Your Champion for Product Success

Client Login

21 CFR 820 for QSR is a US regulation- not an option

These days we read a lot about the US FDA “incorporating” ISO 13485. The US Food and Drug Administration proposed a rule in early 2022 to harmonize its medical device quality management system (QMS) regulation, 21 CFR Part 820, to the ISO 13485 QMS standard. It has not happened yet! Too many folks are over interpreting the FDA intentions; assuming that if their company complies with ISO 13485:2016 they are home free with the FDA.

But the key word is HARMONIZE. There is also discussion of CONVERGENCE. We’ve seen reports that FDA has accepted ISO 13485 audit reports from manufacturers who are under the MEDICAL DEVICE SINGLE AUDIT PROGRAM (MDSAP), but that is a different arrangement altogether. https://www.fda.gov/medical-devices/cdrh-international-programs/medical-device-single-audit-program-mdsap. So, if you have an ISO 13485 certification from an ISO Registrar, that is all you have: it is NOT a E-ticket to FDA compliance inspections! https://en.wikipedia.org/wiki/E_ticket

Harmonization goals have floated since the ISO 13485 evolved from the original ISO 9000. Year by year and little by little the two philosophies of quality have moved towards one another, with the most changes coming through the ISO 13485 versions. But 21 CFR is a regulation and is not likely going away since it is a manner of executing a federal law. https://www.fda.gov/medical-devices/postmarket-requirements-devices/quality-system-qs-regulationmedical-device-good-manufacturing-practices#:~:text=The%20quality%20systems%20for%20FDA,Cosmetic%20Act%20(the%20act). Thus, it would literally take an Act of Congress to allow FDA to abrogate its authority for Quality Systems.

Even after the so-called harmonization takes place, the FDA will retain its inspection authority. A few of the most important differences between the two approaches to quality management include the structure of the management of design changes to a Class II marketed medical device, complaint management and product controls. ISO 13485:2016 8.2.1 refers to “feedback” (instead of the term “complaints”) and says to use the information as part of a risk management monitoring program. But §820.198 Complaint File regulations are detailed and particular in the manner of handling complaints. Historically FDA has begun an inspection by asking to see the company’s complaint files.

FDA will sometimes consider the corrective action records very carefully during an inspection. Whereas 21 CFR has more detailed instruction on how to handle a “nonconformance” many interpretations of ISO 13485:2016 Section 8.5.2 have the company “opening a CAPA” too quickly. Often then with too many CAPA in play a company may overlook “closing” the CAPA with results from an effectiveness check, which is called for by FDA in Section 820.100(4) and ISO 13485:2016 8.5.2(f). Thus, although there are many similarities between the regulation and the standard, it is the evidence of the execution of compliance that matters most during an FDA inspection.

As FDA seeks to harmonize the differences, it is even more critical that any company, regardless of the location of the company that puts a medical device into interstate commerce in the USA, must be able to show compliance to ALL aspects of 21 CFR 820, AND a host of other FDA regulations. 21 CFR 803 (known as Adverse Event reporting (which differs from other countries), 21 CFR Part 11- Electronic Records, Recalls (according to 21 CFR 7, or 21 CFR 810, and 21 CFR 806) not to mention the annual requirement for Registration and Listing according to 21 CFR 807, not part of CFR 820, are nevertheless subject to FDA inspection and need to be part of any US quality compliance records. are all subject to FDA field inspection.

Paladin Medical®, Inc. can help you identify the quality system differences to help to assure compliance with US Quality System regulations; both now and if a harmonized regulation does eventually appear. We can do this with cross reference to ISO 13485:2016 and help you to communicate your US compliance methods to your ISO auditor and FDA inspector. You don’t need to compromise compliance to either system. You MUST meet US FDA regulations to market a medical device in the USA, but to take advantage of MDSAP you also need command and control for ISO 13485:2016—or whatever standard year it will become next.

To remember another great American icon: Yogi Berra, It ain’t over till it’s over.

Paladin Medical University of Kentucky Department of Biomedical Engineering Paladin Medical Society for Biomaterials Paladin Medical Regulatory Affairs Certification Paladin Medical American Institute for medical and Biological Engineering