program) is not a separate standard: it is an audit programme that uses ISO 13485:2016 as its technical baseline plus the regulatory requirements of five participating regulators (FDA for the US, Health Canada, ANVISA for Brazil, TGA for Australia, MHLW/PMDA for Japan). A single MDSAP audit, carried out by an MDSAP- authorised auditing organisation, satisfies the QMS audit requirements of all five jurisdictions. Health Canada has required MDSAP since 1 January 2019, replacing the previous CMDCAS scheme. The other regulators accept MDSAP as an alternative or complementary path. An MDSAP certificate is typically issued alongside an ISO 13485:2016 certificate by the same auditing organisation.

QMS: ISO 9001, AS 9100, ISO 13485, TL 9000 compared

Author Hugues Orgitello Last updated 27 May 2026 ~12 min read

Guide · QMS standards

A quality management system (QMS) is the documented and operational backbone of any serious electronics manufacturer. Four standards dominate the landscape: ISO 9001:2015 as the generic baseline, AS 9100 Rev D for aerospace, ISO 13485:2016 for medical devices and TL 9000 for telecommunications. They share a common QMS skeleton inherited from ISO 9001 but diverge significantly on design controls, traceability, configuration management and operational measurement. This page maps the four standards onto each other for an electronics manufacturer choosing a regime, or running several regimes in parallel, with emphasis on the practical points where the sector overlays change the workload.

The four standards at a glance

Standard	Current edition	Sector	Owner / publisher	Required by
ISO 9001	2015	Generic	ISO TC 176	Voluntary, contractual
AS 9100 Rev D	2016	Aerospace, defence, space	IAQG (international group)	Aerospace primes
ISO 13485	2016 (amended Cor 1 2023)	Medical devices	ISO TC 210	EU MDR, US QMSR, MDSAP regulators
TL 9000	QMS-R R6.3 (2023) + QMS-M R5.5	Telecommunications	TIA QuEST Forum	Tier-1 telecom operators

ISO 9001 is the substrate. AS 9100 and TL 9000 explicitly embed ISO 9001 word-for-word and add sector clauses. ISO 13485 keeps the ISO 9001:2008 structure (it did not migrate to Annex SL when ISO 9001:2015 did) and adds medical-device clauses; it does not embed ISO 9001:2015 verbatim.

ISO 9001:2015: the generic baseline

ISO 9001:2015 is published by ISO Technical Committee 176 (Quality management and quality assurance). It is built on Annex SL, the high-level structure (HLS) that ISO management-system standards share since 2012, and it makes risk-based thinking, process approach and leadership commitment explicit requirements.

Clause structure

Clause	Title	What it covers
1	Scope	Applicability of the standard
2	Normative references	(Empty in ISO 9001)
3	Terms and definitions	Refers to ISO 9000 vocabulary
4	Context of the organisation	External / internal issues, interested parties, QMS scope, processes
5	Leadership	Top-management commitment, quality policy, roles
6	Planning	Risks and opportunities, quality objectives, change planning
7	Support	Resources, competence, awareness, communication, documented information
8	Operation	Operational planning and control, design and development, externally provided products and services, production and service provision, release of products, control of non-conforming outputs
9	Performance evaluation	Monitoring, measurement, analysis, internal audit, management review
10	Improvement	Non-conformity and corrective action, continual improvement

Clause 8.3 (design and development) is conditionally applicable: ISO 9001 allows an organisation to exclude it where design is not part of its scope. AS 9100 and ISO 13485 both make design controls mandatory in their respective sectors.

Certification path

ISO 9001 certification is delivered by certification bodies accredited under ISO/IEC 17021-1 by national accreditation bodies (UKAS in the UK, COFRAC in France, ANAB in the US, DAkkS in Germany, JAB in Japan, and so on, all members of the IAF MLA mutual-recognition arrangement). The typical cycle is a three-year certificate with annual surveillance audits and a full re-certification audit at year three. The certificate identifies the accreditation mark, the certification body, the scope of certification, the issue and expiry dates.

