Accessing ISO Standards

 

While 21 CFR part 820 has, in effect, been entirely rewritten, the intent and effect of the regulation remains intact. To access ISO 13485 and ISO 9000:

• ISO 9000 terminology can be viewed at no cost here.
• ISO 13485 and 9000 can be viewed in a read-only format at the ANSI Incorporated by Reference portal here.
• Standards can also be purchased from the International Standard Organization here.

 

Changes You’ll Notice Right Away in QMSR

 

The transition to QMSR brings several substantial changes:

• Nomenclature Adjustments: References to ‘Quality System’ (QS) or ‘Quality System (QS) Regulation’ have been updated to ‘Quality Management System Regulation’ (QMSR) to more accurately reflect the holistic approach of ISO 13485.
• Retention of Unique U.S. Requirements: The new regulation retains key requirements unique to the U.S., such as device labeling, complaint records, service records, confidentiality, and Unique Device Identification.
• Emphasis on Quantitative Data and Competency: There is an enhanced focus on using quantitative data to drive decisions and an increased emphasis on competency, extending beyond mere training.
• Maintenance of MDSAP: The Medical Device Single Audit Program (MDSAP) will continue to be maintained and updated under the new regulations.

 

Clarification of Conflicting Clauses

 

In the FD&C Act, the definitions for ‘device’ and ‘labeling’ are found in sections 201(h) and (m), respectively. These definitions take precedence over the similar terms ‘medical device’ and ‘labelling’ used in ISO 13485:2016. Additionally, ‘safety and performance,’ as defined in Clause 0.1 of ISO 13485, is interpreted to align with ‘safety and effectiveness’ as specified in section 520(f) of the FD&C Act.

 

Adoption of New ISO 13485 Vocabulary and Practices

 

The definitions for DHF, DMR, and DHR have been removed as they duplicate the requirements specified in Clause 7 and the ‘Medical Device File’ (MDF) outlined in Clause 4.2.3 of ISO 13485. Although the specific terminology has been updated, the requirements for maintaining design and development files remain unchanged.

The requirement for an independent reviewer in design reviews has been removed. However, design reviews must still include appropriate personnel. While not mandatory, the involvement of an independent reviewer can provide critical insight and help balance the review process.

There is now an increased emphasis on Risk Management within the regulatory framework.

 

Separate Activities for FDA Inspections and ISO Audits 

 

The FDA does not intend to require ISO 13485 certification for compliance. FDA inspections will not result in the issuance of ISO 13485 certificates of conformity. Additionally, ISO certification is not a substitute for FDA oversight.

The FDA remains committed to enforcing the Food, Drug, and Cosmetic Act (FD&C Act) requirements, not only those outlined in the Quality Management System Regulation (QMSR) but also other critical regulations such as labeling (801), medical device reporting (803), reports of corrections and removals (806), medical device tracking requirements (821), and unique device identification (830). These areas fall outside the scope of ISO 13485, underscoring the FDA’s broader regulatory mandate.

 

Transition Period and Compliance

 

Manufacturers have a two-year transition period, beginning with the announcement in January 2024, to update their quality management systems (QMS) in line with the new requirements. During this time, the FDA will also revise its inspection process (Quality System Inspection Technique QSIT) to reflect the new QMSR standards, including updates to the PMA QS Module guidance (FDA-2020-D-0957). As new materials, policies, and procedures become available, FDA staff will be trained to ensure they are well-prepared to implement the updated inspection process.

Until the transition is complete, manufacturers must continue to comply with the current 21 CFR part 820 regulations, and any inspections conducted before the transition date will follow the existing requirements.

 

Considerations based on ISO Certification

 

The harmonization of ISO 13485:2016 with U.S. FDA regulations impacts all entities under FDA oversight. However, the specific effects vary depending on the status and scope of ISO 13485 certification. Assuming FDA compliance requirements apply to all entities, here are considerations we recommend:

1. ISO 13485 Certification with Full Scope

• • Recommendation: Update the nomenclature and references in your Quality Manuals, Standard Operating Procedures (SOPs), and other documentation to ensure alignment with the latest terminology.
  • Implementation: While the core processes and operations should remain largely unchanged, focus on updating nomenclature and correcting references to stay compliant.

 

2. ISO 13485 Design-Only Certification

• • Recommendation: Revise your Quality Manuals, SOPs, and related documents to reflect the updated terminology required under the new standards.
  • Implementation: Operational processes will likely remain consistent, with necessary updates focused primarily on aligning terminology and references.

 

3. No ISO 13485 Certification

• • Recommendation: Conduct a comprehensive gap analysis to identify necessary updates for aligning with ISO 13485:2016, as its requirements closely mirror the FDA’s QS regulation.
  • Implementation: Update all relevant documentation, including Quality Manuals and SOPs, to reflect current terminology, and ensure that Design Control processes are robust and fully compliant with the new standards.

 

Key Next Steps

 

To ensure a smooth transition to the new QMSR standards and compliance by the deadline on February 2, 2026, manufacturers should take the following steps:

• Perform a Gap Analysis: Conduct a thorough analysis of your current processes and systems to identify any updates required to align with ISO 13485:2016. This will help you determine what changes, if any, are necessary before the final deadline.
• Plan Meetings and Training: Organize internal meetings or training sessions to educate staff on the upcoming regulatory changes and ensure everyone is prepared to implement necessary updates.
• Designate a Transition Team: Ensure you have a designated person or team responsible for managing the compliance process.

 

Guidance and Hands-On Help – Let’s Tackle It Together 

 

Understanding and adapting to regulatory changes can be complex. If you’re seeking expert guidance and hands-on help through the transition to the new QMSR, MDC Associates is here to assist. Our team of regulatory specialists is ready to support you in updating your quality management systems to meet the new FDA and ISO standards. Reach out to us at to schedule a consultation.

Partnering with MDC Associates means more than just compliance. Our team not only provides strategic guidance but also offers hands-on support to execute critical tasks, helping you minimize risk, optimize resources, and navigate regulatory complexities with confidence—positioning your organization for long-term success and a competitive edge in a demanding industry.