US proposal to align with ISO 13485 hits the press

Proposed rule harmonises US Quality System Regulation with international standard for medical device Quality Management Systems

The US Food and Drug Administration (FDA) has published its proposed rule to align the US medical device quality system  regulation, 21 CFR Part 820, with ISO 13485 – Medical devices – Quality Management Systems – Requirements for regulatory purposes.  This alignment was first proposed in May 2018. Several deadlines for publication of the draft rule were not met, but the proposed rule is now available.  

The stated intention of this initiative is to align more closely with the international consensus standard for devices by converging with the quality management system (QMS) requirements used by regulatory authorities from other jurisdictions. This would be achieved by incorporating the 2016 edition of ISO 13485 by reference in the regulation. The draft rule proposes additional requirements to align with existing expectations in the Federal Food, Drug, and Cosmetic Act (FD&C Act), and its implementing regulations, and amend the Code of Federal Regulations to clarify the device CGMP requirements for combination products. It is proposed that the title of the regulation would become Quality Management System Regulation (QMSR).

The FDA indicates that current US regulation and ISO 13485 are substantially similar but note that ISO 13485 has a greater emphasis on risk management activities and risk-based decision making.  The current US regulation explicitly addresses risk management activities only in the risk analysis requirement within design validation, whereas risk management is more broadly integrated across the device lifecycle in ISO 13485.

The proposed rule does indicate that the FDA wishes to include additional definitions, clarifying concepts, and additional requirements, all of which would require to be integrated within a manufacturer’s QMS in addition to the requirements of ISO 13485. Generally, the changes are intended to ensure consistency with the FD&C Act. The proposed changes include:

• The definitions of terms in the FD&C Act (21 U.S.C. 321) supersede the definitions in ISO 13485. This is consistent with the approach in Europe where the European Annex Z of EN ISO 13485 indicates that the definitions in the European regulations take precedence when definitions in the standard differ.
• Where ISO 13485 refers to “applicable regulatory requirements”, explicit reference to the FDA requirements will be included.
• Where ISO 13485 refers to “safety and performance”, this should construed to mean the same as “safety and effectiveness” as used in the FD&C Act.
• Inclusion of signature and date requirements for records.
• Requiring inclusion of information for Medical Device Reporting in complaint and servicing records.
• Specifically addressing the inspection of labelling by the manufacturer.

The FDA has been accepting ISO 13485 QMS audit reports from manufacturers under the Medical Device Single Audit Program (MDSAP). However, the FDA has noted three points regarding their inspection policy:

• FDA inspections will not result in the issue of ISO 13485 certificates of conformity;
• Manufacturers already certified to ISO 13485 will still undergo FDA inspections for US market registration.

• There are no plans for the FDA to develop an ISO 13485 certification programme;

Any final rule based on this proposal is intended to become effective one year after the date of publication of that final rule in the Federal Register.

Manufacturers will want to follow the progress of this proposed rule through the legislative process in Washington DC.