ISO 13485 + FDA QSR: Building a Harmonized Quality System

Pacific Certifications
4 min read
ISO 13485 + FDA QSR: Building a Harmonized Quality System

Introduction

The pharmaceutical and medical device industries are highly regulated to ensure their products are safe and success full. Although ISO 13485 provides a global standard for quality management systems, FDA QSR is regulatory specific for medical device regulation in the United States. While both standards aim for similar objectives - product safety, product quality, and regulatory compliance - the standards vary in their requirements and expectations.

To ensure adherence to QSR ISO 13485 as well as FDA QSR, organizations should align ISO 13485 with FDA QSR to operate the same processes and documentation to support both international and U.S. regulatory requirements and to provide a smooth process for managing quality. An organization that specializes in medical devices to be successful across multiple markets from the U.S. to Europe and beyond will need a harmonized quality management system.

If you are a manufacturer and can build a harmonized quality management system (QMS) to ISO 13485 and FDA QSR, then your responsibility to ensure a product's compliance globally, operating smoothly and product safety is improved. This article will explain how organizations are capable of harmonising these frameworks and will provide considerations for areas of risk management, biological evaluation and integration alongside other standards e.g. ISO 9001.

Explore how QMSR–ISO 13485 harmonization affects your quality system: Consider where your current procedures, records, and controls already align with ISO 13485 and where legacy QSR practices may need updating.

ISO 13485 vs EU MDR: Compliance Checklist

The EU Medical Device Regulation (MDR) sets forth stringent requirements for medical device manufacturers within the European Union. Below is a comparison of QSR ISO 13485 and EU MDR, helping manufacturers understand the similarities and differences between the two frameworks.

Aspect

ISO 13485

EU MDR

Scope

Applies to medical device manufacturers globally, focusing on quality management systems for medical devices.

Applies to manufacturers of medical devices and in-vitro diagnostic devices placed on the EU market.

Regulatory Authority

International standard governed by ISO.

Governed by European Union authorities.

Risk Management

Focuses on risk management for product design, production, and post-market activities.

Requires overreaching risk management integrated throughout the product life cycle, including clinical evaluations.

Post-Market Surveillance

Includes requirements for monitoring and reporting device performance post-market.

Requires extensive post-market surveillance, vigilance reporting, and post-market clinical studies.

Clinical Evaluation

Clinical evaluation requirements are addressed, but not as prescriptive as EU MDR.

Requires detailed clinical evaluation and post-market clinical follow-up.

Technical Documentation

Requires detailed technical documentation for design and production processes.

Requires extensive technical documentation covering product life cycle, including risk assessments and clinical evaluation data.

Notified Body Involvement

Not mandatory for ISO certification; only required in specific instances by regulatory bodies.

Mandatory involvement of a notified body for conformity assessments and CE marking.

Risk Management Under ISO 14971 for Pharma Combination Products

ISO 14971 is a key standard for risk management in medical devices, and it also applies to pharma combination products—those that integrate pharmaceuticals with medical devices. Success full risk management is essential for ensuring the safety and functionality of these combination products, which may include drug-delivery devices, inhalers and diagnostic equipment.

Risk Management Under ISO 14971 for Pharma Combination Products

  1. Recognizing possible risks related to the device and the pharmaceutical components. This can include biological risks, device failure, or risks associated with exposure to chemicals.

  2. Assessing the likelihood and severity (harm) of each risk, and determining if it is acceptable.

  3. Identifying measures to mitigate or eliminate the identified risks - this can include design changes, better labelling or improved safety gadgets.

  4. Monitoring the products' performance after it has been released to capture any new risks or problems that might emerge, and respond to the issues quickly.

For assistance, contact us at support@pacificcert.com

ISO 10993 Biological Evaluation: What SMEs Miss?

ISO 10993 provides the necessary guidelines for the biological evaluation of medical devices. The standard is critical in ensuring that the materials used in devices do not pose a risk to patient health. For small and medium-sized enterprises (SMEs), understanding the full scope of ISO 10993 is essential to ensuring product safety and regulatory compliance.

What SMEs Miss in ISO 10993

Common mistakes that SMEs make when applying ISO 10993 include:

  • Biological risk assessments of all materials in contact with the body, including packaging materials, are often not performed by SMEs.

  • When SMEs fail to conduct biological assessments (cytotoxicity, irritation, sensitization, etc.) necessary for required biological testing they become noncompliant to regulatory frameworks and will not achieve the ultimate goal of bringing safe products to market.

  • SMEs overlook the evaluation of biocompatibility for all materials, and not just materials in direct contact with the body, can introduce unknown risks.

  • Regional variation exists in biological testing and evaluation requirements which may bubble up when SMEs make design decisions for global markets.