Status of the next revision

ISO TC 176 has been working on the next edition of ISO 9001, commonly referenced as the 2026 edition while in draft. As of mid-2026, the working draft is not yet a published standard. Once it is published, certification bodies will define a transition period (typically three years from publication) during which ISO 9001:2015 certificates remain valid and progressively migrate to the new edition. The substance is expected to evolve on climate-change considerations, ethics and stronger interested-party engagement, but no revolution is anticipated.

AS 9100 Rev D: aerospace overlay

AS 9100 (in the US), EN 9100 (in Europe) and JISQ 9100 (in Japan) are identical technical documents published in their respective regions. Together they form the 9100 standard maintained by the IAQG (International Aerospace Quality Group). Rev D was published in 2016; Rev E is in development as of 2026, with publication expected once the revision project is closed. The 9100 family covers:

Standard	Scope
9100	Aerospace QMS for manufacturers (design, production)
9110	Aerospace QMS for maintenance, repair and overhaul (MRO) organisations
9120	Aerospace QMS for stockists and distributors
9101	Audit requirements for the 9100 family
9104	Programme oversight
9117	Delegation of product verification

What AS 9100 adds to ISO 9001

Aerospace addition	Why it matters
Configuration management	Aerospace assemblies require formal configuration baselines (identification, control, status accounting, audits) that ISO 9001 does not mandate
Counterfeit-part prevention	Explicit clauses require a supply-chain programme to detect and avoid counterfeit components; AS 6174 and AS 5553 are commonly referenced
Product safety	A dedicated safety clause covering safety items and special characteristics
Special processes	Welding, heat treatment, non-destructive testing (NDT), surface treatments require process qualification (often Nadcap)
Material traceability	Forward and backward traceability of materials and components down to lot and serial
First Article Inspection (FAI)	Formal FAI per AS 9102 for new or changed parts
Risk and operational risk management	Risk integrated into project, supply chain and production decisions
Customer-furnished property	Specific controls for property supplied by the customer
Foreign object debris (FOD)	A documented FOD prevention programme

OASIS, AATT and audit specifics

AS 9100 audits are governed by the IAQG ICOP scheme (Industry Controlled Other Party). Auditors must be qualified via the AATT (Aerospace Auditor Training and Transition). Certificates are registered in the OASIS database (Online Aerospace Supplier Information System), publicly searchable. An aerospace prime checking a supplier verifies the certificate in OASIS rather than relying on the paper certificate alone.

The audit references AS 9101 (audit requirements). Findings are graded as major or minor, with strict timelines for closure (typically 60 days for a major). A major finding can suspend the certificate. The level of evidence expected is substantially deeper than for ISO 9001, in particular on traceability, configuration baselines and special processes.

ISO 13485:2016: medical-device QMS

ISO 13485:2016 is published by ISO Technical Committee 210. It is the dominant medical-device QMS internationally. The 2016 edition was followed by Cor 1 (2023), a corrigendum that corrected editorial points without changing substance.

ISO 13485:2016 deliberately did not migrate to Annex SL. Its structure stays close to ISO 9001:2008. This decision was taken to preserve regulatory stability for medical-device manufacturers, who rely on this QMS for placing on multiple regulated markets simultaneously.

What ISO 13485 adds to (and removes from) ISO 9001

Medical-device feature	Reference clause	Comment
Design and development controls	Clause 7.3	Mandatory, with design plan, inputs, outputs, review, verification, validation, transfer, changes, design history file
Risk management linked to ISO 14971	Multiple clauses	Risk integrated into design, supplier control, post-market surveillance
Document and record retention	Clause 4.2	Longer retention rules driven by device lifetime
Sterile barrier validation	Clause 7.5	Validated process for sterile devices
Cleanliness and contamination	Clause 6.4, 7.5	Cleanroom controls where applicable
Software validation	Clause 4.1.6 and 7.5.6	Validation of QMS-relevant software and process software
Complaint handling and vigilance	Clause 8.2	Documented complaint files, vigilance reporting hooks
Field safety corrective actions (FSCA)	Clause 8.3	Tied to MDR, US 21 CFR Part 806
Continual improvement	Clause 8.5	Less prescriptive than ISO 9001:2015, framed as suitability and effectiveness of the QMS

Regulatory anchoring

ISO 13485:2016 is not a regulation by itself, but it is referenced by multiple regulators:

EU MDR 2017/745 and IVDR 2017/746: notified bodies expect a QMS aligned with ISO 13485:2016 for conformity assessment under Annexes IX, X, XI of MDR.
US FDA QMSR: the QMSR Final Rule (published 2 February 2024, effective 2 February 2026) amends 21 CFR Part 820 to incorporate ISO 13485:2016 by reference. The legacy QSR is being phased out.
Health Canada: MDSAP (which uses ISO 13485 as its technical baseline) has been mandatory since 1 January 2019, replacing CMDCAS.
Brazil ANVISA, Australia TGA, Japan MHLW/PMDA: accept MDSAP audits.

