Compared to the earlier version of ISO 13485, eleven clauses have significantly changed in the 2016 edition of the ISO 13485. With this short article, you have a comparison of how these changes relate to FDA 21 CFR Part 820.
1. ISO 13485:2016 Clause 4 Quality Management System & 4.1 General Requirements
ISO 13485 now requires the application of a risk-based approach to establishing and maintaining a QMS.
the FDA 21 CFR Part 820 does not explicitly define risk-based requirements for a quality system in the regulations. However, the interpretation and application of risk-based approaches is consistent with FDA expectation.
2. ISO 13485:2016 Clause 4.2 Documentation Requirements
There are two major updates of this clause in ISO 13485:2016 when compared to the previous version. Those changes relate to protecting confidential health information and requirements to address deterioration and loss of documents.
Documentation control and records management are foundational requirements of FDA Part 820. The ISO 13485 requirements are now more in line with expectations as defined in FDA 21 CFR 820.5 Quality System, 820.40 Document Controls, and 820.180 Records.
3. ISO 13485:2016 Clause 6.2 Human Resources
ISO 13485:2016 requires processes for establishing competence, providing needed training, and ensuring awareness of personnel be defined and documented.
The FDA defines regulations for personnel and training in 820.25.
The ISO 13485:2016 addition is above and beyond FDA Part 820 and a great inclusion.
4. ISO 13485:2016 Clause 7.2 Customer-Related Processes
ISO 13485:2016 adds language regarding communication with regulatory authorities as it relates to product information, customer feedback, complaints, and advisory notices.
This addition relates to parts of the FDA CFR. First, 820.198 defines regulations for complaint files.
FDA also has two other areas of the CFR (technically not in Part 820) which relate and applicable: 21 CFR Part 803 Medical Device Reporting and 21 CFR Part 806 Reports of Corrections and Removals.
5. ISO 13485:2016 Clause 7.3 Design and Development
Historically, ISO 13485:2003 Clause 7.3 Design and Development has aligned very well with FDA 21 CFR 820.30 Design Controls.
ISO 13485:2016 goes further in strengthening this tie and correlation with FDA CFR 820.30. A couple of new items have been added to ISO 13485:2016, as explained below.
6. ISO 13485:2016 Clause 7.3.8 Design and Development Transfer
ISO 13485:2016 includes explicit criteria to describe requirements of transferring a product from design and development to production.
7. ISO 13485:2016 Clause 7.3.10 Design and Development Files
ISO 13485:2016 includes explicit criteria to define requirements for maintaining design and development files.
8. ISO 13485:2016 Clause 7.4 Purchasing
ISO 13485:2016 now explicitly requires:
- Requirements for monitoring and re-evaluating suppliers
- Actions to be taken when purchasing requirements are not met
- Notifications of changes in purchased products
- Purchasing verification activities and requirements
ISO 13485:2016 also requires a focus on supplier selection criteria, including assessment of risks and regulatory requirements
9. ISO 13485:2016 Clause 7.5.8 Identification
ISO 13485:2016 requires documented procedures as it relates to production identification and status throughout all stages of product realization, and references use of unique device identification, where applicable.
10. ISO 13485:2016 Clause 8.2.2 Complaint Handling
ISO 13485:2016 includes here requirements pertaining to complaint handling
11. ISO 13485:2016 Clause 8.2.3 Reporting to Regulatory Authorities
ISO 13485:2016 includes here requirements pertaining to reporting product issues to regulatory authorities