Key Components of a Quality Management System that Meets US FDA and EU Requirements
Key players in the quality management process
We’ve established that, as a medical device company, you need to implement a QMS and be in compliance with FDA 21 CFR Part 820 and/or ISO 13485:2016. As we have noted before, ISO 13485 is not required in most parts of the world but certainly is the “de facto” means of meeting QMS requirements in many countries. Let’s talk about the entities with a role in maintaining, auditing, and certifying quality systems, starting with the US.
US FDA and CDRH
Within the Food and Drug Administration (FDA) is the Center for Devices and Radiological Health. This division – commonly known as CDRH – oversees the regulation of most medical devices that do not have a pharmaceutical or biological component. When you register your company with the US FDA (establishment registration usually is done when you also register your first device), you will be on the “radar” of CDRH inspectors. As we mentioned earlier, FDA conducts its own inspections and holds the legal authority to prevent or stop companies from selling their products in the US market.
European Notified Bodies
Competent Authorities to conduct inspections of medical device manufacturers. You’ll find them listed in the NANDO database. Even though Notified Bodies are not government agencies, they do have the power to grant or deny ISO certification and/or CE Marking for your device. In Canada, these are called Registrars, but nearly all Registrars are also Notified Bodies. Under the new MDSAP scheme, Registrars are referred to as Auditing Organizations.
If you are studying medical device quality management system compliance, you also might run across the terms Authorized Representative (Europe), Sponsor (Australia), D-MAH (Japan), and US Agent. If you are a US company selling in Europe, for example, and you don’t have a local office there, you need to appoint a regulatory representative in that country (or countries). Regulatory representatives don’t really play a role in the management or inspection of your quality system, but Notified Bodies will most certainly check to make sure you have one during their audits.
Developing your QMS
If you are wondering where to start in putting together a quality management system for your organization, here are the basic phases.
A Quality Management System Is Evolutionary, Not Revolutionary
While regulatory imperative is the driving force behind the creation of a quality management system, the QMS is most certainly not a set of procedures that get stored on a hard drive only to be opened when inspectors arrive. If you are doing things correctly, your QMS should help your business to be successful and evolve over time. Processes will be added, refined, or eliminated. The QMS should be built using a process approach (thus enabling the organization to plan processes and their interactions) and incorporate a risk-based approach and the PDCA cycle.
The PDCA cycle enables your organization to ensure that its processes are resourced adequately, managed in practice, and analyzed for improvement opportunities that may be acted upon.Coupling a risk-based approach with your process management activities enables your organization to determine the factors that could cause your processes and QMS to deviate from the planned results.
You can think of it using this simple analogy: your process approach is peanut butter and your risk-based approach is jelly. Taken separately, they are quite delicious albeit very different. When put together, they coalesce into something magical. Okay, so maybe that’s a bit too dramatic, but coupling these two approaches will definitely help your organization put preventive measures in place to minimize negative outcomes.
Want to learn more about medical device quality management systems?
In our third and final blog post in this series, we will take a look at your most important obligations in ISO 13485:2016 and the US FDA QSR, focusing on five key areas. Also, if you are interested in really taking a deep dive into QMS compliance, check out the Oriel STAT A MATRIX three-day training class: Quality Systems for Medical Devices: FDA’s QSR and ISO 13485:2016