See MDR for the EU regime and the medical-device deep dives for sector specifics.

MDSAP audit programme

MDSAP (Medical Device Single Audit Program) is the multi-regulator audit programme operated under IMDRF coordination. A single MDSAP audit, carried out by an MDSAP-authorised auditing organisation (a subset of ISO 13485 certification bodies), satisfies the QMS audit obligations of FDA, Health Canada, ANVISA, TGA, and PMDA/MHLW. The technical reference is ISO 13485:2016, complemented by the regulatory annexes of each jurisdiction. The audit follows a defined process model: Management, Measurement, Analysis and Improvement, Design and Development, Production and Service Controls, Purchasing, plus regulator-specific tasks (Medical Device Adverse Events, Advisory Notices, Medical Device Registration).

TL 9000: telecom-sector overlay

TL 9000 is the telecommunications QMS, originated by the QuEST Forum in the late 1990s and now maintained by the Telecommunications Industry Association (TIA) following the QuEST Forum integration into TIA in 2017. It targets equipment vendors, component manufacturers and service providers supplying network operators.

TL 9000 is a two-handbook standard:

Handbook	Current edition	Scope
Quality Management System Requirements Handbook (QMS-R)	Release 6.3 (2023)	ISO 9001 embedded plus telecom-specific clauses
Quality Management System Measurements Handbook (QMS-M)	Release 5.5	Telecom KPIs and reporting rules

Telecom additions

The requirements handbook adds telecom-specific clauses around:

Long- and short-term planning for product lifecycle.
End-of-life (EOL) and end-of-service (EOS) notifications to customers.
Network outage analysis and reporting.
Configuration management of releases, patches and firmware.
Services lifecycle and on-site installation controls.
Software development lifecycle alignment.

Measurement handbook and the MRS

The measurements handbook defines a set of telecom KPIs that certified organisations must compute and report monthly to the Measurements Repository System (MRS), operated under the TL 9000 programme. Common categories include:

KPI family	Examples
Outage measurements	Service outage frequency, outage duration, root-cause distribution
Hardware return / replacement	Field Replacements per Thousand (FRT), Annualised Return Rate (ARR), early returns
Software quality	Problem reports per million NEs (network elements), fix response time
Service quality	On-time delivery (OTD), on-time service performance
Customer-perceived	Customer complaints, escalations

The MRS aggregates the data anonymously and produces industry benchmarks (best in class, average, worst quartile) that Tier-1 operators use in supplier evaluation. TL 9000 audits verify both that the QMS clauses are met and that the measurements are collected, defined and reported as the handbook prescribes.

TL 9000 certification is voluntary, but for several Tier-1 operators it is a contractual prerequisite for inclusion in an Approved Vendor List. The TL 9000 certificate identifies the product categories (numbered 1.x through 8.x in the standard) for which the measurements are reported, since reporting rules differ between hardware, software and services.

Stacking and integrated management systems

Most electronics manufacturers run more than one management-system standard. The typical stack:

Layer	Standard	Purpose
Quality core	ISO 9001:2015	Substrate
Sector overlay	AS 9100, ISO 13485, TL 9000, IATF 16949	Customer or regulator requirement
Environment	ISO 14001:2015	Environmental management
Health and safety	ISO 45001:2018	Occupational health and safety
Information security	ISO/IEC 27001:2022	Information security management
Energy	ISO 50001:2018	Energy management

Annex SL was designed to allow standards built on it to share a common skeleton: ISO 9001, ISO 14001, ISO 45001, ISO/IEC 27001, ISO 50001 and AS 9100 (which embeds ISO 9001) all follow it, so a single integrated management system (IMS) can host them. ISO 13485 does not follow Annex SL: stacking it on top of an Annex SL IMS requires careful mapping rather than direct overlay.

