The Leaders in Quality and
Regulatory Training & Consulting

Let's get started

Jun 27, 2018

Key Components of a Quality Management System that Meets US FDA and EU Requirements

This is blog post 2 of 3 in our series on Medical Device Quality Management Systems. In our previous post we talked about the basics of why medical device companies need to implement a QMS and the rules dictating these requirements. In this post we will talk more about key players and stages in the process. We’ve combined all three posts into one easy-to-read white paper, plus added some extras. Download it here.

Key players in the quality management process

We’ve established that, as a medical device company, you need to implement a QMS and be in compliance with FDA 21 CFR Part 820 and/or ISO 13485:2016. As we have noted before, ISO 13485 is not required in most parts of the world but certainly is the “de facto” means of meeting QMS requirements in many countries. Let’s talk about the entities with a role in maintaining, auditing, and certifying quality systems, starting with the US.


Within the Food and Drug Administration (FDA) is the Center for Devices and Radiological Health. This division – commonly known as CDRH – oversees the regulation of most medical devices that do not have a pharmaceutical or biological component. When you register your company with the US FDA (establishment registration usually is done when you also register your first device), you will be on the “radar” of CDRH inspectors. As we mentioned earlier, FDA conducts its own inspections and holds the legal authority to prevent or stop companies from selling their products in the US market.

European Notified Bodies

Competent Authorities to conduct inspections of medical device manufacturers. You’ll find them listed in the NANDO database. Even though Notified Bodies are not government agencies, they do have the power to grant or deny ISO certification and/or CE Marking for your device. In Canada, these are called Registrars, but nearly all Registrars are also Notified Bodies. Under the new MDSAP scheme, Registrars are referred to as Auditing Organizations.

If you are studying medical device quality management system compliance, you also might run across the terms Authorized Representative (Europe), Sponsor (Australia), D-MAH (Japan), and US Agent. If you are a US company selling in Europe, for example, and you don’t have a local office there, you need to appoint a regulatory representative in that country (or countries). Regulatory representatives don’t really play a role in the management or inspection of your quality system, but Notified Bodies will most certainly check to make sure you have one during their audits.

Developing your QMS

If you are wondering where to start in putting together a quality management system for your organization, here are the basic phases.

QMS Workflow

A Quality Management System Is Evolutionary, Not Revolutionary

While regulatory imperative is the driving force behind the creation of a quality management system, the QMS is most certainly not a set of procedures that get stored on a hard drive only to be opened when inspectors arrive. If you are doing things correctly, your QMS should help your business to be successful and evolve over time. Processes will be added, refined, or eliminated. The QMS should be built using a process approach (thus enabling the organization to plan processes and their interactions) and incorporate a risk-based approach and the PDCA cycle.

PDCA Cycle

The PDCA cycle enables your organization to ensure that its processes are resourced adequately, managed in practice, and analyzed for improvement opportunities that may be acted upon.Coupling a risk-based approach with your process management activities enables your organization to determine the factors that could cause your processes and QMS to deviate from the planned results.

You can think of it using this simple analogy: your process approach is peanut butter and your risk-based approach is jelly. Taken separately, they are quite delicious albeit very different. When put together, they coalesce into something magical. Okay, so maybe that’s a bit too dramatic, but coupling these two approaches will definitely help your organization put preventive measures in place to minimize negative outcomes.

Want to learn more about medical device quality management systems?

In our third and final blog post in this series, we will take a look at your most important obligations in ISO 13485:2016 and the US FDA QSR, focusing on five key areas. Also, if you are interested in really taking a deep dive into QMS compliance, check out the Oriel STAT A MATRIX three-day training class: Quality Systems for Medical Devices: FDA’s QSR and ISO 13485:2016

Our team is here to help. Contact us online


Get answers right now. Call

US OfficeWashington DC


EU OfficeCork, Ireland

+353 21 212 8530