ISO 13485 & CFR 21 Part 820 QSR
Medical device manufacturers must navigate complex regulatory landscapes to ensure their products meet safety and quality standards. Two pivotal regulations in this arena are ISO 13485 for global markets and CFR 21 Part 820 Quality System Regulation (QSR) for the US market. Whilst the FDA is in the process of updating CFR 21 Part 820 to align more closely with ISO 13485, two standards currently have some distinct differences that companies must understand if they aspire to get their products to market across these regions.
In this blog, we’ll explain five of the key differences between ISO 13485 and QSR and explore how the FDA’s updates aim to harmonize these regulations.
1. Scope & Applicability
ISO 13485
ISO 13485 is an international standard designed specifically to set minimum requirements for Quality Management in the medical device industry. This standard ensures that conforming organisations implement a Quality Management System (QMS) and demonstrate an ability to provide medical devices and related services that consistently meet customer and regulatory requirements. ISO 13485 is applicable to organisations involved in one or more stages of the medical device lifecycle, including design, production, installation, and servicing.
CFR Part 820
CFR 21 Part 820, also known as the Quality System Regulation (QSR), is a regulatory requirement enforced by the FDA for medical device manufacturers selling products in the United States only. It outlines the QMS requirements that manufacturers must follow to ensure their products are safe and effective. Unlike ISO 13485, CFR 21 Part 820 is a federal regulation and carries legal implications for non-compliance.
Difference
The primary difference in the scope and applicability of these two standards is that ISO 13485 is voluntary and applies internationally, whereas CFR 21 Part 820 is mandatory regulation that is specifically for the U.S. market.
2. Focus on Risk Management
ISO 13485
ISO 13485 places a significant emphasis on risk management throughout the product lifecycle. It requires manufacturers to establish a systematic process for identifying, evaluating, and controlling risks associated with medical devices. The standard mandates comprehensive risk management procedures during the design and development phases, as well as throughout production and post-market activities. It is supplemented by ISO 14971, the international standard for Application of Risk Management to Medical Devices.
3. Design and Development Requirements
ISO 13485
ISO 13485 includes detailed requirements for the design and development of medical devices. It necessitates a structured approach, including planning, input, output, review, verification, validation, and design transfer. The standard emphasizes the importance of design controls to ensure the device meets user needs and intended use.
CFR 21 Part 820
CFR 21 Part 820 also mandates design controls but provides a more prescriptive approach. The regulation specifies requirements for design and development planning, design input, design output, design review, design verification, design validation, and design changes. These requirements are intended to ensure the device meets specified requirements and is safe and effective for its intended use.
Difference
While both standards require robust design and development processes, ISO 13485 offers more flexibility in how these processes are implemented. In contrast, CFR 21 Part 820 provides a more detailed and prescriptive framework.
4. Documentation and Record-Keeping
ISO 13485
ISO 13485 requires extensive documentation to demonstrate compliance with its QMS requirements. This includes maintaining specific records of the outputs of the procedures, processes, and activities that make up the QMS. Documentation must be controlled, and records must be maintained to provide evidence of conformity to requirements and the effective operation of the QMS.
CFR 21 Part 820
CFR 21 Part 820 also emphasizes documentation but places a stronger focus on the traceability of medical devices. The QSR mandates detailed record-keeping for all aspects of the QMS, including device history records (DHR), device master records (DMR), and quality system records (QSR). These records must be easily accessible for inspection by the FDA.
Difference
Both standards require rigorous documentation, but CFR 21 Part 820 has more extensive requirements for the specific types of records that must be maintained and for ensuring their accessibility for FDA inspections.
5. Supplier Management
ISO 13485
ISO 13485 requires manufacturers to establish criteria for the selection, evaluation, and re-evaluation of suppliers. It emphasizes the importance of supplier management in ensuring the quality of procured products and services. Manufacturers must implement a risk-based approach to supplier management, including monitoring of supplier performance and periodic re-evaluation. ISO 13845 also requires that Quality Agreements are employed as part of your risk based supplier controls.
CFR 21 Part 820
CFR 21 Part 820 also requires manufacturers to evaluate and select suppliers based on their ability to meet specified requirements. However, the QSR places a greater emphasis on the need for purchasing controls to ensure that all purchased or otherwise received product and services conform to these specified requirements, rather then taking a risk-based approach and applying more strict controls on higher risk suppliers.
Difference
ISO 13485 promotes a more comprehensive risk-based approach to supplier management, whereas CFR 21 Part 820 focuses on a more universal approach to implementing purchasing controls to ensure conformance to specifications.