Practical stacking patterns

Sector	Typical stack
Generic consumer electronics	ISO 9001 + ISO 14001 + ISO 45001
Aerospace electronics	ISO 9001 + AS 9100 + ISO 14001 + ISO 45001 + (sometimes Nadcap for special processes)
Medical-device electronics	ISO 13485 + ISO 14971 (risk) + IEC 62304 (software) + IEC 60601-1 (safety) + MDSAP
Automotive electronics	ISO 9001 + IATF 16949 + ISO 14001 + ISO 45001 (see IATF 16949)
Telecom infrastructure	ISO 9001 + TL 9000 + ISO 14001 + ISO/IEC 27001 + ISO 45001
Mixed (defence + civil)	Two QMS scopes, shared documentation top layer, separate operational paths

Audit calendar consolidation

When a single certification body covers several standards in scope, it is usual practice to align surveillance audits in a combined audit that consolidates auditor days. For example, an ISO 9001 + ISO 14001 + ISO 45001 combined surveillance lasts shorter than three separate audits. AS 9100 audits cannot be fully merged with ISO 9001 (the AS 9100 certificate replaces the ISO 9001 scope where applicable), but combined audits with ISO 14001 / ISO 45001 are common. ISO 13485 audits often stay separate, in particular when an MDSAP audit is in the calendar.

Common pitfalls

Pitfall	Consequence
Treating ISO 9001 design and development (clause 8.3) as optional in a regulated sector	Acceptable for ISO 9001 alone, but AS 9100 and ISO 13485 make design controls mandatory; cherry-picking creates audit findings
Missing counterfeit-part prevention programme for AS 9100	A major finding under AS 9100 Rev D; aerospace primes flag it during their own audits
Configuration management treated as ad-hoc on aerospace cable harnesses	Lack of formal configuration baselines is a recurring AS 9100 finding; documented baselines are the audit evidence
Late or missing MRS monthly submissions for TL 9000	Risk to the TL 9000 certificate; some Tier-1 operators monitor MRS submission status as part of supplier scorecards
Confusing ISO 13485:2016 with ISO 9001:2015 structure	The two have different clause structures; an ISO 13485 file cross-referenced into an ISO 9001:2015 framework can hide mandatory clauses
QMSR transition delayed past February 2026	FDA inspections after 2 February 2026 reference the QMSR; a QMS still aligned to the legacy QSR alone risks observations
Trying to merge ISO 13485 and ISO 9001 into a single document set	Possible in theory, costly in practice; the structural divergence usually surfaces at the next ISO 13485 audit
Forgetting MDSAP for the Canadian market	Mandatory since 1 January 2019; Health Canada does not accept a stand-alone ISO 13485 certificate without MDSAP
Ignoring OASIS verification before contracting an AS 9100 supplier	A printed AS 9100 certificate is not the source of truth; OASIS is
Letting design history file (ISO 13485) drift from configuration baseline (AS 9100) on dual-scope products	Documentation hygiene must reconcile both; a single product cannot have two incompatible histories

How to choose

The question for an electronics manufacturer is rarely "which QMS standard?" but rather "which sector overlays do I need on top of ISO 9001?". Three short questions help:

Who are my customers? Aerospace primes demand AS 9100. Medical-device customers (and the regulator) demand ISO 13485. Telecom operators may demand TL 9000 contractually. Automotive Tier-1s demand IATF 16949. Consumer electronics generally settle for ISO 9001.
Do I do design and development on the product, or only manufacture against a customer file? Design controls are the largest delta between ISO 9001 (optional) and AS 9100 / ISO 13485 (mandatory). If you have a design office, expect to operate full design controls in any regulated sector.
Is my product lifecycle long? Long-lifecycle products (aerospace, medical, telecom infrastructure) generate strong demand on configuration management, traceability, change control, end-of-life management. Generic ISO 9001 does not address those points to the same depth.

See IATF 16949 for the automotive equivalent overlay, MDR for the EU medical-device regulation that anchors ISO 13485 in Europe, and FDA 510(k), De Novo, PMA for the US medical-device routes that anchor ISO 13485 via the QMSR.