Now in its newer version, ISO 13485 and FDA cGMP QSR (Quality Management Systems Requirements) encompass legal requirements set within regulations such as QSR 21 CFR 820 or MDD 93/42/EEC...and nations applicable laws and regulations. Other relevant requirements to consider encompass HIPAA, (Sarbanes-Oxley), and for Canada - CMDCAS (which is to change to MDSAP), and the European Union Directives MDD for the medical devices. Moreso challenging with the continual advent of CYBERSECURITY, for which we can help.

Medical Devices and ISO 13485 / EN 46001FDA QSR and MDD, and alike current ISO 13485, is for regulatory purpose. Requiring the implementation and sustaining a management system in adhering to legal requirements and that these need be appropriate for the production, installation, and servicing of medical device(s) [whether class (I, II+, III+)]. These includes design and manufacturing (as labeling requirement see 21 CFR Part 801.4), or country applicable regulations, whether, India, Iran, France, South Africa, Israel, Argentina, Chile, Indonesia, Malaysia...

    In the U.S. FDA cGMP QSR requirements harmonize with the International Organization for Standardization ISO 13485. Current ISO 13485 focus in product - device and compliance to legal obligations and requirements that meets and fulfill legal and regulatory requirements, in lieu of customer satisfaction as ISO 9001 does.

For MDD 93/42/EEC or QMSMDD ISO 13485 for the EU the CB and AB needs be European. Similarly for CMDCAS (MDSAP) where needs be Canadian requirement. For USA, must fulfill legal requirements 21 CFR 820 (QSR). We ought not to forget that ISO for regulatory purpose (a nation that has no medical devices regulations may adopt the regulations of another nation).

Planning is essential to the implementation of the quality management system for medical devices, at the earliest stages of processing and applicable to every significant area that affects quality, product safety, and device performance (effectiveness). Planning involves identifying, defining, and implementation concurrent with documenting practices and providing records to demonstrate objective evidence and thus propitiates effective actions (deriving from the field or internally). Is require that a risk analysis needs to occur which begins and derives from the design stages resulting in information for manufacturing processes.

After the implementation of a management system for medical devices based quality, this managerial system (ISO 13485, FDA QSR, MDD, and similar others from across the world), needs to remain dynamic through continuos updates. The system remains dynamic through feedback, verifying effectiveness in compliance through audits, management reviews, and identify the need to continuously improve (e.g., see Kaizen, IKB Performance, ISO 14971, and similarity such as HACCP principles is for ISO 22000, and applying principles as "PERM" prevent > eliminate > reduce > mitigate | "PERM" is credit to the certification body BRS). Thereof, reassessment of risks needs to remain part of the periodical reviews and updates. Part of risk assessment needs to involve competence of personnel through education, and training ensuring that the operational activities are in tune with the organization's objective, mission, and (quality) policy, and products / service risks. An effective management system results in increasing safety and operational effectiveness in the design, development, production, distribution and servicing of devices; which in turn reduces liability and assists in managing regulatory requirements (et al risk), increases market satisfaction, less generation of waste (e.g. scrap), lower costs, improves communications, elevates employee morale... Thus resulting in a competitive (internationally), and generating higher profits, whilst assuring control of risk / hazards. To name a few regulations, whether the U.S. or any other nation:

    ISO 14971 provides a guidance tool to the application of risk management to medical devices.

    ISO 11135-1 such as AAMI/ISO 13485 is for ethylene oxide (EtO) gas sterlization validation protocol, which can combine with QMS MDD ISO 13485 for competent certification bodies.

    The 2016 version, consideration others in the supply chain are now explicit.

FDA cGMP QSR is a U.S. government mandate (management system) that demands activities that relate to designing and producing medical devices. Consideration must be given to the context within the introduction and your supply role (e.g. OEM, Tier 1, Tier 2, Tier 3...). It is equivalent in Canada, which mandates ISO 13485 management system registration under CMDCAS. For medical devices the organizations needs to comply with legal and regulatory obligations and for which ISO 13485 can be a tool for compliance. For implementation, ISO 13485 requires that the following be addressed; labeling, packaging, process design, market approval and others linking directly to manufacturing, encompassing assessment of risk, purchasing and contractor control, control of physical facilities, equipment, design of processes & development, design and production documentation, effective design transfer, production control, production records, packaging, treaceability, and feedback.

FDA QSR supersedes ISO 13485, yet it provides a management tool (understanding that legal and regulatory obligations and compliance is not substituted by ISO 13485). The requirements within FDA GMP QSR are more extensive / specific as it will be those within your specific country. And alike ISO 13485 address the aspects and requirements to produce and provide safe and effective devices, based on principles such as those as "PERM".

Under FDA GMP QSR, MDD, applying ISO 13485... the management system must have a document structure that initiates with a policy and objectives within a manual which sets the directives for follow-up at procedural and operational level as to sustain by objective evidence.


Elements of a Quality System for Medical Devices is a regulatory mandate within each country,

The policy and its objectives and documents in procedural format are set by management. The objective is to produce safe and effective devices.

Controlling the documentation comprises...

  • Product-specific technical documentation such as engineering drawings, component purchase specifications, procedures for manufacturing processes and testing;
  • Including labeling, packaging, etc.;
  • System documentation levels structure, such as procedures and instructions applicable for all products; and
  • Monitoring of activities and product performance and conformance to specifications; and any deviations from device and process specifications and company policies are feedback into the system for corrective action providing; and provide a vehicles for prevention. The FDA requires manufacturers of medical devices to operate in a state-of-control.

Implementation of a management system, such as FDA QSR, and concurrent with ISO 13485 is to assist organizations in the prevention of defective design, products and servicing.

Inspection and testing provide information that can flow into knowledge through actions by learning from correcting on the basis of root causes analysis and to enhance the prevent within the likelihood of other products and processes. Identifying and solving  problems is a requirement of the QSR (quality system requirements, CAPA) regulation and applying QSIT techniques. Further, management system improvements refers to providing ongoing effectiveness and safer products. Bodies and platforms for accreditation to conduct ISO 13485 assessments and certification includes various such as accreditation bodies in partnership with IAF,  the GOB | GCC signatories, SCC CMDCAS / MDSAP as well others with the necessary competence and impartiality within the medical sectors.


With ongoing events on CYBERSECURITY

Our technical Cyber Security team can help in counter measures that are preventive in nature, as we done in Europe and U.S.



FDA GMP QSR... ISO 13485 
 For Regulatory PurposeHome Portal...