Medical Device QMS: What It Is, Where It’s Required, and Key Regulations to Know.

 If you are in the medical device field, you must be aware of the word QMS (Quality Management system) for Medical Device. However, detailed knowledge with right interpretation of compliance requirement is must. Each clause needs to be understood with usual approach of what, where why and how. Each must be answered without any ifs and buts.

ISO 13485 is universal international standard which describes all elements of QMS for medical device. This is followed in Europe, Canada and Australia and other countries except USA. USA follows its own standard 21CFR part 820. Though Brazil and Japan have their own standard but those are based on ISO 13485 and FDA QSR.  ISO 13485 is standard for QMS documentation for medical devices

Apart from this Europe also had MEDDev regulation which is now got replaced with MDR which also describes certain special requirements. This regulation is also must for compliance if you want to enter European market.

For USA 21 CFR part 620 compliance is must. There is process of 510 K application route. Though for class I and Class II devices US FDA regulatory will not seek to see documentation as precondition as they do random audit and if your firm is not ready for the audit, you will fail the audit and consequences are very serious.

Similarly for Europe now CE mark is precondition for distribution. CE mark other than for class I, non-sterile, non-reusable, non-measuring medical devices requires proof of compliance of certain general condition for manufacturer mentioned in Article 10 and Annex IX, confirmatory assessment based on QMS, and technical documentation based on new medical device regulation called EU MDR. One can have compliance to article 10 and annex IX is to get third party certification for ISO 13485. This can be achieved through audit by notified bodies. One can also have other approach also to get EU QMS requirement, including what is mentioned in annex X (confirmatory assessment based on type examination) and annex XI (Confirmatory assessment based on product confirmatory assessment)

Let’s just refresh elements described in ISO 13485and EU MDR requirements.

ISO13485-2016 elements:

Management Responsibilities: Review, inspection readiness and internal audit are essential, and resources needs to be provided for system.

Resources: involves personnel competency, infrastructure needed and work environment.

Process and production control: Customer requirement, Managing supplier control and identification and traceability throughout the process.

Design Control: Involves risk management, managing input/output and conducting verification and validation.

Change Management: Change is part of life but must be managed well through processes. Change involves design change, QMS and due to changes risk also changes hence need review of that too.

Corrective and Preventive action: This tool is very essential of QMS. Eliminating all nonconformities found during various audits, thus improving QMS and verification of effectiveness, are achieved using this tool.

Product surveillance: Complaint handling not only for customer satisfaction but also for self improvement, risk monitoring and vigilance are important to continuously monitor the products in the market.

One need to have all written documentation for people to follow. This is also covered in QMS as document and data control which involves generation, preservation, controlled distribution.

During all audits these documentation and actual executions are verified and checked whether they meet all regulations prescribed.

EU MDR Requirements: Considering all major compliance points, followings are worth noting and acting.

1.      Re-classification based on risk profile. Only for class I self-assessment is valid.

2.      For Class 2a, Class 2b and class III notified body approval is needed.

3.      For IVDR only Class A can be accepted on self-assessment while Class B, C& D requires notified body approval.

4.      Conformity assessment is essential based on that CE mark need to be taken.

5.      Even for conformity assessment like classification, notified body approval is needed. In some cases, even for Class I and Class A case also notified body approval will be needed if parts of manufacturing process seals in sterility or meteorology.

6.      Annex IX, X and XI need to be referred for conformity assessment.

7.      CE marking requires UDI-DI assignment and provide the same to UDI-DI data base.

8.      Manufacturer and supplier of medical devices will have to register in EUDAMED, upload relevant documentation, apply for clinical investigation and performance studies.

9.      Carry out post market surveillance documentation and upload in EUDAMED.

10.  Manufacturers need to have at least one person for regulatory compliance.

11.  Need to have authorised representative if manufacturer is outside member states.

12.  PSUR (Periodic safety summary report comprising of results of post market surveillance.

13.  PMCF/PMPF Post market clinical follow up/performance evaluation follow up.

14.  Vigilance requirement: Reporting of serious incident, Voluntary and mandatory reporting and trend reporting.

With involvement of many such regulatory bodies and continuous monitoring and reporting one need to have very strong compliance system but to establish the same expert team with experience is needed. MDR consultant is highly recommended to have all items first time right.

IZiel covers all the product-specific requirements for all components, manufacturing processes, verification & validation alongwith corrective and preventative actions (CAPA) for assessing customer satisfaction, product non-conformance, assessing and improving quality policies and procedures, carrying out and assessing the results of internal audits, and implementing systems for continuous improvement.

IZiel works with clients to make the QMS simple yet effective and flexible to allow changes to keep up with the changing regulatory requirements.