21 CFR Part 820 Alignment with ISO 13485:2024 Revision

21 CFR Part 820 provides the FDA Quality System Regulation (QSR) for medical device manufacturers in the United States, and QSR ISO 13485:2024 is the international standard for medical device quality management. For manufacturers to understand and integrate these two frameworks is critical to be able to sell to customers in both U.S. and international markets. Both the frameworks require document control in order to ensure a quality management system or process is adequately documented and the documents are tracked through any changes to the intended audience. Both also have a requirement for a corrective and preventative action system required of manufacturers to address any nonconformities and potentially have better quality or prevent recurrences

Audit Readiness Toolkit for Medical Device Startups

For medical device entrepreneurs, maintaining audit readiness is key to understanding that their quality systems meet the regulators and the quality management systems be able to pass external inspection audits. An Audit Readiness Toolkit can provide help to the entrepreneur for preparing for and managing audits from regulators, certification organizations or external clients.

Best practice, ready-to-use templates for developing and managing evidence of quality systems documentation, such as SOPs (Standard Operating Procedures), work instructions and records of product testing and validation. A overreaching checklist to include every required element of ISO 13485, FDA QSR and others for a complete set during audits, to ensure nothing is left out of the audits. Training in audit procedures for employees, so they will be prepared to answer questions and supply paperwork when required in audits.

Contact Us

Pacific Certifications can assist your organization in navigating the ISO 13485 certification process and aligning it with FDA QSR and other relevant regulatory frameworks. Our team of experts will guide you through building a harmonized quality system that ensures product safety and regulatory compliance.

If you need support with ISO 13485 and FDA QSR, contact us at support@pacificcert.com.

Author: Alina

Read More at: Blogs by Pacific Certifications

Pacific Certifications
ISO 13485 + FDA QSR: Guide to a Harmonized Quality System
ISO 13485:2016
FDA QSR
FDA
QSR
MEDICAL DEVICES COMPLIANCE

Frequently Asked Questions

What does it mean that ISO 13485 is now harmonized with the FDA’s quality system rules?
It means the FDA has updated its Quality System Regulation into a new Quality Management System Regulation that formally aligns U.S. medical device quality requirements with ISO 13485:2016 while keeping some FDA-specific obligations.
What is QSR and what is QMSR in the U.S. medical device context?
QSR is the legacy FDA Quality System Regulation under 21 CFR Part 820, while QMSR is the new rule that replaces it by incorporating ISO 13485 requirements and modernizing terminology, structure, and inspection expectations.
Does harmonization mean ISO 13485 certification is now mandatory for FDA compliance?
No, manufacturers must comply with QMSR, which references ISO 13485, but formal ISO 13485 certification by a third-party body is still not legally required for U.S.-only device manufacturers.
How does the new harmonized framework benefit medical device companies?
It reduces duplication between FDA and international quality requirements, makes it easier to use one global QMS, and streamlines compliance for companies that market devices in both the U.S. and other regulated markets.
What are the main areas where ISO 13485 expectations are stronger than the old QSR?
ISO 13485 places greater emphasis on lifecycle risk management, documented design and development controls, supplier management, customer feedback, training, and evidence of management’s active involvement in the QMS.
Will FDA inspections change under QMSR aligned with ISO 13485?
Yes, inspections will move from a subsystem-focused model to a more system-based approach that looks at how processes interact, with more ISO-style terminology and a greater focus on risk and overall QMS effectiveness.
What should ISO 13485‑certified companies do to get ready for QMSR?
They should map their existing ISO 13485 QMS against the new QMSR rule, identify any FDA-specific gaps (such as certain record and reporting expectations), update procedures, and ensure staff understand the new terms and inspection focus.
What should FDA‑regulated companies that followed only QSR do now?
They need to familiarize themselves with ISO 13485 clauses, update their quality manual and procedures to align with ISO structure and terminology, strengthen risk management and supplier controls, and train teams on the harmonized requirements.
Does harmonization change how design, production, and post‑market activities are managed?
It reinforces an integrated, lifecycle approach where risk management, design controls, production controls, and post‑market surveillance all link together within one coherent quality management system.
How can aligning with both ISO 13485 and QMSR help globally focused manufacturers?
A single harmonized QMS can satisfy FDA expectations and international regulators at the same time, simplify audits by customers and notified bodies, and improve speed to market in multiple countries.
Pacific Certifications

Pacific Certifications

Looking for ISO Certification? Get in touch now!

Pacific Certifications

Pacific Certifications is an independent, internationally recognized certification body providing third-party audit and certification services for management system standards such as ISO 9001, ISO 14001, ISO/IEC 27001, ISO 45001, and other ISO standards. We also provide product certification services and training and personnel certification programs designed to support organizational and professional competence.

Visit Site

Previous Post

Designing for Circularity: ISO 59000 Series & EPR Laws

Next Post

From Digital Twins to 5G: ISO 23247 & 20140 for Industry 4.0
Pacific Certifications

Pacific Certifications

Looking for ISO Certifications? Get in touch now!