FDA’s Update to QSR
Recognizing the need for global harmonization, the FDA is updating CFR 21 Part 820 to align more closely with ISO 13485. This alignment aims to reduce the regulatory burden on manufacturers by streamlining compliance requirements. The proposed updates include:
1. Incorporation of Risk Management Principles:
The updated CFR 21 Part 820 will integrate risk management concepts more explicitly, similar to ISO 13485, emphasizing the importance of identifying and controlling risks throughout the product lifecycle.
2. Enhanced Supplier Controls:
The revised regulation will adopt a more comprehensive approach to supplier management, reflecting ISO 13485’s emphasis on supplier evaluation, selection, and monitoring.
3. Streamlined Documentation Requirements
The FDA intends to align documentation and record-keeping requirements with ISO 13485 to facilitate easier compliance for manufacturers operating in multiple markets.
4. Harmonized Design Controls
The updated CFR 21 Part 820 will incorporate design and development requirements that mirror those of ISO 13485, promoting a consistent approach to design controls.
5. Global Compatibility
By aligning with ISO 13485, the FDA aims to enhance the global compatibility of U.S. regulations, making it easier for international manufacturers to enter the U.S. market and for U.S. manufacturers to comply with international standards.
Summary
Understanding the differences between ISO 13485 and CFR 21 Part 820 is crucial for medical device manufacturers aiming to ensure compliance and maintain high-quality standards in the US and wider international markets. While ISO 13485 provides an international framework focusing on risk management and flexibility, CFR 21 Part 820 offers a prescriptive approach specific to the U.S. market.
The FDA’s ongoing efforts to align CFR 21 Part 820 with ISO 13485 reflect a significant step towards global harmonization. These updates will streamline compliance, reduce regulatory burdens, and enhance the global competitiveness of medical device manufacturers.
As the regulatory landscape evolves, staying informed about these changes is essential. By understanding and adapting to these standards, manufacturers can ensure their products meet the highest quality and safety standards, fostering trust and reliability in the global medical device industry.
FAQs
ISO 13485 is an international standard for Quality Management Systems (QMS) specific to medical devices, while 21 CFR Part 820 is the FDA’s Quality System Regulation (QSR) governing medical devices in the United States.
- ISO 13485: Focuses on globally harmonized QMS requirements for medical devices.
- 21 CFR Part 820: Enforces regulatory requirements for devices sold in the US market.
Key insight: While they overlap in many areas, ISO 13485 is voluntary unless required by specific regulations, whereas 21 CFR Part 820 is mandatory for US market access.
No, but they are closely aligned. Both emphasize quality management for medical devices but differ in focus:
- ISO 13485: Geared towards general medical device QMS, emphasizing global applicability and harmonization.
- 21 CFR Part 820: A regulatory requirement with specific directives for FDA compliance, including premarket and postmarket considerations.
Pro tip: Compliance with ISO 13485 often makes it easier to meet 21 CFR Part 820 requirements, but it does not guarantee FDA approval.
Both frameworks share core principles, including:
- Documented QMS: Requirement for structured quality systems.
- Risk Management: Integration of risk-based approaches to processes and product development.
- Design Controls: Comprehensive design and development processes.
- Supplier Management: Oversight of suppliers to ensure quality.
- Complaint Handling: Procedures for addressing complaints and adverse events.
- Post-Market Surveillance: Monitoring device performance after commercialization.
Key takeaway: Manufacturers targeting both global and US markets can leverage the overlap to streamline compliance efforts.
Some notable differences include:
Aspect | ISO 13485 | 21 CFR Part 820 (QSR) |
---|---|---|
Scope | International standard | US-specific regulatory requirement |
Focus | General QMS for global compliance | Specific to FDA regulations |
Risk Management | Emphasized but less prescriptive | Embedded in device design controls |
Flexibility | Provides general guidelines | FDA enforces strict compliance |
Terminology | Uses terms like “validation” | More regulatory-specific terms like “verification” |
Key insight: ISO 13485 is more flexible and adaptable, while 21 CFR Part 820 is highly prescriptive for FDA compliance.
No, ISO 13485 certification is not a substitute for compliance with 21 CFR Part 820. However, the FDA recognizes ISO 13485 as a harmonized standard and is working towards aligning the QSR with ISO 13485.
Pro tip: Manufacturers planning to market devices globally should implement ISO 13485 alongside compliance with 21 CFR Part 820.
Yes! Patient Guard provides expert support for both frameworks, including:
- Developing ISO 13485-compliant Quality Management Systems.
- Aligning existing systems with 21 CFR Part 820 requirements.
- Preparing for FDA inspections and ISO audits.
- Training teams on regulatory differences and best practices.
Why choose Patient Guard: With experience supporting over 500 manufacturers, we help streamline compliance for both US and global markets, ensuring seamless regulatory approvals.
Resources
- Quality Assurance Templates
- Patient Guards QMS Services ISO 13485
- Patient Guards QMS Services CFR 21 Part 820