ISO 13485 and 21 CFR 820: what medical device manufacturers need to know 

The U.S. Food and Drug Administration (FDA) has introduced a significant amendment to 21 CFR 820, which regulates the Quality System Regulation (QSR) for medical device manufacturers. The update incorporates by reference the ISO 13485:2016 standard, an internationally recognised framework for quality management systems (QMS) specific to medical devices. This alignment is a critical development, reflecting the FDA’s efforts to harmonise U.S. regulations with global standards, thereby simplifying compliance for manufacturers operating in multiple markets.

In this article, we will explore the differences in the submission process, what’s new for medical device manufacturers, and how companies can navigate this transition effectively.

ISO 13485:2016 vs 21 CFR 820

21 CFR 820 has long been the cornerstone of quality management for medical devices in the U.S., setting the requirements for quality systems that manufacturers must establish and maintain. ISO 13485:2016, on the other hand, is a globally recognised standard that outlines the criteria for a QMS, focusing specifically on medical devices. While both frameworks share the common goal of ensuring product quality and patient safety, ISO 13485:2016 is more detailed in certain areas and has a broader international scope.

By incorporating ISO 13485:2016 into 21 CFR 820, the FDA aims to streamline regulatory compliance for medical device manufacturers who sell products both in the U.S. and internationally. This amendment reduces the burden of maintaining separate QMSs for different markets and encourages the adoption of best practices globally.

Key changes in the submission process

With the incorporation of ISO 13485:2016 into 21 CFR 820, the submission process for medical device manufacturers will undergo several changes:

Documentation requirements

• Unified QMS documentation: Manufacturers can now leverage a unified QMS documentation that meets both FDA and international requirements. This means that the same set of documents used to comply with ISO 13485:2016 can be submitted to the FDA, simplifying the process and reducing duplication.
• Risk management documentation: ISO 13485:2016 places a strong emphasis on risk management throughout the product lifecycle. Manufacturers must ensure that risk management activities are thoroughly documented and integrated into their QMS. This documentation will now be a critical component of the submission process to the FDA.

Audit and inspection readiness

• Harmonised audit approach: The alignment of 21 CFR 820 and ISO 13485:2016 may lead to a more harmonised audit approach. Manufacturers should be prepared for FDA inspections that closely resemble those conducted by international bodies under ISO 13485. This includes being ready to demonstrate how their QMS complies with both sets of requirements during inspections.
• Supplier controls: ISO 13485:2016 places greater emphasis on supplier controls and the verification of purchased products. Manufacturers will need to provide detailed documentation on supplier selection, evaluation, and monitoring processes, which will be scrutinised during FDA audits.

Risk-based approach

• Enhanced focus on risk management: The risk-based approach central to ISO 13485:2016 is now explicitly incorporated into the U.S. regulatory framework. Manufacturers must ensure that their risk management processes are robust and fully integrated into their QMS. This includes demonstrating how risks are identified, evaluated, and mitigated at every stage of the product lifecycle.

What’s new for medical device manufacturers?

The amendment to 21 CFR 820 introduces several new requirements and considerations for medical device manufacturers:

Global harmonisation

• Simplified compliance: For manufacturers operating globally, the incorporation of ISO 13485:2016 into U.S. regulations simplifies compliance efforts. A single QMS can now be developed and maintained to meet both FDA and international standards, reducing administrative burdens and potential compliance risks.
• Increased market access: Manufacturers with ISO 13485:2016 certification will find it easier to enter the U.S. market, as their existing QMS can be more readily adapted to meet FDA requirements.

Increased regulatory scrutiny

• Stricter enforcement of risk management: The FDA’s adoption of ISO 13485:2016 means that risk management is now more central to regulatory compliance. Manufacturers can expect increased scrutiny of their risk management processes during FDA inspections, with a particular focus on how risks are managed and mitigated throughout the product lifecycle.
• Emphasis on post-market surveillance: ISO 13485:2016 requires manufacturers to implement robust post-market surveillance systems. The FDA will likely place greater emphasis on these activities during inspections, requiring manufacturers to demonstrate how they monitor and respond to product performance in the field.

Transition period and compliance deadlines

• Transition planning: Manufacturers currently compliant with 21 CFR 820 but not yet fully aligned with ISO 13485:2016 will need to plan for a smooth transition. The FDA is expected to provide a transition period, during which manufacturers can update their QMS and ensure compliance with the new requirements.
• Training and education: Companies will need to invest in training for their teams to understand the nuances of ISO 13485:2016 and how it differs from the previous 21 CFR 820 requirements. This is essential to ensure that all staff involved in the QMS, from top management to operational personnel, are fully aware of their roles in maintaining compliance.

Preparing for the future: strategies for compliance

To navigate the changes introduced by the amendment to 21 CFR 820, medical device manufacturers should consider the following strategies:

Conduct a gap analysis

• Identify areas of improvement: Manufacturers should conduct a thorough gap analysis to identify areas where their current QMS falls short of the ISO 13485:2016 requirements. This analysis will help prioritize updates and ensure that the transition is as smooth as possible.

Update documentation and processes

• Revise QMS documentation: Manufacturers must update their QMS documentation to align with ISO 13485:2016. This includes revising procedures, work instructions, and forms to reflect the new requirements.
• Enhance supplier management: Given the increased emphasis on supplier controls, manufacturers should review and enhance their supplier management processes. This may involve more rigorous supplier evaluations, increased oversight, and more detailed documentation.

Invest in training and education

• Train your team: Ensuring that all employees understand the new requirements is critical to maintaining compliance. Manufacturers should invest in comprehensive training programs that cover the key changes and how they impact day-to-day operations.

Monitor regulatory developments

• Stay informed: The regulatory landscape is constantly evolving. Manufacturers should stay informed about ongoing developments related to 21 CFR 820 and ISO 13485:2016 to ensure they remain compliant with the latest requirements.

Ensure your company is ready for the new FDA regulations

The amendment to 21 CFR 820 marks a significant shift in the regulatory landscape for medical device manufacturers in the U.S. By incorporating ISO 13485:2016, the FDA has taken a major step toward global harmonisation of quality management systems. While this change brings new challenges, it also offers opportunities for manufacturers to streamline their compliance efforts and enhance their global market presence. By understanding the key differences in the submission process and preparing for the new requirements, manufacturers can ensure a smooth transition and continue to deliver safe and effective medical devices to patients around the world.

Need guidance in navigation ISO 13485? Our experts will help you ensure that your company is ready for the new FDA regulations. Contact us today.