October 14, 2016

It’s time to get your compliance programs in order to meet some looming international regulatory compliance demands, experts including former Food and Drug Administration officials say. Having a firm grip on quality management (QMS) processes – especially document management and change control – will be critical to comply with such a disparate group of regulations working with so many regulatory bodies.

These new regulations and others already on the books reemphasize the importance of having an automated QMS with integrated quality processes tailored to the increasingly complex demands of medical device regulatory compliance. The first new international regulatory challenge, ISO 13485:2016 lays out the requirements of a quality management system so an organization can provide medical devices and related services that consistently meet customer and applicable regulatory requirements.

What is ISO 13485:2016?

Medical device companies can be involved in one or more stages of a product’s life-cycle, including design and development, production, storage and distribution, installation, or servicing of a medical device and design and development or provision of associated activities (e.g. technical support). ISO 13485:2016 can also be used by suppliers or external parties that provide a product, including quality management system-related services to these organizations.

Requirements of ISO 13485:2016 are applicable to organizations regardless of their size and type except where explicitly stated, the regulators pointed out. Wherever requirements are specified as applying to medical devices, the requirements apply equally to associated services as supplied by the company. ISO 13485:2016 requires that processes that are applicable to the organization, but are not performed by the said organization, are still its responsibility and are accounted for in the organization’s quality management system by monitoring, maintaining, and controlling the processes.

Meeting a Tough New Regulatory Requirement

“You might not want to do this project, but if you’re marketing pretty much anywhere in the major countries or jurisdictions of the world, [ISO] 13485 is—in some way, shape or form—a requirement, and we have to learn how to deal with it,” the Food and Drug Administration’s (FDA) former associate director for international affairs at the agency’s Center for Devices and Radiological Health (CDRH) Kim Trautman said at a recent RAPS conference.


If you make or are otherwise active in the delivery of a medical device, you’re probably going to have to deal with this sooner rather than later. She’s just one of many offering this advice. Meantime, Meddev regulatory teams have a second international challenge knocking on their door.

The International Medical Device Regulators Forum’s single-audit program is expected to be fully implemented by 2019; however, companies should already be focusing on their internal auditing processes.

The goal of the Medical Device Single Audit Program (MDSAP) is to allow a single regulatory audit of a medical device manufacturer’s quality management system in order to satisfy the needs of the applicable regulatory agencies. The latest developments and insights into the program have made the rounds on social media as well, with top industry publications and stakeholders emphasizing the importance of hopping on board now:

The Future is Now for Single-Audit

The MDSAP Pilot began in January 2014 and the transition to full implementation of the program is slated for next January, according to Fabio Pereira Quintino, Chairperson, MDSAP Regulatory Authority Council. It’s moved along smoothly and there’s no reason to think it won’t continue to hit its deadlines.

Put bluntly, Meddev procrastinators shouldn’t count on deadlines being pushed back much, if at all. MDSAP enables medical device manufacturers to contract with an authorized third-party Auditing Organization to conduct a single audit of the medical device manufacturer that satisfies any regulatory authority for a market in which they operate.

It’s important to keep in mind that the FDA is taking MDSAP seriously. The agency “recognizes MDSAP audit reports as a substitute for FDA Establishment Inspection Reports,” FDA’s Carl Fischer said in a Sept. 29 announcement. Fischer is Director of the Division of International Compliance Operations, Office of Compliance, CDRH. Other regulatory authorities participating in the program include those in Australia, Brazil, Canada, and Japan.

Finally, we can’t emphasize enough that this is not the time to get complacent. While FDA has a habit of letting some guidances and directives drag on an on – 21 CFR Part 11 anyone? – it appears both of these international regulatory harmonization efforts are here to stay.

The good news is that they offer real efficiencies for companies that learn how to understand and comply. Companies with a clear regulatory strategy and strong document control are in the driver’s seat.

How Strong is Your QMS Program? Meddev Rules